{"id":50738,"date":"2020-02-17T17:55:33","date_gmt":"2020-02-17T14:55:33","guid":{"rendered":"https:\/\/www.altoros.com\/blog\/?p=50738"},"modified":"2020-02-17T17:55:33","modified_gmt":"2020-02-17T14:55:33","slug":"ensuring-security-across-kubernetes-deployments","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/","title":{"rendered":"Ensuring Security Across Kubernetes Deployments"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#Challenges_with_security\" >Challenges with security<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#A_Kubernetes_security_checklist\" >A Kubernetes security checklist<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#Dev-to-production_security\" >Dev-to-production security<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#Want_details_Watch_the_videos\" >Want details? Watch the videos!<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#Further_reading\" >Further reading<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#About_the_experts\" >About the experts<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Challenges_with_security\"><\/span>Challenges with security<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kubernetes is one of the most adopted open-source container orchestration systems today. Organizations from cloud-native companies to banks are adopting Kubernetes on public platforms, such as Azure Kubernetes Service, Google Kubernetes Engine, etc.<\/p>\n<div id=\"attachment_50746\" style=\"width: 130px\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Amir-Ofek.jpg\"><img decoding=\"async\" aria-describedby=\"caption-attachment-50746\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Amir-Ofek-150x150.jpg\" alt=\"\" width=\"120\" class=\"size-thumbnail wp-image-50746\" \/><\/a><p id=\"caption-attachment-50746\" class=\"wp-caption-text\"><small>Amir Ofek<\/small><\/p><\/div>\n<p>In an <a href=\"https:\/\/www.youtube.com\/watch?v=FcyAseNT9ws\" rel=\"noopener noreferrer\" target=\"_blank\">interview<\/a> with TechCrunch, <a href=\"https:\/\/www.linkedin.com\/in\/amirofek\/\" rel=\"noopener noreferrer\" target=\"_blank\">Amir Ofek<\/a>, CEO at Alcide, noted that while the flexibility of Kubernetes enables DevOps to have a much easier time building their clouds, it also opens up plenty of gaps in security.<\/p>\n<blockquote><p>&#8220;In Kubernetes, it is quite simple for hackers to take control of your account. It is a very open infrastructure as it was intended to be, but that is what hackers are also taking advantage of.&#8221; \u2014Amir Ofek, Alcide<\/p><\/blockquote>\n<div id=\"attachment_50747\" style=\"width: 130px\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Gadi-Naor.jpg\"><img decoding=\"async\" aria-describedby=\"caption-attachment-50747\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Gadi-Naor-150x150.jpg\" alt=\"\" width=\"120\" class=\"size-thumbnail wp-image-50747\" \/><\/a><p id=\"caption-attachment-50747\" class=\"wp-caption-text\"><small>Gadi Naor<\/small><\/p><\/div>\n<p>According to <a href=\"https:\/\/www.linkedin.com\/in\/gadinaor\/\" rel=\"noopener noreferrer\" target=\"_blank\">Gadi Naor<\/a>, CTO at Alcide, Kubernetes out-of-the-box is optimized to make things work, but not necessarily to work in a secure manner. During a Kubernetes <a href=\"https:\/\/www.meetup.com\/Silicon-Valley-Cloud-Native-and-Kubernetes-Meetup\/events\/265530711\/?isFirstPublish=true\" rel=\"noopener noreferrer\" target=\"_blank\">meetup<\/a> last December, Gadi highlighted some of the problems and challenges in security.<\/p>\n<ul>\n<li style=\"margin-bottom: 6px;\">When running images in Kubernetes, how can we be certain that we are not running images with malicious code embedded in them?<\/li>\n<li style=\"margin-bottom: 6px;\">How can we ensure that containers running in Kubernetes are configured properly?<\/li>\n<li style=\"margin-bottom: 6px;\">How do we prevent tainted continuous integration (CI)\/continuous delivery (CD) deployments?<\/li>\n<li>Is it possible to scan Kubernetes deployments for potential security vulnerabilities?<\/li>\n<\/ul>\n<blockquote><p>&#8220;Kubernetes is a very sophisticated and well architected piece of software. It enables a lot of flexibility on how you run, scale, and orchestrate things, but it requires a relatively good understanding of Kubernetes itself.