Recently, there has been a significant upswing in the adoption of containerized environments. In light of this, we’ve written a number of posts that focus on the advantages that containers afford and ways to ensure that you’re following security best practices when deploying and operating them. Most recently, we published Docker Security Tips & Best Practices, which identifies common container security issues together with best practices for reducing risk and increasing operational efficiency in containerized environments.
Along with the spike in container adoption, there has been a corresponding uptake in the use of container orchestration platforms, so in this post, we’re providing tips on how to address security issues when using Kubernetes, the most widely adopted container orchestration platform.
Originally designed by Google and now maintained by the Cloud Native Computing Foundation, Kubernetes enables organizations to automate the deployment, scaling, and management of containerized applications.
Kubernetes is a powerful platform with multiple layers of complexity, and therefore, when developing and managing applications for use with Kubernetes, developers need to:
- Become familiar with a body of new concepts that form a framework for thinking about cloud-native applications vs. traditional engineering
- Develop an integrated mechanism for fine-tuning and debugging cloud-native applications
- Develop new techniques for monitoring and reporting on the performance and functionality that has been migrated
- Consider design pattern differences between migrating existing functionality into Kubernetes vs. developing the application stack natively in Kubernetes
Apart from these, the primary hurdle that developers face on an ongoing basis is tackling a new set of infrastructure security concerns. If you’re just getting started with Kubernetes (or want to take a deeper dive into the platform to learn more about what’s possible with Kubernetes), visit our list of 50 useful Kubernetes tutorials for IT professionals. Below, we’ll talk about some important tips and best practices for working with Kubernetes with security in mind.
Security Tips and Best Practices
Kubernetes has many features that can help to create a secure environment for your applications. However, it does require some familiarity and a good understanding of these features to enhance the security of your applications, which we’ll discuss below:
Use Authorized Images
Organizational data and applications are vulnerable to malicious containers if the images used are downloaded and run from unknown sources. There must be a process in place to ensure that all images adhere to the organization’s policy. Avoid the use of public registries, and push only approved images to production. It is also good practice to build a pipeline that integrates security assessment as part of the build process.
This pipeline can be designed so the approved code runs a vulnerability scan on the images and pushes them to a private registry only if no issues are found in the images. In the event that a flag is raised for security, it should create a failure in the pipeline, thereby preventing insecure images from being pushed to the registry.
Segment the Network
Multiple applications running on a Kubernetes cluster pose the risk of being attacked by a neighboring malicious application. To avoid such a threat, it is vital to segment the network so containers communicate with each other only when needed.
A major challenge in Kubernetes is to create network segments between containers, services, and pods. This is due to the fact that the dynamic nature of containers allows communication between the same as well as intermediate nodes. This challenge is addressed by using automatic firewall rules and implementing network policies that prevent cross-cluster communication.
Log and Monitor
Kubernetes provides cluster-based logging, which can also be sent to a centralized logging facility. These logs, combined with the application logs, can be consolidated for better analysis and monitoring of reports. Observation of these logs can bring out trends which can rapidly detect any security threats or application incidents. Close monitoring and auditing of the logs can help detect container privilege escalation, new process spawning, system network connections, accessing sensitive data, as well as anomalous container behavior.
Isolation of resources is another major security feature within Kubernetes. Containers should be limited to only the resources they need, meaning that a malfunctioning or compromised container can only request a finite amount of resources. Preventing the whole host from collapsing in the case of a compromise means the “blast radius” can be minimized to a small subset of resources.
Kubernetes also provides resource quota configuration so that the maximum simultaneous instances of a container, the storage memory, as well as the CPU shares of the application can be pre-defined. Rationing resources in this way provides necessary data protection and privacy and also prevents a class of denial-of-service attacks sometimes referred to as “noisy-neighbor”.
Authenticate and Authorize
Administrators, users, and applications communicate with each other using the central APIs of the Kubernetes platform. Since service accounts, as well as users, access the Kubernetes APIs to initiate operations, controlling access to APIs is vital in preventing an attacker from gaining access to your entire cluster.
The Kubernetes platform has a built-in feature for authorization and authentication and also provides admission controls that can regulate and intercept requests to the Kubernetes APIs. Admission controls can be webhook-enabled to use external logic, or you could use built-in constructs, authentication, and authorization. For example, see Using RBAC Authentication.
A Final Word . . .
Remember, Kubernetes is not a silver bullet. With these tips and best practices in mind, you’ll get more out of Kubernetes while maintaining or enhancing your organization’s security posture — particularly if you leverage a platform like the Threat Stack Cloud Security Platform® to help secure your containerized environments.
If you’re interested in learning more about Threat Stack and its capabilities with Docker and Kubernetes, sign up for a demo. Our security and operations experts will be pleased to discuss your organization’s specific requirements.