Kubernetes hardening best practices
Because the built-in security features of Kubernetes are limited in scope, it’s critical for teams to take extra steps to secure their clusters. The following are some best practices for getting the most out of the security features that Kubernetes offers, as well as for leveraging external tools and strategies to provide more security.
Configure Pod Security and Network Policies
As noted above, pod security policies and network policies can be used to enforce security restrictions. However, it’s important to understand that these policies are not configured and enabled in most Kubernetes distributions by default (and even if they are turned on by default in your distribution, they likely need to be tailored to your needs).
Therefore, a critical first step in hardening Kubernetes is to make sure that you set up and enforce these policies in a way that reflects your team’s security needs. The level of strictness that you apply in these policies will vary depending on how secure your cluster needs to be; for example, a production cluster is more likely to have more restrictive policies (such as policies that prevent write-access to resources and prevent all non-essential network traffic) than a cluster that is used internally for development or testing purposes (in which case having very strict security policies is typically not as important, because the cluster will not be running mission-critical apps connected to the public Internet).
Kubernetes Host Security
Kubernetes is only as secure as the operating systems that power its nodes. Because Kubernetes has no way of monitoring or hardening host operating systems, admins need to cover that ground themselves.
It’s a best practice to choose a host Linux distribution that has a minimal footprint, since extraneous operating system apps or services that are not necessary for Kubernetes increase your attack surface needlessly. It’s also a best practice to enable SELinux, AppArmor, or a similar security framework on the host system; these tools add another layer of protection against certain types of exploits against the host. Finally, user, group, and filesystem permissions should be properly configured on the host to ensure that only user accounts that should be able to access the Kubernetes installation have the ability to do so.
Keep Your Runtime Secure and Up-to-Date
No container runtime used in conjunction with Kubernetes is immune to security vulnerabilities. Therefore, you can never be certain that your runtime is safe. However, you can mitigate the risk by keeping the runtime up-to-date.
Leverage logging and auditing to improve security
Log data provides crucial insights into potential security breaches. It’s also critical for investigating past security events. However, while Kubernetes provides facilities for generating log data, it provides no features for auditing or interpreting that data for any purpose, least of all for security. You therefore need to adopt third-party tools to leverage Kubernetes log data as a basis for security operations.
Sumo Logic helps with this process by making it easy to aggregate and interpret Kubernetes logs. By installing the Sumo Logic Kubernetes App, teams can put Kubernetes logs to work to detect anomalous activity on Kubernetes nodes and networks, and thus gain critical visibility into their Kubernetes environments.