Chapter 19. Security

Kubernetes is a powerful platform for orchestrating cloud native applications. However, under the veneer and polish of the APIs and tooling we know and love lies a large, complex distributed system that requires specific knowledge to secure. Securing Kubernetes is a complex topic that honestly requires its own book; however, there’s so much at stake if you overlook taking the time to understand and implement security best practices that we cover it in brief here. The risk of not securing your Kubernetes clusters and workloads properly is the possibility of exposing your data and resources to hackers, malware, and unauthorized access. We would be remiss not to cover some of the main security areas and provide best practices to help along the way.

Given the complexity of Kubernetes, we recommend breaking the problem down into logical layers where you can focus on specific tooling at each layer. A great way to handle security is to follow the “defense in depth” strategy. This requires the use of multiple security measures at each layer to protect Kubernetes and your workloads. Additionally, keep the principle of least privilege in mind, which states that users and workloads should have access only to what they absolutely need to perform their functions. This all sounds great in theory, but what does it look like in practice? This chapter lays out an approach to bucketing security concerns into layers that will help you focus on the solutions and tooling available ...