&#8221; \u2014Gadi Naor, Alcide<\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"A_Kubernetes_security_checklist\"><\/span>A Kubernetes security checklist<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Similar to any other software, Kubernetes can become vulnerable due to misconfiguration. During the meetup, Gadi provided some guidelines for securing the different layers in Kubernetes deployments.<\/p>\n<ul>\n<li style=\"margin-bottom: 6px;\"><strong>Istio control plane<\/strong>. Make sure the resources being deployed to <a href=\"https:\/\/www.altoros.com\/blog\/using-istio-to-unify-microservices-with-a-service-mesh-on-kubernetes\/\">Istio<\/a> go through certain assertions (e.g., in Istio, each service being deployed should have mutual transport layer security enabled by the configuration).<\/li>\n<li style=\"margin-bottom: 6px;\"><strong>Kubernetes control plane<\/strong>. Configure who should and should not have access to the API server.<\/li>\n<li style=\"margin-bottom: 6px;\"><strong>Worker nodes<\/strong>. Make sure that all the worker nodes are running the latest patches.<\/li>\n<li style=\"margin-bottom: 6px;\"><strong>Cluster infrastructure<\/strong>. Use annotations to configure the underlying cloud provider (e.g., when spinning up load balancing services, which expose the cluster to the outside world, you can place annotations on the service resource, and it will tweak how the load balancer is going to be provisioned).<\/li>\n<li><strong>Workloads<\/strong>. Create a whitelist for privileged workloads that require access to the underlying host.<\/li>\n<\/ul>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Istio-Hygiene.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Istio-Hygiene-1024x576.png\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-50749\" \/><\/a><small> Configure security at different layers (<a href=\"https:\/\/www.slideshare.net\/secret\/6XER5MDlLj5bv2\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>In addition to the above-mentioned guidelines, Gadi added a more conclusive list of security best practices and compliance checks for Kubernetes deployments.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-security-compliance-checks.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-security-compliance-checks-1024x576.png\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-50833\" \/><\/a><small>Security and compliance checklist (<a href=\"https:\/\/www.slideshare.net\/secret\/6XER5MDlLj5bv2\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<p>With such an extensive scope of best practices and compliance checks, Gadi advises prioritizing the registry whitelist, as this can minimize the damage to a cluster in case of a security breach.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Image-whitelisting.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Image-whitelisting-1024x576.png\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-50780\" \/><\/a><small>Image whitelisting prevents containers from running in the privileged mode (<a href=\"https:\/\/www.slideshare.net\/secret\/6XER5MDlLj5bv2\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<blockquote><p>&#8220;If I were to prioritize, I would start with the registry whitelist to make sure that things are not running privileged. It is paramount to ensure that even if there is an application breach, the damage in under control.&#8221; \u2014Gadi Naor, Alcide<\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Dev-to-production_security\"><\/span>Dev-to-production security<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To minimize the effort needed to secure Kubernetes deployments, Alcide developed a <a href=\"https:\/\/www.alcide.io\/\" rel=\"noopener noreferrer\" target=\"_blank\">security platform<\/a>, which delivers guardrails for DevOps, as well as ongoing threat detection and protection for security teams.<\/p>\n<p>The solution includes three modules. The first is <strong>Advisor<\/strong>, a multi-cluster vulnerability scanner, which provides:<\/p>\n<ul>\n<li style=\"margin-bottom: 6px;\">snapshots of the cluster&#8217;s risks and hygiene, as well as a detailed list of misconfigurations<\/li>\n<li style=\"margin-bottom: 6px;\">detection of drifts and noise reduction by putting an emphasis on the cluster hygiene delta<\/li>\n<li>real-time prevention of misconfigurations and blocking tainted CI\/CD pipelines<\/li>\n<\/ul>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-Advisor-dashboard.