Back to glossary

Kubernetes Security

The set of practices and tools used to secure a Kubernetes cluster and the applications running within it.

Categorysecurity

Overview

Kubernetes (K8s) is a complex platform with a large attack surface. Securing it requires a multi-layered approach, often referred to as the '4C's of Cloud Native Security': Cloud, Cluster, Container, and Code.

Key Security Features

  • Role-Based Access Control (RBAC): Managing permissions for users and service accounts.
  • Network Policies: Controlling traffic flow between pods.
  • Pod Security Standards: Defining security constraints for pod execution (e.g., preventing root access).
  • Secrets Management: Securely storing and distributing sensitive data like API keys and passwords.
  • Admission Controllers: Intercepting requests to the K8s API to enforce security policies.

Importance

Because Kubernetes orchestrates critical applications, a compromise of the cluster can lead to widespread data breaches and service disruptions.

Related Terms

Container Security