Why worry about Kubernetes security?

Kubernetes was in general availability in 2018 and is still evolving very fast. There are features that are still under development and are not in a general availability state (either alpha or beta). The latest version (1.33) that you will learn about at the end of this book will bring many new security enhancements. This is an indication that Kubernetes is still far from mature, at least from a security standpoint.

To address all the major orchestration requirements of stability, scalability, flexibility, and security, Kubernetes has been designed in a complex but cohesive way. This complexity no doubt brings with it some security concerns.

Configurability is one of the top benefits of the Kubernetes platform for developers. Developers and cloud providers are free to configure their clusters to suit their needs. This trait of Kubernetes is one of the major reasons for increasing security concerns among enterprises. The ever-growing Kubernetes code and components of a Kubernetes cluster make it challenging for DevOps to understand the correct configuration. The default configurations are usually not secure (the openness does bring advantages to DevOps to try out new features). Further, due to popularity, so many missions’ critical workloads and crown jewel applications are hosted in Kubernetes which makes security paramount.

With the increase in the usage of Kubernetes, it has been in the news for various security breaches and flaws in 2023 and 2024:

• Since the beginning of April, several instances of exploitations of vulnerabilities in OpenMetadata platform (an open source platform designed to manage metadata across various data sources) have been observed [7].
• Researchers found that approximately 60% of the clusters were actively under attack by crypto miners [8].
• Misconfigurations were widely done by organizations and actively exploited in the wild, such as misconfiguring and granting anonymous access with privileges.
• Bad actors escalate into admin privileges by creating pods or persistent volumes on Windows nodes. They essentially exploit the following CVEs and vulnerabilities: CVE-2023-5528/3955/3893/3676 [9].

To summarize the importance of security in Kubernetes, it’s key to note that Kubernetes deployments are often complex, dynamic, and distributed. In many instances, clusters support workloads from multiple teams (multi-tenancy) or even different organizations. Without proper security controls, a vulnerability in a single application could potentially compromise the entire cluster, impacting all teams involved.

These clusters may host applications that handle sensitive information, such as credentials and business-critical data. Implementing guardrails security controls is crucial to prevent breaches, maintain trust and credibility, and ensure compliance with regulatory standards, preventing potential penalties and legal issues.

In conclusion, security in Kubernetes is fundamental for maintaining the integrity, availability, and confidentiality of applications and data. Implementing robust security controls ensures that these features and benefits of Kubernetes are utilized without exposing the organization to unnecessary security risks.