Chapter 2. Securing the Cluster

Perhaps it goes without saying, but you don’t want to allow unauthorized folks (or machines!) to have the ability to control what’s happening in your Kubernetes cluster. Anyone who can run software on your deployment can, at the very least, use your compute resources (as in the well-publicized case of “cryptojacking” at Tesla); they could choose to play havoc with your existing services and even get access to your data.

Unfortunately, in the early days of Kubernetes, the default settings left the control plane insecure in important ways. The situation is further complicated by the fact that different installation tools may configure your deployment in different ways. The default settings have been improving from a security point of view, but it is well worth checking the configuration you’re using.

In this chapter, we cover the configuration settings that are important to get right for the Kubernetes control-plane components, concluding with some advice on tools that can be used to verify the deployed configuration.

API Server

As its name suggests, the main function of the Kubernetes API server is to offer a REST API for controlling Kubernetes. This is powerful—a user who has full permissions on this API has the equivalent of root access on every machine in the cluster.

The command-line tool kubectl is a client for this API, making requests of the API server to manage resources and workloads. Anyone who has write access to this Kubernetes API can ...

Get Kubernetes Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.