{"id":36467,"date":"2018-09-10T21:46:31","date_gmt":"2018-09-10T18:46:31","guid":{"rendered":"https:\/\/www.altoros.com\/blog\/?p=36467"},"modified":"2019-02-26T14:51:20","modified_gmt":"2019-02-26T11:51:20","slug":"improving-security-for-kubernetes-deployments-at-scale","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/","title":{"rendered":"Improving Security for Kubernetes Deployments at Scale"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#Security_lags_behind_speed_and_scalability\" >Security lags behind speed and scalability<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#How_bad_is_it\" >How bad is it?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#How_can_security_be_improved\" >How can security be improved?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#Want_details_Watch_the_video\" >Want details? Watch the video!<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#Related_slides\" >Related slides<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#Further_reading\" >Further reading<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#About_the_expert\" >About the expert<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Security_lags_behind_speed_and_scalability\"><\/span>Security lags behind speed and scalability<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Since its initial launch in June of 2014, <a href=\"https:\/\/www.altoros.com\/blog\/tag\/kubernetes\/\">Kubernetes<\/a>, a container orchestration system, has gradually risen in popularity over the years. One of the reasons for this growth in adoption is the increased rate of application development and ease of infrastructure scaling it provides.<\/p>\n<p>Another factor that has contributed to the rise of Kubernetes is the ability to <a href=\"https:\/\/www.altoros.com\/blog\/a-multitude-of-kubernetes-deployment-tools-kubespray-kops-and-kubeadm\/\">deploy Kubernetes<\/a> in the cloud. While it can still be deployed on premises, cloud-based installations enable organizations to forego the costs associated with having and maintaining their own infrastructure.<\/p>\n<p>The problem with cloud-based Kubernetes deployments, however, is that these require a different approach when it comes to security.<\/p>\n<p>At a recent <a href=\"https:\/\/www.meetup.com\/Silicon-Valley-Cloud-Native-and-Kubernetes-Meetup\/events\/252629788\/\" rel=\"noopener noreferrer\" target=\"_blank\">Kubernetes meetup<\/a> in Silicon Valley, <a href=\"https:\/\/www.linkedin.com\/in\/dan-hubbard-59b9709\/\" rel=\"noopener noreferrer\" target=\"_blank\">Dan Hubbard<\/a>, Chief Product Officer at Lacework, revealed some of the vulnerabilities with Kubernetes workloads in the cloud and also shared some recommendations to improve security.<\/p>\n<blockquote><p><em>&#8220;Kubernetes, like a lot of these new technologies, have this speed and scale, as well as secure and safe balancing act. Speed and scale win.&#8221; \u2014Dan Hubbard, Lacework<\/em><\/p><\/blockquote>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-Dan-Hubbard.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-Dan-Hubbard-1024x576.jpg\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-36491\" \/><\/a><small>Dan Hubbard at the meetup in Silicon Valley (Photo credit: Altoros)<\/small><\/center><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_bad_is_it\"><\/span>How bad is it?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>According to the <a href=\"https:\/\/info.lacework.com\/hubfs\/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf\" rel=\"noopener noreferrer\" target=\"_blank\">research<\/a> conducted by Lacework in June 2018, over 21,000 container orchestration and API management systems were discoverable on the Internet. While being visible on the Internet isn&#8217;t always a vulnerability, it is certainly an unnecessary security risk as this becomes a &#8220;window of opportunity&#8221; that malicious attackers can take advantage of.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-orchestration-systems.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-orchestration-systems-1024x576.png\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-36470\" \/><\/a><small>Kubernetes accounted for 76% of the discovered systems (<a href=\"https:\/\/www.slideshare.net\/main\/private_slideshow?path_to_redirect_at=https%3A%2F%2Fwww.slideshare.net%2Faltoros%2Fkubernetes-containers-at-risk%2Fsecret%2F1P0UG0DjumnMrI\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>Lacework conducted their research using <a href=\"https:\/\/www.shodan.io\/\" rel=\"noopener noreferrer\" target=\"_blank\">Shodan<\/a>\u2014an engine that encapsulates SSL data mining, web crawling, and other functionality to identify potentially vulnerable systems.<\/p>\n<blockquote><p><em>&#8220;With simple tools and a relatively simple query, I can find all kinds of vulnerable things.&#8221;<br \/>\n\u2014Dan Hubbard, Lacework<\/em><\/p><\/blockquote>\n<p>While Kubernetes does include built-in security features, such as SSL and default authentication, the Lacework team encountered glaring issues in some of the Kubernetes systems they found, including:<\/p>\n<ul>\n<li>open dashboards in the middle of configuration<\/li>\n<li>open dashboards that required no authentication<\/li>\n<li>open dashboards that could be brute-forced<\/li>\n<li>information disclosure on nodes with invalid certificates<\/li>\n<\/ul>\n<p>In cases where the dashboard was completely exposed, malicious attackers can gain <em>full remote administration<\/em> of the corresponding systems. When this happens, attackers have full access to perform such operations as <em>adding applications<\/em>, <em>modifying infrastructure<\/em>, <em>changing credentials<\/em>, <em>extracting data<\/em>, etc.