Chapter 2. Infrastructure Security
Many Kubernetes’ configurations are insecure by default. In this chapter we will explore how to secure Kubernetes at the infrastructure level. Kubernetes can be made more secure through the combination of host hardening to make the servers or VMs Kubernetes is hosted on more secure, cluster hardening to secure the Kubernetes control plane components, and the network security required to integrate the cluster with the surrounding infrastructure beyond the cluster boundary. Please note that the concepts discussed in this chapter apply to self hosted Kubernetes clusters as well as managed Kubernetes clusters
Host hardening includes considering the choice of operating system, avoiding running non-essential processes on the hosts, and host based firewalling.
Cluster hardening covers a range of configuration and policy settings needed to harden the control plane, including configuring TLS certificates, locking down etcd, encrypting secrets at rest, credential ...