Rico Komenda

Kubernetes Security Best Practices

Nine out of ten organizations had a container security incident last year. Here's a practical guide to avoid becoming another statistic.

Kubernetes Security Best Practices
#1about 1 minute

The prevalence and impact of Kubernetes security incidents

Most organizations have experienced a Kubernetes security incident in the last year, commonly caused by runtime issues or cluster misconfigurations.

#2about 2 minutes

Applying the 4 Cs model to cloud native security

The 4 Cs model provides a framework for securing the entire stack, from the cloud infrastructure and cluster to the container and code.

#3about 3 minutes

Securing container images against common vulnerabilities

Prevent container breakouts by scanning images for vulnerabilities, using trusted registries, and removing unnecessary dependencies.

#4about 4 minutes

Hardening pods with security contexts and standards

Enhance pod security by running containers as non-root users, disabling privilege escalation, and enforcing policies with Pod Security Standards.

#5about 3 minutes

Implementing the principle of least privilege with RBAC

Use Role-Based Access Control (RBAC) to grant users and service accounts only the specific permissions they need at the namespace level.

#6about 2 minutes

Isolating pod-to-pod traffic with network policies

Restrict communication between pods by default and define explicit allow rules using network policies and CNI plugins like Calico.

#7about 2 minutes

Protecting the critical ETCD datastore from unauthorized access

Secure the cluster's central datastore, etcd, by enforcing TLS communication with the API server and using a separate certificate authority.

#8about 1 minute

Automating policy enforcement with admission controllers

Use tools like Kyverno, Kubewarden, or OPA Gatekeeper as admission controllers to automatically validate and enforce security policies at scale.

#9about 2 minutes

Key takeaways for hardening Kubernetes clusters

A summary of essential practices includes hardening images, using RBAC, isolating traffic, protecting etcd, and automating policy enforcement.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Security best practices for containers and Kubernetes
56:21 MIN

Security best practices for containers and Kubernetes

Microservices: how to get started with Spring Boot and Kubernetes

Q&A on managed Kubernetes security in the cloud
39:53 MIN

Q&A on managed Kubernetes security in the cloud

Kubernetes Security - Challenge and Opportunity

Centralizing security services in a Kubernetes ecosystem
22:09 MIN

Centralizing security services in a Kubernetes ecosystem

DevSecOps: Security in DevOps

Understanding the Kubernetes threat landscape and adversaries
01:46 MIN

Understanding the Kubernetes threat landscape and adversaries

Hacking Kubernetes: Live Demo Marathon

Addressing unique data protection challenges in Kubernetes
07:14 MIN

Addressing unique data protection challenges in Kubernetes

It's all about the Data

Identifying common Kubernetes security vulnerabilities
20:26 MIN

Identifying common Kubernetes security vulnerabilities

Kubernetes Security - Challenge and Opportunity

Understanding the challenges of scaling Kubernetes with confidence
00:25 MIN

Understanding the challenges of scaling Kubernetes with confidence

5 steps for running a Kubernetes environment at scale

Next steps for implementing Dockerfile security
40:42 MIN

Next steps for implementing Dockerfile security

A practical guide to writing secure Dockerfiles

Featured Partners

Related Videos

See all videos
Kubernetes Security - Challenge and Opportunity42:45

Kubernetes Security - Challenge and Opportunity

Marc Nimmerrichter

Hacking Kubernetes: Live Demo Marathon46:36

Hacking Kubernetes: Live Demo Marathon

Andrew Martin

Enhancing Workload Security in Kubernetes44:00

Enhancing Workload Security in Kubernetes

Dimitrij Klesev & Andreas Zeissner

Turning Container security up to 11 with Capabilities28:47

Turning Container security up to 11 with Capabilities

Mathias Tausig

Chaos in Containers - Unleashing Resilience27:52

Chaos in Containers - Unleashing Resilience

Maish Saidel-Keesing

Supply Chain Security and the Real World: Lessons From Incidents24:47

Supply Chain Security and the Real World: Lessons From Incidents

Adrian Mouat

Mastering Kubernetes – Beginner Edition57:24

Mastering Kubernetes – Beginner Edition

Hannes Norbert Göring

Kubernetes Maestro: Dive Deep into Custom Resources to Unleash Next-Level Orchestration Power!29:21

Kubernetes Maestro: Dive Deep into Custom Resources to Unleash Next-Level Orchestration Power!

Um e Habiba

Related Articles

View all articles
Learning Kubernetes made easy with KubeCampus
Learning to use Kubernetes? KubeCampus by Kasten offers free educational content for all skill levels to get you started!Kubernetes is an open-source system for deploying, scaling and managing containerized applications. It allows you to deploy your ...
Learning Kubernetes made easy with KubeCampus
DC
Daniel Cranney
Dev Digest 188: CfP time, the risks of NPM and IKEA algorithms
Inside last week’s Dev Digest 188 . 🤖 GitHub Copilot CLI is now in public review 💻 Microsoft is bringing ‘vibe working’ to office apps 🎣 Attackers abuse AI tools to generate captchas in fishing attacks ⚠️ When LLMs autonomously attack 🧠 Common cause...
Dev Digest 188: CfP time, the risks of NPM and IKEA algorithms
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?

From learning to earning

Jobs that call for the skills explored in this talk.