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-vulnerable-dashboards.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-vulnerable-dashboards-1024x576.png\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-36486\" \/><\/a><small>Some examples of the exposed dashboards (<a href=\"https:\/\/www.slideshare.net\/main\/private_slideshow?path_to_redirect_at=https%3A%2F%2Fwww.slideshare.net%2Faltoros%2Fkubernetes-containers-at-risk%2Fsecret%2F1P0UG0DjumnMrI\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>The Lacework team also found 38 instances of <a href=\"https:\/\/github.com\/kubernetes\/contrib\/tree\/master\/exec-healthz\" rel=\"noopener noreferrer\" target=\"_blank\">healthz<\/a>, a Kubernetes container health check service, which required no authentication whatsoever.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-Dan-Hubbard-v2.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-Dan-Hubbard-v2-1024x576.jpg\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-36529\" \/><\/a><small><\/small><\/center><\/p>\n<blockquote><p><em>&#8220;We found roughly 21,000 systems open on the Internet. That doesn&#8217;t mean 21,000 are insecure. Many of them could have full hardware tokens built-in or other forms of security. Of those, we found a little over 300 with no username or password.&#8221; \u2014Dan Hubbard, Lacework<\/em><\/p><\/blockquote>\n<p>During Lacework&#8217;s search, Dan made it clear that they did not attempt to access any of the systems that were open. Instead, they reached out to the nodes that were potentially exposing critical data.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_can_security_be_improved\"><\/span>How can security be improved?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>After exploring the vulnerabilities uncovered, Lacework came up with some general recommendations on improving security:<\/p>\n<ul>\n<li style=\"margin-bottom: 6px;\">Regardless of the network policy in place, <b>use multi-factor authentication<\/b> for all access<\/li>\n<li style=\"margin-bottom: 6px;\"><b>Apply strict controls to network access<\/b>, especially for UI and API ports<\/li>\n<li style=\"margin-bottom: 6px;\"><b>Use SSL<\/b> for all servers and <b>use valid certificates<\/b> with proper expiration and enforcement policies<\/li>\n<li style=\"margin-bottom: 6px;\"><b>Deploy VPNs or reverse proxy<\/b> to enable connection to sensitive servers<\/li>\n<\/ul>\n<p>Dan also shared a few security tips specific for Kubernetes:<\/p>\n<ul>\n<li style=\"margin-bottom: 6px;\"><b>Build a pod security policy<\/b> by preventing pods from running as root, as well as from accessing host ports and certain volume types<\/li>\n<li style=\"margin-bottom: 6px;\">Configure your Kubernetes pods to <b>run read-only file systems<\/b><\/li>\n<li style=\"margin-bottom: 6px;\"><b>Restrict privilege escalation<\/b> in Kubernetes with <a href=\"https:\/\/en.wikipedia.org\/wiki\/Role-based_access_control\" rel=\"noopener noreferrer\" target=\"_blank\">role-based access control<\/a><\/li>\n<\/ul>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-pod-security-policy.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-pod-security-policy-1024x576.png\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-36513\" \/><\/a><small>Example pod security policy (<a href=\"https:\/\/www.slideshare.net\/main\/private_slideshow?path_to_redirect_at=https%3A%2F%2Fwww.slideshare.net%2Faltoros%2Fkubernetes-containers-at-risk%2Fsecret%2F1P0UG0DjumnMrI\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>For organizations without a security team, Dan suggested the use of existing products and services, such as Lacework&#8217;s <a href=\"https:\/\/www.lacework.com\/product\/#why-polygraph\/\" rel=\"noopener noreferrer\" target=\"_blank\">Polygraph<\/a>\u2014which constitutes a set of behavioral maps\u2014in order to manage container security. Polygraph is a security platform for cloud deployments, which is capable of capturing relevant activities, organizing data logically, establishing a baseline of container behavior, identifying deviations in container behavior, and delivering actionable insights.<\/p>\n<blockquote><p><em>&#8220;We really believe that security needs to change with modern deployment methods. It&#8217;s not about bringing an appliance into the cloud, virtualizing something, and pushing it out, or taking a normal piece of software that&#8217;s designed for on premises and putting it in the cloud. It&#8217;s about building and designing purpose-fit technologies for your public cloud.&#8221;<br \/>\n\u2014Dan Hubbard, Lacework<\/em><\/p><\/blockquote>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-Polygraph-dashboard.