July 26, 2023 ・ Kubernetes
Kubernetes. Security Fundamentals
Kubernetes, with its ability to simplify application deployment, scaling and management, has revolutionized the way organizations deploy and manage their applications in the cloud. It has become the de facto standard for container orchestration and management. However, with great power comes great responsibility. And Kubernetes security is a critical aspect that cannot be overlooked.
With a large number of nodes, pods, services and other entities, Kubernetes can quickly become complex, and it is essential to understand the potential security risks and best practices for securing your environment. In this article we will explore the fundamentals of Kubernetes security and provide guidance on securing your Kubernetes clusters.
Kubernetes security threats can come from a variety of sources, such as vulnerabilities in container images, misconfigured Kubernetes resources, or unauthorized access to the Kubernetes API server. It is important to be aware of these threats and their potential impact on your Kubernetes environment. We will discuss the most common of them and see how Kubernetes protects itself and how we can improve our security level.
Kubernetes networking is a critical component of the platform and provides communication channels between different Kubernetes components, such as pods, services and nodes. And the first thing we should take care of is network encryption. Kubernetes supports TLS encryption. Depending on how you have deployed Kubernetes, it may differ who will take care of managing certificates and secret keys.
If you install it from scratch, running all components by yourself as processes you have to create all certificates for every component by yourself. If you use kubeadm tool, it will generate certificates for all cluster components. And external tolls, like Rancher etc. will take care about them either. So, generally Kubernetes secures its network by itself. But it won’t work if you don’t provide security of keys and certificates.
Only highly privileged administrators should have permissions to sign new certificates and revoke unused ones. You also should give minimum necessary permissions for services accounts to prevent any kind of privileges escalating via compromised service accounts.
Another aspect of network security is network segmentation. Kubernetes networking should be segmented to ensure different components are isolated from each other. Network segmentation helps prevent attackers from moving laterally across the cluster if they gain access to one component. You may restrict network access between different segments using network policies. Allow only necessary connections inside your cluster.
Role-Based Access Control
Network can be protected, but it will have no benefit if every user or service account has admin privileges. Kubernetes has its own system Role-Based Access Control (RBAC). Authentication can be provided by static passwords, client certificates or external authentication providers such as LDAP, OAhuth etc.
Do not use static password authentication methods in the prod environment. It is good practice to create different roles for different tasks and privileges in a cluster. And bind these roles to users and services accounts to grant them minimum required privileges to do their tasks.
By default Kubernetes API allows unauthorized read-only access by port 10255. Abusers can use it to collect detailed information about your environment. So, it would be better to forbid anonymous access to your cluster. And of course all API connections should be protected by authorization mechanisms. Separately we should talk about secrets.
Kubernetes has such objects as secrets. They are designed to store sensitive data in encrypted form. Access to Kubernetes secrets should be restricted to authorized users and services which don’t need to use them. And you should manage access to secrets via BRAC.
In Kubernetes, a pod is the smallest deployable unit that runs one or more containers. As such, securing pods is a crucial aspect of Kubernetes security. One way to enhance pod security is through the use of Pod Security Policies (PSP) and Pod Security Admission Controllers (PSAC).
Pod Security Policies are a set of rules that define the security requirements for a pod to be created or updated. These rules can limit the privileges that a pod can have, such as preventing the use of host namespaces or requiring the use of read-only filesystems. They can also enforce security controls such as requiring container images to be pulled from trusted sources or disabling privilege escalation.
Pod Security Admission Controllers are Kubernetes components that enforce Pod Security Policies by intercepting pod creation and update requests and checking them against the defined policies. PSACs can be implemented in different ways, such as a MutatingAdmissionWebhook or a ValidatingAdmissionWebhook, which respectively mutate or reject pod creation or update requests that do not comply with the defined policies. Using Pod Security Policies and Pod Security Admission Controllers can provide a layer of defense against common pod security risks such as container breakout, host tampering, or network sniffing. However, implementing these controls requires careful consideration of the security requirements of the Kubernetes cluster and the applications running on it.
For example, some legacy applications may require higher privileges that are not allowed by default by a Pod Security Policy, or some third-party images may not comply with the defined policies. In such cases, it may be necessary to create exceptions or custom policies to ensure that the applications can still run while maintaining an acceptable level of security.
Logging and Monitoring
And the last, but not least, component of good security management practice is auditing and monitoring. Logs should be collected centrally to enable efficient searching and analysis. Log data should be encrypted in transit and at rest to prevent unauthorized access. Kubernetes should be monitored regularly to identify potential security threats. Monitoring tools can detect anomalous behavior and alert administrators to potential security incidents. And of course Kubernetes should be scanned for potential security vulnerabilities and be audited to ensure that security policies are being followed.
In conclusion, Kubernetes is a powerful tool for managing containerized applications, providing a wealth of security features that enable you to build secure and protected environments. However, it is important to note that these features alone are not enough to ensure the safety of your environment. It is crucial to also follow security recommendations and best practices, as well as to regularly review and update your security measures. With the right approach, Kubernetes can provide a robust and secure foundation for your applications, helping you to maintain the integrity and confidentiality of your data and infrastructure.