{"id":41287,"date":"2019-02-26T20:08:10","date_gmt":"2019-02-26T17:08:10","guid":{"rendered":"https:\/\/www.altoros.com\/blog\/?p=41287"},"modified":"2019-02-28T14:29:35","modified_gmt":"2019-02-28T11:29:35","slug":"tips-for-implementing-shift-left-security-on-kubernetes","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/","title":{"rendered":"Tips for Implementing Shift-Left Security on Kubernetes"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#Security_on_both_sides\" >Security on both sides<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#Security_in_Kubernetes\" >Security in Kubernetes<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#Security_best_practices\" >Security best practices<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#Want_details_Watch_the_video\" >Want details? Watch the video!<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#Further_reading\" >Further reading<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#About_the_expert\" >About the expert<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Security_on_both_sides\"><\/span>Security on both sides<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In the past, when the monolithic architecture was commonplace, software development teams tended to stick to the waterfall model in their work. While this approach was simple\u2014as it enabled teams to develop software gradually per level\u2014it also meant security and testing were postponed until the very end of development. Often, this would lead to unexpected bugs and problems, which could delay deployment.<\/p>\n<p>Now, with the microservices architecture becoming the new standard and with more and more teams adopting agile methods, security and testing are being moved earlier in the software development life cycle. This approach, called <a href=\"https:\/\/en.wikipedia.org\/wiki\/Shift_left_testing\" rel=\"noopener noreferrer\" target=\"_blank\">shift-left testing<\/a>, resolves the issues that were frequent when security and testing were delayed.<\/p>\n<p>At a recent <a href=\"https:\/\/www.meetup.com\/Silicon-Valley-Cloud-Native-and-Kubernetes-Meetup\/events\/257399970\/\" rel=\"noopener noreferrer\" target=\"_blank\">Kubernetes meetup<\/a> in Santa Clara, <a href=\"https:\/\/www.linkedin.com\/in\/gunjanpatel1\/\" rel=\"noopener noreferrer\" target=\"_blank\">Gunjan Patel<\/a> of Palo Alto Networks provided recommendations to enhance security in Kubernetes on both left and right.<\/p>\n<blockquote><p><em>&#8220;Security should not be an afterthought, especially in the microservices world. It has to go hand-in-hand with development.&#8221; \u2014Gunjan Patel, Palo Alto Networks<\/em><\/p><\/blockquote>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-gunjan-patel-v1.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-gunjan-patel-v1.jpg\" alt=\"\" width=\"640\" class=\"aligncenter size-full wp-image-41305\" \/><\/a><small>Gunjan Patel at the meetup in Santa Clara<\/small><\/center><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Security_in_Kubernetes\"><\/span>Security in Kubernetes<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kubernetes provides security across different stages of development. Security measures enabled by default include logging, OS hardening, and least privilege. Still, other security measures are quite easy to implement:<\/p>\n<ul>\n<li>role-based access control (RBAC)<\/li>\n<li>image scanning<\/li>\n<li>network policies<\/li>\n<\/ul>\n<p>There are also security efforts that require a bit more work before they can be enabled:<\/p>\n<ul>\n<li>secure computing mode (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Seccomp\" rel=\"noopener noreferrer\" target=\"_blank\">seccomp<\/a>)<\/li>\n<li>security-enhanced Linux (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Security-Enhanced_Linux\" rel=\"noopener noreferrer\" target=\"_blank\">SELinux<\/a>)<\/li>\n<li>pod security policies<\/li>\n<li>kernel exploits<\/li>\n<li>container escapes<\/li>\n<li>application policies<\/li>\n<\/ul>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-concepts.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-concepts.png\" alt=\"\" width=\"640\" class=\"aligncenter size-full wp-image-41318\" \/><\/a><small>Breakdown of Kubernetes security concepts (<a href=\"https:\/\/www.slideshare.net\/secret\/JtrVvDcFjV3Q49\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>Although it takes some work to get all of these security measures up and running, having them all provides Kubernetes with security on the left and the right.<\/p>\n<blockquote><p><em>&#8220;Ultimately, it&#8217;s not just about shifting left. Shifting left is really important, but is should be shifting left and right.