Kubernetes has emerged as the leading orchestration platform of containerized applications in the modern cloud ecosystem. This has coincided with a steep increase in container adoption – CNFC’s 2022 annual survey showed that 76% of organizations that employ cloud-native approaches use containers. However, this rise in popularity has also made Kubernetes a target for threat actors and its security an increasing concern for CISOs and security teams.
This article will dive into the processes and best practices around Kubernetes security and explain some of the most significant defensive challenges facing the modern security team.
What Is Kubernetes?
Kubernetes is a container orchestration program managed by the Cloud Native Computing Foundation. Also referred to as k8s, the open-source Kubernetes platform is used for scheduling and automating the deployment, management, and scaling of containerized applications. As a container orchestration platform, Kubernetes is designed to manage the workflows and deployments of container ecosystems across cloud environments.
For this reason, container orchestrators are vital to cloud computing, especially as deployments get larger and more complex, making centralized management, container security, and automation critical. Kubernetes is the most common orchestration platform, with 66% of respondents to the Cloud Native Computing Foundation’s 2023 survey using it in production and 76% relying on it for most or all of their cloud-native deployments.
Today, the widespread use of Kubernetes for container deployments has made it a central component of next-generation cloud application development.
However, due to its complexity and the scale at which it operates, organizations face challenges securing Kubernetes environments, including managing configurations, access control, and workload isolation. That makes Kubernetes security a critical and unique aspect of securing modern cloud infrastructures.
What Is Kubernetes Security?
Kubernetes security refers to the practices, technologies, and processes designed to defend cloud-native applications running on Kubernetes against malicious cyberattacks and vulnerabilities. As an open-source platform, Kubernetes relies on containers and microservices operating in the cloud. That creates its own unique security considerations for defending teams.
Deploying Kubernetes involves clusters that are comprised of nodes – the worker machines. Each node is either a virtual or physical machine that runs one or more “pods,” or running container groups. A Kubernetes cluster also includes the control plane, which is the direct orchestrator of the entire cluster. Every cluster needs at least one worker node to be included.
Effective Kubernetes security protects this entire infrastructure – clusters, nodes, and pods – against unauthorized access, misconfigurations, malicious code, and vulnerabilities. As an open-source project with around 76,000 contributors, Kubernetes has both advantages and risks: broad security helps identify vulnerabilities, but the large contributor base also presents potential risks for malicious code to slip in.
Further, given Kubernetes’ central role in the cloud ecosystem, its components are a prime target for threat actors. Fortunately, resources are available for organizations to stay on top of common Kubernetes threats. For example, the publicly available Microsoft Kubernetes Threat Matrix provides a picture of the potential attacks facing Kubernetes clusters, much like how MITRE ATT&CK maps threats across cybersecurity as a whole.
Modern Challenges in Kubernetes Security
Kubernetes security, and cloud security more broadly, is one of the biggest challenges facing organizations, with 40% of respondents to the Cloud-Native Computing Foundation’s annual survey stating that securing cloud workloads is their top concern.
Some of the most significant challenges facing Kubernetes security include:
Vulnerable Container Images
Kubernetes manages the deployment of container images, but it does not automatically check them for vulnerabilities. If vulnerabilities exist in container images, they could introduce security risks within the broader Kubernetes environment.
The software supply chain is of particular concern with open-source applications, given that 15% of breaches tracked in the 2024 Verizon Data Breach Investigation Report were the result of third-party vulnerabilities. Thus, all possible aspects of the software supply chain must be secured. Automated discovery and analysis of container images throughout the CI/CD process enhances software supply chain security and helps maintain the integrity of these critical systems.
Kubernetes API vulnerabilities
The Kubernetes API is a possible point of compromise, as attackers can use unprotected API endpoints for initial access and subsequent lateral movement. Unprotected API endpoints can also serve as an entry point for injection attacks and denial of service (DoS) attacks, leading to business disruption and potential data loss. Streamlined discovery and centralized visibility are key.
