Using OWASP's Kubernetes Cheat Sheet
Deploying Kubernetes on AWS
In the OWASP Cheat Sheet Series, there are 69 cheat sheets available, including a Kubernetes Security Cheat Sheet. It breaks Kubernetes security down into five sections:
- Securing Kubernetes Hosts
- Securing Kubernetes Components
- Kubernetes Security Best Practices: Build Phase
- Kubernetes Security Best Practices: Deployed Phase
- Kubernetes Security Best Practices: Runtime Phase
This is a valuable resource for learning industry standards for Kubernetes configurations, limiting direct access to Kubernetes nodes, and controlling access to the Kubernetes API. If you are deploying Kubernetes in your AWS environment, be sure to utilize the OWASP Kubernetes Security Cheat Sheet. For more information, learn about Kubernetes on AWS and Amazon EKS.
Before you deploy Kubernetes, you should check out the OWASP Kubernetes Cheat Sheet. It is a great resource to utilize their security project in a way to help secure your environment. The cheat sheet is separated into five sections: you’ve got a section on securing Kubernetes hosts, securing Kubernetes components, and then you have three sections of best practices relating to the build phase, the deployed phase, and the runtime phase. By using this cheat sheet, you will learn what some of the best practices are around deploying a secure Kubernetes environment for yourself. If you’re using Elastic Kubernetes service within AWS, then you will want to reference a resource like this to point to an industry standard you have applied to your configuration. It will teach you how to control network access to sensitive ports. It will teach you how to control access to the Kubernetes API. It will show you best practices for using Transport Layer Security (TLS) and API Authentication, implementing role-based access control, restricting access to etcd, and so on. It is a great resource and if you are deploying Kubernetes in your environment, please contact KirkpatrickPrice because we have an audit to check your environment and its configurations against these best practices, so if we can help you with that, please contact us today.