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Containers-Security-Lacework-Polygraph-dashboard-1024x768.png\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-36506\" \/><\/a><small>Lacework Polygraph dashboard (<a href=\"https:\/\/www.lacework.com\/introduction-to-polygraphs\/\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>With so many companies looking to speed up and scale their development life cycle, it&#8217;s not a surprise to see the increased adoption rate of container orchestration systems like Kubernetes. That said, security shouldn&#8217;t be an afterthought and should always be part of the process.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Want_details_Watch_the_video\"><\/span>Want details? Watch the video!<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td>\n<div style=\"float: right; width: 45%; padding-left: 15px; font-size: 14px;\">\n<p><strong>Table of contents<\/strong><\/p>\n<ol>\n<li style=\"margin-bottom: 6px;\">Who are we? (<a href=\"#wistia_beku5zc4ym?time=78\">1&#8217;18&#8221;<\/a>)<\/li>\n<li style=\"margin-bottom: 6px;\">What is Kubernetes? (<a href=\"#wistia_beku5zc4ym?time=168\">2&#8217;48&#8221;<\/a>)<\/li>\n<li style=\"margin-bottom: 6px;\">Why are monocultures hard to secure? (<a href=\"#wistia_beku5zc4ym?time=587\">9&#8217;47&#8221;<\/a>)<\/li>\n<li style=\"margin-bottom: 6px;\">Demo: Shodan (<a href=\"#wistia_beku5zc4ym?time=880\">14&#8217;40&#8221;<\/a>)<\/li>\n<li style=\"margin-bottom: 6px;\">Lacework research statistics (<a href=\"#wistia_beku5zc4ym?time=1580\">26&#8217;20&#8221;<\/a>)<\/li>\n<li style=\"margin-bottom: 6px;\">What are the risks and threats? (<a href=\"#wistia_beku5zc4ym?time=1760\">29&#8217;20&#8221;<\/a>)<\/li>\n<li style=\"margin-bottom: 6px;\">What are the security recommendations? (<a href=\"#wistia_beku5zc4ym?time=1860\">31&#8217;00&#8221;<\/a>)<\/li>\n<li style=\"margin-bottom: 6px;\">Questions and answers (<a href=\"#wistia_beku5zc4ym?time=2163\">36&#8217;03&#8221;<\/a>)<\/li>\n<\/ol>\n<\/div>\n<p><script charset=\"ISO-8859-1\" src=\"\/\/fast.wistia.com\/assets\/external\/E-v1.js\" async><\/script><\/p>\n<div class=\"wistia_embed wistia_async_beku5zc4ym\" style=\"height:300px;width:400px\">&nbsp;<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Related_slides\"><\/span>Related slides<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><center><iframe loading=\"lazy\" src=\"\/\/www.slideshare.net\/slideshow\/embed_code\/key\/1P0UG0DjumnMrI\" width=\"595\" height=\"485\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" style=\"border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;\" allowfullscreen> <\/iframe> <\/center><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Further_reading\"><\/span>Further reading<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/configuring-uaa-to-provide-a-single-entry-point-for-kubernetes-and-cloud-foundry\/\">Configuring UAA to Provide a Single Entry Point for Kubernetes and Cloud Foundry<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/a-multitude-of-kubernetes-deployment-tools-kubespray-kops-and-kubeadm\/\">A Multitude of Kubernetes Deployment Tools: Kubespray, kops, and kubeadm<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/kubernetes-cluster-ops-options-for-configuration-management\/\">Kubernetes Cluster Ops: Options for Configuration Management<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"About_the_expert\"><\/span>About the expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div>\n<div style=\"float: right;\"><a href=\"https:\/\/www.linkedin.com\/in\/dan-hubbard-59b9709\/\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Dan-Hubbard-Lacework-bio.png\" alt=\"\" width=\"120\" class=\"aligncenter size-full wp-image-36516\" \/><\/a><\/div>\n<div style=\"width: 600px;\"><small><a href=\"https:\/\/www.linkedin.com\/in\/dan-hubbard-59b9709\/\">Dan Hubbard<\/a> is Chief Product Officer at Lacework, where he is responsible for driving the company\u2019s product and security strategy for public and private clouds and security research. Dan\u2019s expertise spans from reputation and advanced classification systems to large-scale security data mining and cloud security. Prior to Lacework, he served as CTO at OpenDNS, helping to deliver the world\u2019s largest cloud security network that led to the $600M acquisition by Cisco. Before that, Dan was also CTO at Websense, where he led R&#038;D, launched the Websense Security Labs, and was instrumental in the company\u2019s success from early days through successful IPO. Dan owns several patents in the areas of data classification and cloud security and is a frequent speaker at security conferences globally.<\/small><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Security lags behind speed and scalability<\/p>\n<p>Since its initial launch in June of 2014, Kubernetes, a container orchestration system, has gradually risen in popularity over the years. One of the reasons for this growth in adoption is the increased rate of application development and ease of infrastructure scaling it provides.<\/p>\n<p>Another factor [&#8230;]<\/p>\n","protected":false},"author":32,"featured_media":36551,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[7],"tags":[873,912],"class_list":["post-36467","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-opinion","tag-cloud-native","tag-kubernetes"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Improving Security for Kubernetes Deployments at Scale | Altoros<\/title>\n<meta name=\"description\" content=\"Over 21,000 systems were found open on the Internet. Out of those, more than 300 required no authentication whatsoever to access.