Kubernetes Security Essentials: Securing Cloud-Native Applications

This whitepaper refcard addresses securing the three primary areas of attack within a Kubernetes cluster.

To understand how to secure cloud-native apps, it’s important to protect the underlying Kubernetes environment and its relevant attack surface, which consists of three main areas:

  • Software supply chain
  • Deployed and running workloads/containers
  • Kubernetes infrastructure

This whitepaper uses these categories as a framework to describe key security concepts around securing Kubernetes apps and infrastructure.

Kubernetes Security Essentials Refcard
Covering the essentials of security in Kubernetes environments, this whitepaper refcard addresses the three primary areas of attack within a Kubernetes cluster. Security concepts range from the software supply chain — images, build systems, and container registry security — to Kubernetes infrastructure, as well as deploy-time and runtime security. Key examples like threat vectors, security measures, and vulnerability and violation types within each section will help you continue strengthening your Kubernetes environment security as you automate and scale the deployment and management of your cloud-native applications. The paper also highlights that an effective approach to securing Kubernetes environments and the applications running inside can be achieved by evaluating open source and commercial tools that apply controls to secure the following key areas:
  • Software supply chain used to build container images, including base images and image components
  • Deployed and running containerized workloads made up of individual pods
  • Infrastructure components needed to run Kubernetes clusters, including its control plane and worker nodes