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-Advisor-dashboard-1024x514.png\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-50835\" \/><\/a><small>The Alcide Advisor dashboard (<a href=\"https:\/\/aws.amazon.com\/blogs\/apn\/driving-continuous-security-and-configuration-checks-for-amazon-eks-with-alcide-advisor\/\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center> <\/p>\n<p>The next module, <strong>Runtime<\/strong>, embeds security and compliance policies into microservices. Runtime also enables behavioral-based anomaly detection to protect your clusters against attacks that are either overlooked or undetected by traditional layers of security.<\/p>\n<p>Lastly, <strong>kAudit<\/strong> identifies anomalous Kubernetes behavior by analyzing audit logs. In this manner, it is able to detect issues, such as security policy violations, RBAC misconfigurations, and vulnerability exploits in the Kubernetes API server.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-Advisor-scan.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-Advisor-scan-1024x576.png\" alt=\"\" width=\"640\" class=\"aligncenter size-large wp-image-50789\" \/><\/a><small>Alcide scans from CD to production audit logs (<a href=\"https:\/\/www.slideshare.net\/secret\/6XER5MDlLj5bv2\" rel=\"noopener noreferrer\" target=\"_blank\">Image credit<\/a>)<\/small><\/center><\/p>\n<blockquote><p>&#8220;We scan all of the designs in the CD stage and flag out any security issues in violation of predefined policies. When you move into production, we monitor all of the logs within the Kubernetes infrastructure. We also provide a service that protects all of the microservices, such as firewalls for your workloads.&#8221; \u2014Amir Ofek, Alcide<\/p><\/blockquote>\n<p>To learn more about how to use Alcide, check out the <a href=\"https:\/\/codelab.alcide.io\/\" rel=\"noopener noreferrer\" target=\"_blank\">project&#8217;s tutorials<\/a>. Additionally, more information about how to secure clusters is available in the <a href=\"https:\/\/kubernetes.io\/docs\/tasks\/administer-cluster\/securing-a-cluster\/\" rel=\"noopener noreferrer\" target=\"_blank\">Kubernetes official documentation<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Want_details_Watch_the_videos\"><\/span>Want details? Watch the videos!<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><small>In this video, <a href=\"https:\/\/www.linkedin.com\/in\/gadinaor\/\" rel=\"noopener noreferrer\" target=\"_blank\">Gadi Naor<\/a> provides best practices for securing Kubernetes deployments.<\/small><\/p>\n<div class=\"video-block\">\n<div class=\"video-block-wrap\">\n        <script charset=\"ISO-8859-1\" src=\"\/\/fast.wistia.com\/assets\/external\/E-v1.js\" async><\/script><\/p>\n<div class=\"wistia_embed wistia_async_j1umlv70n0\" style=\"height:320px;width:440px\"><\/div>\n<\/p><\/div>\n<div class=\"video-block-descr\">\n        <strong>Table of contents<\/strong><\/p>\n<ol>\n<li>What is Alcide? (<a href=\"#wistia_j1umlv70n0?time=126\">2&#8217;06&#8221;<\/a>)<\/li>\n<li>What is image whitelisting? (<a href=\"#wistia_j1umlv70n0?time=280\">4&#8217;40&#8221;<\/a>)<\/li>\n<li>Configuring Istio and Kubernetes (<a href=\"#wistia_j1umlv70n0?time=377\">6&#8217;17&#8221;<\/a>)<\/li>\n<li>Why should security begin with CD? (<a href=\"#wistia_j1umlv70n0?time=976\">16&#8217;16&#8221;<\/a>)<\/li>\n<li>Why is hygiene automation important? (<a href=\"#wistia_j1umlv70n0?time=1222\">20&#8217;22&#8221;<\/a>)<\/li>\n<li>Security and compliance best practices (<a href=\"#wistia_j1umlv70n0?time=1370\">22&#8217;50&#8221;<\/a>)<\/li>\n<li>Questions and answers (<a href=\"#wistia_j1umlv70n0?time=1528\">25&#8217;28&#8221;<\/a>)<\/li>\n<\/ol><\/div>\n<\/div>\n<p>&nbsp;<br \/>\n<small>Below are Gadi&#8217;s slides from the meetup.<\/small><\/p>\n<p><center><iframe loading=\"lazy\" src=\"\/\/www.slideshare.net\/slideshow\/embed_code\/key\/3xm9KkYRf7bEwV\" width=\"595\" height=\"485\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" style=\"border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;\" allowfullscreen> <\/iframe><\/center><\/p>\n<p>&nbsp;<br \/>\n<small>In this video, <a href=\"https:\/\/www.linkedin.com\/in\/amirofek\/\" rel=\"noopener noreferrer\" target=\"_blank\">Amir Ofek<\/a> explains how Alcide provides security for Kubernetes.