 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Before we can dive into the security aspects of Kubernetes, we must first understand the relevant security issues with the container infrastructure itself. (See our previous articles, for more on the threat models that apply to all Kubernetes deployments and the four tenets of Kubernetes security.)
Kubernetes supports Docker containers and, experimentally, the rkt container format. For the rest of this blog series, all discussions on containers center on Docker containers.
To run containers in a secure fashion, each Linux node must be properly configured and hardened. The Center for Internet Security (CIS) benchmarks for Docker and a corresponding CIS benchmark for Kubernetes contain many hardening guidelines that operational teams should follow.
For instance, one of the recommended practices is to enable built-in Linux security measures, such as SELinux and Seccomp profiles. SELinux is a kernel-level capability that regulates access to files and network resources, while Seccomp profiles restrict the set of system calls an application can make. Together, these capabilities allow a level of fine-grained control over the workloads that run on the node.
In general, major considerations of node security include:
The most important aspect of container image security is managing vulnerabilities. Because running containers with vulnerabilities exposes your system to attacks and compromises, you must actively manage the images used in your system to discover and remove known vulnerabilities.
[cycloneslider id=”kubernetes-series-book-2-sponsors”]
A number of commercial and open source packages can perform container image scanning to discover known Common Vulnerabilities and Exposures (CVE) identifiers. The trick is not to stop at scanning. Rather, the scanning function should be integrated with runtime enforcement and remediation capabilities.
For runtime enforcement, consider a process that deploys only those images that pass vulnerability scanning and those that adhere to the organization’s hardening policies. Kubernetes provides mechanisms to exercise such enforcement policies.
For remediation, ensure that the vulnerability scanning and security assessment function is integrated with the organization’s continuous integration/continuous deployment (CI/CD) pipeline. This way, the scanning results are fed directly to the pipeline, thereby kicking off remediation workflows before deployment. This should, in turn, be integrated with Kubernetes’ rolling updates feature, ensuring vulnerable containers are taken offline and replaced with freshly built images without the known flaws.
Container registries are the source from which images come. You must manage which registries can be used by your organization to pull images because downloading images from unknown registries can lead to the proliferation of vulnerable and dangerous software.
Use private registries and approved images; that is, only scanned and vetted images can be pushed into your private registries. If you must use public registries, scan the images before deployment. If the security scanning process fails to clear the image, you must fail deployment as a result. That is the only way to ensure the hygiene of your container environment.
With a firm grasp of the threat models, four major tenets of Kubernetes security and, now, container security considerations, you’re ready to explore the four major tenets of Kubernetes deployment security in more depth.