The danger is especially acute if the organization deploys and manages Kubernetes in-house. The open-source nature of Kubernetes means that all API endpoints are ultimately public and accessible in some way. Endpoints also include potential and actual vulnerabilities, so securing them with authentication, authorization, and network policies can limit the risk of attacks and secure critical data.
Cloud providers like Microsoft Azure and Amazon Web Services (AWS) will manage the Kubernetes control plane and keep it updated and patched automatically, removing at least one set of risks. However, this security of the control plane does not eliminate all risks. Real-time API threat detection within Kubernetes workloads is vital even with the defenses of cloud providers. This capability can identify privilege escalations in misconfigured API endpoints and reduce the possibility of attackers moving laterally through the organization.
Cluster Misconfiguration
Kubernetes clusters are often susceptible to misconfigurations. Relying on default settings, often designed for flexibility and ease of use, can increase the risk of exposure. Clusters need to be configured properly to ensure that network policies are implemented correctly and there are robust access controls. Otherwise, there’s a risk of unauthorized access and potential breaches. Regularly audit cluster configurations to ensure that any errors are resolved promptly.
Unrestricted Network Access
Unrestricted network access between pods, namespaces, and IP blocks can expose Kubernetes clusters. By default, Kubernetes allows pods to connect to other pods and external addresses, leaving them vulnerable to denial of service (DoS) and man-in-the-middle (MitM) attacks if not properly restricted. Real-time monitoring of network communication helps control pod-to-pod communication and external access. This applies to both self-managed clusters and those deployed through cloud providers. Additionally, clusters should be isolated from the rest of the virtual private cloud (VPC) to prevent unauthorized access.
Kubernetes Runtime Threats
Containers run on the worker nodes in Kubernetes and are controlled by the host operating system during runtime. Permissive policies or vulnerable container images can open backdoors into the entire cluster if they’re not caught prior to running containers. OS-level runtime protection is thus critical to protect against threats during this phase of the container lifecycle. Container runtime security solutions help mitigate these risks by monitoring and securing containers during their active execution and detecting and responding to threats in real time.
Kubernetes Secrets
A Kubernetes Secret is an object that stores and handles sensitive data like passwords, OAuth tokens, and SSH keys. Without secrets, this information might be embedded in a Pod specification or container image, increasing the risk of exposure. Using the Secret objects, Kubernetes allows users to separate confidential data in the application code. However, because Secrets are designed to handle critical information, they are targets for threat actors. Keeping this data safe means encrypting Secrets at rest and limiting access to only those components that require it.
Permissions Management
Kubernetes permissions management is crucial to cluster security. Without an effective access control policy, Kubernetes clusters could be at risk of data breaches where sensitive information is accessed or leaked by unauthorized individuals. Limiting access only to the components and users who require it is key.
Ensuring proper role-based access control (RBAC) is essential to limit access only to users and components that require it. Further, regular audits help maintain a secure access control environment.
Kubernetes Resource Requests and Limits
Unrestricted resource requests can lead to security and cost issues. Kubernetes can limit CPU and memory usage in containers, which is essential for ensuring no single container can monopolize resource usage or access sensitive data if pods and namespaces are not properly restricted. Moreover, not limiting resource requests could lead to an increase in the node pool and the cost of cloud hosting.
When resource requests are assigned correctly, the entire cluster is more efficient. Faulty applications and intruders will also be limited in resource usage, ensuring that malicious containers will not be able to make applications unusable.
