Zero-Trust: Examining Security Practices for Kubernetes
In this article, we’ll explore how users can secure Kubernetes by discussing the four essential pillars for secure access to K8s, go over how zero-trust principles can be applied to Kubernetes, and look at best practices to create and maintain end-to-end zero-trust K8s environments across data centers, public clouds, and even the edge.
The climate of today’s growing XaaS (everything a service) business model means organizations of all sizes and verticals are looking for new ways to deliver their software products faster, more efficiently, and at scale. To help meet these growing needs, many organizations are turning to Kubernetes (K8s) to take advantage of its portability, efficiency, and flexibility that is well-suited for the demands of modern IT organizations. While Kubernetes is great in terms of its ability to help organizations move more efficiently and deliver modern applications at scale, its relative newness and dynamic operating model makes it a prime candidate for security breaches if the proper safeguards are not put into place. With more and more nefarious parties constantly on the prowl for security vulnerabilities, even companies with deep experience with K8s have experienced data breaches.
So how can companies tap into the power of Kubernetes without sacrificing security? The answer for many is by turning to zero-trust principles. In this article, we’ll explore how users can secure Kubernetes by discussing the four essential pillars for secure access to K8s, go over how zero-trust principles can be applied to Kubernetes, and look at best practices to create and maintain end-to-end zero-trust K8s environments across data centers, public clouds, and even the edge.
Before we dive headfirst into how you can use zero-trust in your Kubernetes strategy, it is helpful to discuss what is meant by zero-trust security. In traditional IT network security, the most common security method is what is known as a “castle-and-moat” model, where users inside the castle are trusted by default. The issue with this approach is if a malicious party makes it inside the castle, they have access to everything inside. A zero-trust approach, on the other hand, assumes that all users, systems, and services cannot be inherently trusted and relies on authentication, authorization, and encryption that is continuously validated to ensure compliance. Think of this as protecting a medieval castle. A moat was used around the outside to prevent intruders and keep invaders far enough away. The same can be said for the multi-layer approach to security with zero-trust. By constantly vetting people coming into the castle, you can help to prevent issues before they happen.
Where to Start? Secure APIs
With an understanding of what zero-trust principles mean when it comes to IT security, how can we create zero-trust secure access for Kubernetes? First, you must understand the way K8s works. The K8s API server acts as the core of the control plane for each Kubernetes cluster. API calls are used to control the state of all the Kubernetes objects – which means that controlling access to the API is the most essential part of controlled K8s access.
The first step is to protect network traffic to and from the API server via Transport Layer Security (TLS), which helps to securely encrypt all packets sent via the API. Once this is achieved and transport is secure, Kubernetes includes all the required hooks to implement K8s zero-trust. These hooks fall into four areas to secure access to K8s.
The Four Pillars of Secure K8s Access
The four pillars that are critical to any production-grade Kubernetes environment and creating secure K8s using zero-trust principles are as follows:
With zero-trust security for Kubernetes, all users and services accounts must be authenticated before executing an API call. Fortunately, there are several security modules and plugins available for K8s that enable this, including client certificates, HTTP basic auth, bearer tokens, authentication proxy to support a variety of protocols (eg, LDAP, SAML, Kerberos), and more. It is always recommended to use multi-factor authentication for additional protection.
Not every user or administrator should be able to do every task – and this principle is key for zero-trust security. A request in K8s should only be authorized if that authenticated user has the required permissions necessary to carry out that task. That means that each request specifies the requester username, the action being requested, and what objects will be affected by the action. Similarly to authentication, there are multiple ways to achieve this in Kubernetes, namely RBAC (role-based access control) and ABAC (attribute-based access control) tied to an enterprise’s IdP solution – though most organizations choose RBAC because it can be easier to manage.
K8s admission control allows you to better manage user actions as well as implement business logic that will refine your K8s security approach. Admission controllers can provide methods that act on requests to create, modify, delete, or connect to any K8s objects. There are a variety of available admission controllers that can be used within Kubernetes, including ResourceQuota, LimitRanger, and more.
Logging and Auditing
Like any IT system, auditing is a key part of security, and this is certainly true with zero-trust principles. Kubernetes auditing capabilities allow users to monitor actions performed within a cluster, including the actions done by users, applications, and even the control plane. This, in turn, helps your company’s Kubernetes infrastructure meet existing compliance and governance policies. With Kubernetes, you also have control where events are logged, such as the local filesystem or an external logging system.
Considerations for Applying Zero-Trust to K8s
With an understanding of zero-trust principles and how they fit into Kubernetes, let’s sum up best practices to implement zero-trust for K8s. Remember to focus on the four pillars as discussed.
It all starts with securing the Kubernetes API server – inclusive of enabling TLS everywhere and using private endpoints. You should also consider using third-party authentication and closing inbound firewall rules to the API server, ensuring it is not cloaked or directly accessible from the internet.
For authentication, ensure at least two methods are used. Don’t get complacent – make sure you are rotating client certifications regularly. For authorization, enable RBAC with the least number of privileges possible. Third, make sure to enable appropriate admission controllers for your needs. Lastly, simplify analysis and comply with internal and external compliance regulations with central log aggregation and auditing.
With Zero-Trust Security, K8s is Ready for the Future
Kubernetes has made significant strides as the deployment methodology of choice for many IT organizations looking for a scalable, progressive way to meet customer demands and increase the velocity and quality of their releases. Using a zero-trust approach allows an organization to apply modern security principles to its Kubernetes environments safely and securely.