&#8221; \u2014Gunjan Patel, Palo Alto Networks<\/em><\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Security_best_practices\"><\/span>Security best practices<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Gunjan provided some security tips that would cover both left and right. While his pieces of advice work for Kubernetes, they can also be considered platform-agnostic. He listed the following guidelines for improving security across the board.<\/p>\n<p>Securing the build pipeline:<\/p>\n<ul style=\"margin-top:0x;\">\n<li>verify the source of your images<\/li>\n<li>use official base images<\/li>\n<li>lock down access to the image registry<\/li>\n<li>scan container image layers for common vulnerabilities and exposures<\/li>\n<li style=\"margin-bottom: 20px;\">automatically tag vulnerable images from running in certain clusters<\/li>\n<\/ul>\n<p>Improving network security:<\/p>\n<ul style=\"margin-top:0;\">\n<li>secure the services exposed to the Internet using a firewall<\/li>\n<li>use <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/services-networking\/network-policies\/\" rel=\"noopener noreferrer\" target=\"_blank\">network policies<\/a> to lock down the L3\/4 networks<\/li>\n<li>create granular L7 policies using a service mesh, such as <a href=\"https:\/\/www.altoros.com\/blog\/using-istio-to-unify-microservices-with-a-service-mesh-on-kubernetes\/\">Istio<\/a><\/li>\n<li style=\"margin-bottom: 20px;\">employ mutual TLS (mTLS) to authenticate containerized workloads<\/li>\n<\/ul>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-description.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-description.png\" alt=\"\" width=\"640\" class=\"aligncenter size-full wp-image-41373\" \/><\/a><small>Shift left is about early detection and prevention of bugs and vulnerabilities (<a href=\"https:\/\/www.slideshare.net\/secret\/JtrVvDcFjV3Q49\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>Securing the host:<\/p>\n<ul style=\"margin-top:0;\">\n<li>run secure operating systems, such as <a href=\"https:\/\/cloud.google.com\/container-optimized-os\/docs\" rel=\"noopener noreferrer\" target=\"_blank\">container-optimized OS<\/a><\/li>\n<li>exploit seccomp to restrict system calls that containers are allowed to make<\/li>\n<li style=\"margin-bottom: 20px;\">utilize SELinux to further isolate containers<\/li>\n<\/ul>\n<p>In securing container runtimes, Gunjan recommended making sure the security configuration spans across container runtimes, especially if the environment has multiple container runtimes in the cluster.<\/p>\n<p>He also advised implementing admission controls by using policies to restrict which containers can run, such as non-privileged containers, containers that don&#8217;t need write access to the file system, and containers that don&#8217;t need certain system calls.<\/p>\n<p>Since there are multiple cloud providers that support Kubernetes, Gunjan emphasized the need to identify and understand the version of orchestrator and container runtime components your cloud provider is running by default. If some components have been modified from their open-source versions, you should also track them.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-container-infrastructure.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-container-infrastructure.png\" alt=\"\" width=\"640\" class=\"aligncenter size-full wp-image-41368\" \/><\/a><small>Container infrastructure security (<a href=\"https:\/\/www.slideshare.net\/secret\/JtrVvDcFjV3Q49\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>Finally, he provided additional guidelines for securing the orchestrator:<\/p>\n<ul style=\"margin-top:0;\">\n<li>manage orchestrator API access using RBAC and network policies<\/li>\n<li>be aware of running third-party plugins and what access they have<\/li>\n<li>maintain access to the orchestrator control plane APIs from third-party plugins using RBAC and <a href=\"https:\/\/kubernetes.io\/docs\/reference\/access-authn-authz\/service-accounts-admin\/\" rel=\"noopener noreferrer\" target=\"_blank\">service accounts<\/a><\/li>\n<\/ul>\n<p>The orchestrator configuration can also be secured by making sure it is always validated by a security system. Changes to the configuration should also go through a change and review process.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-gunjan-patel-v2.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-gunjan-patel-v2.jpg\" alt=\"\" width=\"640\" class=\"aligncenter size-full wp-image-41326\" \/><\/a><\/center><\/p>\n<blockquote><p><em>&#8220;The thing that is pushing us more and more towards left and right is the cloud. You&#8217;re not managing everything in the stack, and you shouldn&#8217;t.