Different ways to provide API-Security on kubernetes

0 votes
Could you list the different ways in which I can provide API-security on kubernetes?
Jul 23, 2019 in Kubernetes by Karan
• 19,610 points
906 views

1 answer to this question.

0 votes
  • Use the correct auth mode with API server authorization-mode=Node,RBAC

  • Ensure all traffic is protected by TLS

  • Use API authentication (smaller cluster may use certificates but larger multi-tenants may want an AD or some OIDC authentication).

  • Make kubeless protect its API via authorization-mode=Webhook

  • Make sure the kube-dashboard uses a restrictive RBAC role policy

  • Monitor RBAC failures

  • Remove default ServiceAccount permissions

  • Filter egress to Cloud API metadata APIs

  • Filter out all traffic coming into kube-system namespace except DNS

  • A default deny policy on all inbound on all namespaces is good practice. You explicitly allow per deployment.

  • Use a podsecurity policy to have container restrictions and protect the Node

  • Keep kube at the latest version.

answered Jul 23, 2019 by Sirajul
• 59,230 points

Related Questions In Kubernetes

0 votes
1 answer
0 votes
1 answer

Unable to run Kubernetes on rancher cluster

switch Docker to 1.12.x; Kubernetes doesn't support ...READ MORE

answered Aug 28, 2018 in Kubernetes by Kalgi
• 52,350 points
1,410 views
0 votes
1 answer

Not able to access kubernetes api from a pod in azure

Follow these steps Add --bind-address=0.0.0.0 option to the line https://github.com/kubernetes/kubernetes/blob/v1.2.0/docs/getting-started-guides/coreos/azure/cloud_config_templates/kubernetes-cluster-main-nodes-template.yml#L218  Created ...READ MORE

answered Aug 30, 2018 in Kubernetes by Kalgi
• 52,350 points
1,034 views
0 votes
2 answers

Not able to expose port 80 on the host, kubernetes ingress

I was facing the same error. The nginix ...READ MORE

answered Sep 11, 2018 in Kubernetes by Kalgi
• 52,350 points
2,155 views
+1 vote
1 answer
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17, 2019 in Others by anonymous
15,576 views
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
4,062 views
0 votes
1 answer

What all packages do i need to install to use kubernetes on my machine?

Install below packages on all of your ...READ MORE

answered Jul 11, 2019 in Kubernetes by Sirajul
• 59,230 points
927 views
0 votes
1 answer

What all components run inside a worker node to provide a kubernetes runtime environment?

Node components run on every node, maintaining ...READ MORE

answered Jul 24, 2019 in Kubernetes by Sirajul
• 59,230 points
1,067 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP