Beware: The Kubernetes Security Nightmare

Table of Contents

Security breaches are what nightmares are made of. You probably have your own ‘nightmares’ that come to mind. Tesla was hacked because their Kubernetes administrative console was not password protected. In another incident, Capital One left their AWS firewall definitions too lax and 30GB of credit application data (affecting 106 million customers) was exposed. Aside from implementing Kubernetes itself, the single most important consideration is security.  

Roughly 60% of Kubernetes security breaches are due to misconfiguration

State of Kubernetes Security 2021

Security is as complex as it is important. The expertise that’s needed to manage your security needs effectively is considerable, and poses to overwhelm your teams and the amount of effort you can feed it. 

It’s a big subject but, reduced to its simplest form, managed Kubernetes can be broken into five security layers: 

  1. The provider (AWS, GCP or Azure)
  2. The managed Kubernetes offering from the provider (EKS, GKE or AKS)
  3. The Kubernetes release itself
  4. Virtual machines (VMs)
  5. Containers
wayfinder security guardrails 1

Each layer has its own security definitions and configurations and needs to be managed properly to make sure it works with the other layers.  There are best practices to consider for each layer individually as well.

When you start dealing with multiple cloud vendors, more complications start to arise. The security definitions on Azure have some similarities with definitions on Google Cloud Platform (GCP) or Amazon Web Services (AWS), but they are not the same.  Knowing how to build a cluster on EKS does not guarantee you can easily tackle standing up a secure AKS cluster. From a security perspective, supporting multiple providers will magnify operational pain because of the diversity of expertise needed.

Simplify security from the start 

wayfinder guardrails diagrams 02 1

Appvia Wayfinder simplifies security configuration by implementing a predefined set of options. It sits on top of the provider’s interface, understands the different security configurations and fulfills best practices across all of the layers mentioned above.  

About Appvia

Appvia enables businesses to solve complex cloud challenges with products and services that make Kubernetes secure, cost-effective and scalable.

Our founders have worked with Kubernetes in highly regulated, highly secure environments since 2016, contributing heavily to innovative projects such as Kops and fully utilizing Kubernetes ahead of the curve. We’ve mastered Kubernetes, and experienced its complexities, so our customers don’t have to. 

Share this article
profile-112x112-crop-1 (6)
Tennis Smith
Tennis has spent over 40 years in the business, starting from a stint in the US Air Force he’s worked in various capacities from equipment installation, software QA, app development and DevOps. During his 30 years in Silicon Valley, he worked for the likes of Apple, Cisco and Visa International. On the personal front, he’s been married for 25 years, is an enthusiastic martial artist and spends too much money on his cats.

The podcast that takes a lighthearted look at the who, what, when, where, why, how and OMGs of cloud computing

Related insights

Managing Kubernetes Secrets with HashiCorp Vault vs. Azure Key Vault Keeping secrets secure...
Namespaces are a vital feature of Kubernetes. They allow you to separate uniquely named...
DevOps teams have rapidly adopted Kubernetes as the standard way to deploy and...
Once you start working with Kubernetes, it’s natural to think about how you...
Self-service of cloud resources Kubernetes has been brilliant at delivering an ecosystem for...
Pods, deployments, and services are just some of the concepts that you need to understand in...
Last week I published a blog, “How to spot gaps in your Public Cloud...
Breaking down the core areas that you should be aware of when considering...
5 tips to help you manage more with less Not every manager of...
Public cloud has provided huge benefits in getting infrastructure and services to people...
This is the story of how three Appvia Engineers contributed so much to...
Overview The UK Home Office is a large government organisation, whose projects and...