<\/small><\/p>\n<p><center><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/FcyAseNT9ws\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe><\/center><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Further_reading\"><\/span>Further reading<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/tips-for-implementing-shift-left-security-on-kubernetes\/\">Tips for Implementing Shift-Left Security on Kubernetes<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/improving-security-for-kubernetes-deployments-at-scale\/\">Improving Security for Kubernetes Deployments at Scale<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/rule-driven-automation-on-kubernetes-with-autopilot-monitoring\/\">Rule-Driven Automation on Kubernetes with Autopilot Monitoring<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"About_the_experts\"><\/span>About the experts<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div>\n<div style=\"float: right;\"><a href=\"https:\/\/www.linkedin.com\/in\/gadinaor\/\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Gadi-Naor-bio.png\" alt=\"\" width=\"120\" class=\"aligncenter size-full wp-image-50803\" \/><\/a><\/div>\n<div style=\"width: 600px;\"><small><a href=\"https:\/\/www.linkedin.com\/in\/gadinaor\/\" rel=\"noopener noreferrer\" target=\"_blank\">Gadi Naor<\/a> is CTO at Alcide. He has 18 years of engineering experience from kernel-based development through leading development of cybersecurity products. Gadi is a cloud security professional with extensive experience working with firewalls, VPNs, kernels, hypervisors, crypto, security at scale, and APIs. He helps companies with the complexity of cloud operations and data centers in a meaningful way.<\/small><\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<div>\n<div style=\"float: right;\"><a href=\"https:\/\/www.linkedin.com\/in\/amirofek\/\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Amir-Ofek-bio.png\" alt=\"\" width=\"120\" class=\"aligncenter size-full wp-image-50804\" \/><\/a><\/div>\n<div style=\"width: 600px;\"><small><a href=\"https:\/\/www.linkedin.com\/in\/amirofek\/\" rel=\"noopener noreferrer\" target=\"_blank\">Amir Ofek<\/a> is CEO at Alcide. He has over 20 years of experience in the high tech industry. Prior to Alcide, Amir was President and CEO at CyberInt, where he led the company\u2019s fast growth in the cybersecurity MDR space. Before, he worked at Amdocs, where Amir served as VP Client Business Executive for the SingTel Group, based in Singapore, and as Chief of Staff of the Amdocs CEO.<\/small><\/div>\n<\/div>\n<hr\/>\n<p><center><small>This blog post was written by <a href=\"https:\/\/www.altoros.com\/blog\/author\/carlo\/\">Carlo Gutierrez<\/a> and edited by <a href=\"https:\/\/www.altoros.com\/blog\/author\/sophie.turol\/\">Sophia Turol<\/a>.<\/small><\/center><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Challenges with security<\/p>\n<p>Kubernetes is one of the most adopted open-source container orchestration systems today. Organizations from cloud-native companies to banks are adopting Kubernetes on public platforms, such as Azure Kubernetes Service, Google Kubernetes Engine, etc.<\/p>\n<p id=\"caption-attachment-50746\" class=\"wp-caption-text\">Amir Ofek<\/p>\n<p>In an interview with TechCrunch, Amir Ofek, CEO at Alcide, noted that while [&#8230;]<\/p>\n","protected":false},"author":32,"featured_media":50837,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[7],"tags":[873,912],"class_list":["post-50738","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-opinion","tag-cloud-native","tag-kubernetes"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Ensuring Security Across Kubernetes Deployments | Altoros<\/title>\n<meta name=\"description\" content=\"Misconfigurations may cause Kubernetes to be vulnerable. Learn which best practices and compliance checks are essential to securing your clusters.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ensuring Security Across Kubernetes Deployments | Altoros\" \/>\n<meta property=\"og:description\" content=\"Challenges with security Kubernetes is one of the most adopted open-source container orchestration systems today. Organizations from cloud-native companies to banks are adopting Kubernetes on public platforms, such as Azure Kubernetes Service, Google Kubernetes Engine, etc. Amir Ofek In an interview with TechCrunch, Amir Ofek, CEO at Alcide, noted that while [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-17T14:55:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-dev-to-production-security-v2.