Kubernetes Security Best Practices
This table outlines Kubernetes security best practices, focusing on specific actions that help mitigate risks like unauthorized access, data breaches, and misconfigurations. Each practice addresses a key aspect of cluster security:
| Best Practice | What to Do |
| Enable RBAC | Kubernetes comes with role-based access control (RBAC) as a standard function, but it has to be enabled prior to use. Limit access based on least privilege, preventing unauthorized or accidental changes to critical resources. |
| Keep Kubernetes Updated | Using the most up-to-date, stable build of Kubernetes can ensure that containers are secured against the latest threats. For managed platforms, confirm that the control plane and worker nodes are updated regularly. |
| Deploy encryption throughout the Kubernetes Cluster | Encrypt data in use within the Kubernetes cluster, including Secrets and keys held in an extended distributed key-value store (etcd), which stores and manages data for configuration, service delivery, and scheduler coordination. |
| Implement Audit Logging and Monitoring | Enable audit logging and tracking when Kubernetes is accessed, especially for tracking attacks in progress and aiding in forensic analysis during security incidents. |
Upwind Supports Kubernetes Security
Upwind’s Kubernetes security solution enables security teams to protect their Kubernetes architecture against attacks by:
- Securing Containers Wherever They Run – Upwind protects Kubernetes with support for Amazon EKS & ECS, Google GKE, Microsoft AKS, OpenShift, Kops & more. Consolidating Kubernetes and container security in one centralized platform that supports k8s and container security in data centers, multi-cloud, and hybrid-cloud environments.
- Supercharging Kubernetes Security with DevOps Context – Get real-time, graph-based network and process-level topology of Kubernetes. Correlate CI/CD events with Kubernetes security to connect the dots and understand the root cause of changes and container events. Enable a partnership between developers, DevOps, and security to find and resolve issues across the lifecycle of the containerized application.
- Timeline-based Detections & Event Correlation – Detect and respond to container threats quickly, such as abnormal data access, lateral movements, and privilege escalations. Kill malicious processes and automate prevention policies for Kubernetes. Leverage runtime data to contextualize risk factors, identify attack paths, and prioritize the most critical risks across your container infrastructure, applications, and identities to streamline remediation efforts.
To learn more about Upwind’s approach to container security and get advice on best practices, schedule a demo.
FAQ
What are the 4 C’s of Kubernetes security?
The four Cs of Kubernetes security are: Cloud, Clusters, Containers, and Code.
- Cloud: Defending cloud infrastructure by revising default settings to align with security best practices is a key defensive measure.
- Clusters: Clusters are a key feature of Kubernetes. Securing the worker nodes that make up a cluster with tools like RBAC can keep many threats out.
- Containers: Kubernetes Pods comprise containers that run the application code. Securing containers is key to securing Kubernetes.
- Code: Creating secure code that gets included in container images is another key layer to Kubernetes security.
What are the top Kubernetes security concerns?
According to the OWASP project, the 10 most common Kubernetes security concerns are:
- Insecure Workload Configuration – the highly customizable nature of Kubernetes makes it easy to misconfigure workloads.
- Supply Chain Vulnerabilities – Containers rely on dozens of third-party services. Weaknesses in any one of them can trigger issues in Kubernetes.
- Overly Permissive RBAC – Role-based access control that isn’t restrictive enough can lead to unintentional errors.
- Policy Enforcement – Policy enforcement needs to happen at multiple points throughout the Kubernetes lifecycle.
- Inadequate Logging – Not capturing, storing, or actively monitoring logs can result in attackers being able to exploit vulnerabilities while going largely undetected.
- Broken Authentication – The flexibility of authentication in Kubernetes means it can easily be broken.
- Network Segmentation – Network traffic should ideally be isolated and segmented as much as possible to ensure Kubernetes remains secure.
- Secrets Management – Kubernetes Secrets must be managed effectively, otherwise they risk exposure.
- Misconfigured Cluster Components – Misconfigurations in components can be as damaging as a misconfigured workload. Ensuring each aspect of Kubernetes is secure is vital.
- Vulnerable Components – Administrators must closely follow CVE databases, disclosures, and updates and have a plan for patch management for their Kubernetes implementation.
Are there any native Kubernetes security features?
The Cloud Native Computing Foundation structures Kubernetes using cloud-native security best practices. As a result, it uses common encryption standards, leveraging role-based access control, the Secrets feature to store protected information, and other basic security measures.
