Are you ready to set sail with Kubernetes container orchestration? As you navigate through the open-source orchestration layer that manages container-based applications, it’s important to keep security challenges top of mind. In this article, we’ll dive deeper into the security considerations you’ll face when administering Kubernetes clusters and provide guidance on how to implement preventative measures to ensure your container ship stays secure.

Kubernetes can be thought of as an operating system for the cloud, enabling the orchestration of containers that are grouped into Pods and distributed across multiple servers. With the dynamic nature of this setup, containers are constantly spun up and down to meet the varying demands of users and computing resources. The beauty of Kubernetes lies in its portability and extensibility, allowing for scalability and accessibility. However, Kubernetes presents a range of security challenges, one of which stems from the distributed and interoperable nature of containers. This characteristic makes it difficult to maintain security across the infrastructure, as identifying potential risks becomes a challenging and never-ending task. With everything containerized, it can be daunting to itemize all the applications running on Kubernetes and pinpoint the security risks they may pose.

Nevertheless, following a few simple steps can greatly reduce security risks:

Maintain an asset inventory – In today’s constantly evolving IT infrastructure, the cloud is no exception. As a result, it has become crucial to maintaining an up-to-date asset inventory as a fundamental component of any effective security program. Such an inventory forms the foundation of vulnerability and patch management programs, allowing organizations to identify potential vulnerabilities and patch them before they can be exploited.

Assess the risk level of your assets – After creating an asset inventory, it’s important to assess the significance of each asset and prioritize risk assessment efforts accordingly. By doing so, organizations can allocate their resources more effectively and focus on mitigating the most critical risks first. This approach ensures that vulnerabilities are identified and addressed in order of their potential impact, minimizing the risk of any adverse impact on the organization’s overall security posture.

Continuously scan for vulnerabilities – To keep up with the ever-changing cloud infrastructure, incorporate image scanning into your CI/CD pipeline and generate alerts for high-severity vulnerabilities. Additionally, conduct periodic security assessments by experienced penetration testers who specialize in containerized environments. This approach enables organizations to proactively identify and address potential risks, ensuring a robust security posture in the cloud.

Security is a nightmare when it comes to supply chains.

To minimize security risks posed by public image registries and software repositories, use private image registries for container management and business automation. For vendor registries, only use whitelisted sources.

Simplify operating system base images by removing non-essential components like package managers, language interpreters, and compiling tools. This prevents attackers from building offensive capabilities and spreading in your network. Use the latest component versions for added security.

Flat networks – A problem

The default network model in Kubernetes is flat, which means that no network segmentation is present. This can be problematic since every pod can communicate with all other pods, and if a single pod is compromised, it can be exploited by an attacker to move laterally throughout the cluster. This increases the risk of a security breach or data compromise. Therefore, it’s crucial to implement network segmentation and restrict communication between pods as part of a comprehensive security strategy for Kubernetes.

To prevent lateral movement within a Kubernetes cluster, it’s important to use a network plugin that enforces strict network policies, such as Weave Net, Calico, or Kube-router. By configuring which groups of pods can communicate with each other, you can significantly reduce the risk of a security breach.

Additionally, implementing complete separation between Kubernetes clusters can prevent attackers from exploiting any potential vulnerabilities in the network policies to move between network segments.

By default, it’s secure… but don’t be too sure…

Kubernetes default settings prioritize simplicity over security, which creates risks, especially in older versions. To mitigate these risks, adopt the latest Kubernetes updates and configuration guidelines, and regularly review policies and settings.

Kubernetes uses a “hub-and-spoke” API pattern for communication between the Control Plane and the Node components. Therefore, it is crucial to enable proper access and authorization controls for every Kubernetes component’s API to serve as the primary line of defence against security threats.

API Server – The security configuration of the cluster is applied at the point where all other components interact with the cluster’s state store via its REST API. Authentication mechanisms such as client certificates, bearer tokens, and others are used by Kubernetes to authenticated requestors. Once authenticated, the Role-Based Access Control (RBAC) mechanism comes into play, regulating access to resources based on the roles within an organization. RBAC policies are highly configurable, and it is important to review them thoroughly to achieve the principle of least privilege without creating unintended security vulnerabilities.

Etcd – Every entity requiring access to Etcd API must have a unique key pair created.

Kubelet – It is crucial to limit access to the Kubelet read-write and read-only REST API ports. While the read-only port can be disabled to prevent data leakage, the read-write port cannot be fully disabled, and its compromise could result in a takeover of the cluster.

To mitigate this risk, disable unauthenticated or anonymous access to the read-write port and require authentication of all clients using X.509 client certificates or authorisation tokens.

Make sure your nodes are protected.

To prevent one compromised node from jeopardizing the entire cluster, it is crucial to adhere to the principle of least privilege when granting node access rights. This means limiting and monitoring access to host resources and requiring developers to use “kubectl exec” for direct container access instead of SSH.

In addition, it is important to keep the node operating systems up to date with security updates and patches, follow the principle of least privilege when granting access, regularly monitor the system, and conduct periodic security audits to ensure the system remains secure.

Establish boundaries.

To enhance security in Kubernetes, create multiple namespaces and assign resources and accounts accordingly. This approach aligns with Kubernetes’ design philosophy, which emphasizes logical resource separation. Additionally, utilize Kubernetes Authorization Plugins to establish highly granular access control rules for individual namespaces, containers, and operations.

Beware of the cloud metadata.

Cloud platforms often offer metadata services via REST APIs that provide information about an instance, including network and storage details, and temporary security credentials. However, since pods running on an instance can access these APIs, attackers can use these credentials to move within the cluster or even access other cloud services under the same account.

To mitigate this risk when running Kubernetes on a cloud platform, apply network policies to restrict pod access to the metadata API. Additionally, avoid delivering secrets through provisioning data.

Conclusion

Security should not be overlooked in DevOps processes, despite tight deadlines and a perception that it is not a core requirement. Breaches can compromise organizations and grab headlines, highlighting the importance of incorporating security from the start.

Sysdig is a security platform that specializes in containers, Kubernetes, and host security. It is based on open-source technology and prioritizes a Software-as-a-Service (SaaS) approach. One of Sysdig’s key strengths is its seamless integration with existing DevOps tools and workflows, making it an ideal solution for organizations that prioritize both security and efficiency in their development processes.