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"360\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"Carlo Gutierrez\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Carlo Gutierrez\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/\",\"name\":\"Ensuring Security Across Kubernetes Deployments | Altoros\",\"isPartOf\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-dev-to-production-security-v2.gif\",\"datePublished\":\"2020-02-17T14:55:33+00:00\",\"author\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#primaryimage\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-dev-to-production-security-v2.gif\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-dev-to-production-security-v2.gif\",\"width\":640,\"height\":360},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.altoros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ensuring Security Across Kubernetes Deployments\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\",\"url\":\"https:\/\/www.altoros.com\/blog\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.altoros.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442\",\"name\":\"Carlo Gutierrez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg\",\"caption\":\"Carlo Gutierrez\"},\"description\":\"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.\",\"url\":\"https:\/\/www.altoros.com\/blog\/author\/carlo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ensuring Security Across Kubernetes Deployments | Altoros","description":"Misconfigurations may cause Kubernetes to be vulnerable. Learn which best practices and compliance checks are essential to securing your clusters.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/","og_locale":"en_US","og_type":"article","og_title":"Ensuring Security Across Kubernetes Deployments | Altoros","og_description":"Challenges with security Kubernetes is one of the most adopted open-source container orchestration systems today. Organizations from cloud-native companies to banks are adopting Kubernetes on public platforms, such as Azure Kubernetes Service, Google Kubernetes Engine, etc. Amir Ofek In an interview with TechCrunch, Amir Ofek, CEO at Alcide, noted that while [...]","og_url":"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/","og_site_name":"Altoros","article_published_time":"2020-02-17T14:55:33+00:00","og_image":[{"width":640,"height":360,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-dev-to-production-security-v2.gif","type":"image\/gif"}],"author":"Carlo Gutierrez","twitter_misc":{"Written by":"Carlo Gutierrez","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/","url":"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/","name":"Ensuring Security Across Kubernetes Deployments | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-dev-to-production-security-v2.gif","datePublished":"2020-02-17T14:55:33+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442"},"breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-dev-to-production-security-v2.gif","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2020\/02\/Kubernetes-Alcide-dev-to-production-security-v2.gif","width":640,"height":360},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/ensuring-security-across-kubernetes-deployments\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Ensuring Security Across Kubernetes Deployments"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/833e109f77de753b2b472dca0236b442","name":"Carlo Gutierrez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2021\/02\/CG_portrait-2-96x96.jpg","caption":"Carlo Gutierrez"},"description":"Carlo Gutierrez is a Technical Writer at Altoros. As part of the editorial team, his focus has been on emerging technologies such as Cloud Foundry, Kubernetes, blockchain, and the Internet of Things. Prior to Altoros, he primarily wrote about enterprise and consumer technology. Carlo has over 12 years of experience in the publishing industry. Previously, he served as an Editor for PC World Philippines and Questex Asia, as well as a Designer for Tropa Entertainment.","url":"https:\/\/www.altoros.com\/blog\/author\/carlo\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/50738","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=50738"}],"version-history":[{"count":63,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/50738\/revisions"}],"predecessor-version":[{"id":50949,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/50738\/revisions\/50949"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/50837"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=50738"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=50738"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=50738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}