&#8221; \u2014Gunjan Patel, Palo Alto Networks<\/em><\/p><\/blockquote>\n<p>As previously mentioned, Kubernetes provides certain security measures by default. With Gunjan&#8217;s suggestions, Kubernetes users can further improve the security of their clusters from both the left and the right.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Want_details_Watch_the_video\"><\/span>Want details? Watch the video!<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div class=\"video-block\">\n<div class=\"video-block-wrap\">\n        <script charset=\"ISO-8859-1\" src=\"\/\/fast.wistia.com\/assets\/external\/E-v1.js\" async><\/script><\/p>\n<div class=\"wistia_embed wistia_async_gny3aos3a8\" style=\"height:320px;width:440px\"><\/div>\n<\/p><\/div>\n<div class=\"video-block-descr\">\n        <strong>Table of contents<\/strong><\/p>\n<ol>\n<li>What is shift left? (<a href=\"#wistia_gny3aos3a8?time=308\">5&#8217;08&#8221;<\/a>)<\/li>\n<li>How has containers changed software development? (<a href=\"#wistia_gny3aos3a8?time=570\">9&#8217;30&#8221;<\/a>)<\/li>\n<li>Security measures in Kubernetes (<a href=\"#wistia_gny3aos3a8?time=920\">15&#8217;20&#8221;<\/a>)<\/li>\n<li>Security best practices for Kubernetes (<a href=\"#wistia_gny3aos3a8?time=1064\">17&#8217;44&#8221;<\/a>)<\/li>\n<li>How can Istio help? (<a href=\"#wistia_gny3aos3a8?time=1636\">27&#8217;16&#8221;<\/a>)<\/li>\n<li>Demo of using Istio (<a href=\"#wistia_gny3aos3a8?time=1725\">28&#8217;45&#8221;<\/a>)<\/li>\n<li>Questions and answers (<a href=\"#wistia_gny3aos3a8?time=2018\">33&#8217;38&#8221;<\/a>)<\/li>\n<\/ol><\/div>\n<\/div>\n<p>&nbsp;<br \/>\n<small>These are the slides from the session.<\/small><\/p>\n<p><center><iframe loading=\"lazy\" src=\"https:\/\/www.slideshare.net\/slideshow\/embed_code\/key\/JtrVvDcFjV3Q49\" width=\"427\" height=\"356\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" style=\"border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;\" allowfullscreen> <\/iframe><\/center><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Further_reading\"><\/span>Further reading<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/\">Improving Security for Kubernetes Deployments at Scale<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/integrating-calico-and-istio-to-secure-zero-trust-networks-on-kubernetes\/\">Integrating Calico and Istio to Secure Zero-Trust Networks on Kubernetes<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/using-istio-to-unify-microservices-with-a-service-mesh-on-kubernetes\/\">Using Istio to Unify Microservices with a Service Mesh on Kubernetes<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"About_the_expert\"><\/span>About the expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div>\n<div style=\"float: right;\"><a href=\"https:\/\/www.linkedin.com\/in\/gunjanpatel1\/\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Gunjan-Patel-bio.png\" alt=\"\" width=\"120\" class=\"aligncenter size-full wp-image-41323\" \/><\/a><\/div>\n<div style=\"width: 600px;\"><small><a href=\"https:\/\/www.linkedin.com\/in\/gunjanpatel1\/\" rel=\"noopener noreferrer\" target=\"_blank\">Gunjan Patel<\/a> is Cloud Architect in the Developer Relations team at Palo Alto Networks. Prior to that, he served as a developer at Tigera, working on container networking and security projects\u2014such as Project Calico, flannel, and CNI. Before that, Gunjan worked at Ciena and Cisco. He is part of the core team at GoBridge\u2014an organization that helps underrepresented groups in the Go community. Gunjan is also the organizer of the Go Remote Meetup group.<\/small><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Security on both sides<\/p>\n<p>In the past, when the monolithic architecture was commonplace, software development teams tended to stick to the waterfall model in their work. While this approach was simple\u2014as it enabled teams to develop software gradually per level\u2014it also meant security and testing were postponed until the very end [&#8230;]<\/p>\n","protected":false},"author":32,"featured_media":41372,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[214],"tags":[873,912],"class_list":["post-41287","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","tag-cloud-native","tag-kubernetes"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Tips for Implementing Shift-Left Security on Kubernetes | Altoros<\/title>\n<meta name=\"description\" content=\"Learn how to achieve better security in Kubernetes across the networks, build pipelines, hosts, container runtimes, admission control, etc.