Covering the essentials of security in Kubernetes environments, this whitepaper refcard addresses the three primary areas of attack within a Kubernetes cluster. Security concepts range from the software supply chain — images, build systems, and container registry security — to Kubernetes infrastructure, as well as deploy-time and runtime security. Key examples like threat vectors, security measures, and vulnerability and violation types within each section will help you continue strengthening your Kubernetes environment security as you automate and scale the deployment and management of your cloud-native applications. The paper also highlights that an effective approach to securing Kubernetes environments and the applications running inside can be achieved by evaluating open source and commercial tools that apply controls to secure the following key areas:
- Software supply chain used to build container images, including base images and image components
- Deployed and running containerized workloads made up of individual pods
- Infrastructure components needed to run Kubernetes clusters, including its control plane and worker nodes