CISA/NSA - Kubernetes Hardening Guidance

U/OO/168286-21 | PP-21-1104 | August 2021 Ver. 1.0 iv
National Security Agency and Cybersecurity and Infrastructure Security Agency
Click here to read on NSA website.

Executive summary

Kubernetes® is an open-source system that automates the deployment, scaling, and management of applications run in containers, and is often hosted in a cloud environment. Using this type of virtualized infrastructure can provide several flexibility and security benefits compared to traditional, monolithic software platforms. However, securely managing everything from microservices to the underlying infrastructure introduces other complexities. The hardening guidance detailed in this report is designed to help organizations handle associated risks and enjoy the benefits of using this technology.
Three common sources of compromise in Kubernetes are supply chain risks, malicious threat actors, and insider threats.