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Tips for Implementing Shift-Left Security on Kubernetes | Altoros\" \/>\n<meta property=\"og:description\" content=\"Security on both sides In the past, when the monolithic architecture was commonplace, software development teams tended to stick to the waterfall model in their work. While this approach was simple\u2014as it enabled teams to develop software gradually per level\u2014it also meant security and testing were postponed until the very end [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-26T17:08:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-02-28T11:29:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-Gunjan-Patel-v3.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"360\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"Carlo Gutierrez\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlo Gutierrez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/\",\"name\":\"Tips for Implementing Shift-Left Security on Kubernetes | Altoros\",\"isPartOf\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-Gunjan-Patel-v3.gif\",\"datePublished\":\"2019-02-26T17:08:10+00:00\",\"dateModified\":\"2019-02-28T11:29:35+00:00\",\"author\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#primaryimage\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-Gunjan-Patel-v3.gif\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-Gunjan-Patel-v3.gif\",\"width\":640,\"height\":360},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.altoros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tips for Implementing Shift-Left Security on Kubernetes\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\",\"url\":\"https:\/\/www.altoros.com\/blog\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.altoros.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\",\"name\":\"Carlo Gutierrez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"caption\":\"Carlo Gutierrez\"},\"description\":\"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.\",\"url\":\"https:\/\/www.altoros.com\/blog\/author\/carlo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Tips for Implementing Shift-Left Security on Kubernetes | Altoros","description":"Learn how to achieve better security in Kubernetes across the networks, build pipelines, hosts, container runtimes, admission control, etc.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/","og_locale":"en_US","og_type":"article","og_title":"Tips for Implementing Shift-Left Security on Kubernetes | Altoros","og_description":"Security on both sides In the past, when the monolithic architecture was commonplace, software development teams tended to stick to the waterfall model in their work. While this approach was simple\u2014as it enabled teams to develop software gradually per level\u2014it also meant security and testing were postponed until the very end [...]","og_url":"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/","og_site_name":"Altoros","article_published_time":"2019-02-26T17:08:10+00:00","article_modified_time":"2019-02-28T11:29:35+00:00","og_image":[{"width":640,"height":360,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-Gunjan-Patel-v3.gif","type":"image\/gif"}],"author":"Carlo Gutierrez","twitter_misc":{"Written by":"Carlo Gutierrez","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/","url":"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/","name":"Tips for Implementing Shift-Left Security on Kubernetes | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-Gunjan-Patel-v3.gif","datePublished":"2019-02-26T17:08:10+00:00","dateModified":"2019-02-28T11:29:35+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442"},"breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-Gunjan-Patel-v3.gif","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2019\/02\/Kubernetes-security-shift-left-Gunjan-Patel-v3.gif","width":640,"height":360},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Tips for Implementing Shift-Left Security on Kubernetes"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442","name":"Carlo Gutierrez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","caption":"Carlo Gutierrez"},"description":"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.","url":"https:\/\/www.altoros.com\/blog\/author\/carlo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/41287","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=41287"}],"version-history":[{"count":58,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/41287\/revisions"}],"predecessor-version":[{"id":41433,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/41287\/revisions\/41433"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/41372"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=41287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=41287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=41287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}