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Improving Security for Kubernetes Deployments at Scale | Altoros\" \/>\n<meta property=\"og:description\" content=\"Security lags behind speed and scalability Since its initial launch in June of 2014, Kubernetes, a container orchestration system, has gradually risen in popularity over the years. One of the reasons for this growth in adoption is the increased rate of application development and ease of infrastructure scaling it provides. Another factor [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-10T18:46:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-02-26T11:51:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Cloud-native-Containers-Security-Lacework-Dan-Hubbard.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"360\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"Carlo Gutierrez\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlo Gutierrez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/\",\"name\":\"Improving Security for Kubernetes Deployments at Scale | Altoros\",\"isPartOf\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Cloud-native-Containers-Security-Lacework-Dan-Hubbard.gif\",\"datePublished\":\"2018-09-10T18:46:31+00:00\",\"dateModified\":\"2019-02-26T11:51:20+00:00\",\"author\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#primaryimage\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Cloud-native-Containers-Security-Lacework-Dan-Hubbard.gif\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Cloud-native-Containers-Security-Lacework-Dan-Hubbard.gif\",\"width\":640,\"height\":360},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.altoros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Improving Security for Kubernetes Deployments at Scale\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\",\"url\":\"https:\/\/www.altoros.com\/blog\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.altoros.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\",\"name\":\"Carlo Gutierrez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"caption\":\"Carlo Gutierrez\"},\"description\":\"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.\",\"url\":\"https:\/\/www.altoros.com\/blog\/author\/carlo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Improving Security for Kubernetes Deployments at Scale | Altoros","description":"Over 21,000 systems were found open on the Internet. Out of those, more than 300 required no authentication whatsoever to access.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/","og_locale":"en_US","og_type":"article","og_title":"Improving Security for Kubernetes Deployments at Scale | Altoros","og_description":"Security lags behind speed and scalability Since its initial launch in June of 2014, Kubernetes, a container orchestration system, has gradually risen in popularity over the years. One of the reasons for this growth in adoption is the increased rate of application development and ease of infrastructure scaling it provides. Another factor [...]","og_url":"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/","og_site_name":"Altoros","article_published_time":"2018-09-10T18:46:31+00:00","article_modified_time":"2019-02-26T11:51:20+00:00","og_image":[{"width":640,"height":360,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Cloud-native-Containers-Security-Lacework-Dan-Hubbard.gif","type":"image\/gif"}],"author":"Carlo Gutierrez","twitter_misc":{"Written by":"Carlo Gutierrez","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/","url":"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/","name":"Improving Security for Kubernetes Deployments at Scale | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Cloud-native-Containers-Security-Lacework-Dan-Hubbard.gif","datePublished":"2018-09-10T18:46:31+00:00","dateModified":"2019-02-26T11:51:20+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442"},"breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Cloud-native-Containers-Security-Lacework-Dan-Hubbard.gif","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2018\/09\/Kubernetes-Cloud-native-Containers-Security-Lacework-Dan-Hubbard.gif","width":640,"height":360},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Improving Security for Kubernetes Deployments at Scale"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442","name":"Carlo Gutierrez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","caption":"Carlo Gutierrez"},"description":"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.","url":"https:\/\/www.altoros.com\/blog\/author\/carlo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/36467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=36467"}],"version-history":[{"count":64,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/36467\/revisions"}],"predecessor-version":[{"id":41333,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/36467\/revisions\/41333"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/36551"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=36467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=36467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=36467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}