What is the importance of using Kubernetes in a Cloud environment? And what are the security practices that we need to apply for this context?
There are resources in Aws, Google and Azure public cloud providers for access availability and stability. In addition, Kubernetes technology provides benefits in automating deployments, managing and scaling applications.
However, this scenario needs security practices . In this sense, we can reflect: Is the Cloud Provider only responsible for all security? There is a concept called Shared Responsibility model which defines that the Cloud Provider customer also needs to be careful with security practices.
Explore the topic of cloud native applications through this article.
Figure 1: Shared responsibility model
In Figure 1, it is possible to see that a Cloud customer is responsible for security at various points in this scenario, therefore it has challenges and security practices to avoid this . At this article, we bring this study case related to a Kubernetes scenario, that show for us some security challenges and precautions to minimize threats to the following scenario.
Figure 2: Example Kubernetes environment
In Figure 2 we can see the following technologies:
- Terraform to create and destroy Deploys
- Git Actions for CI/CD.
- Docker to build the Image
- Kubernetes to orchestrate containers
- A Multi-Cloud Provider scenario for cost reduction and contingency.
For this article we used an IaaS scenario. Soon, this hypothetical cloud provider’s customer needs to build their own Kubernetes Cluster structure. Therefore, the following technologies were listed:
- AWS EC2
- Azure Virtual Machine
- Google Compute Engine
Given the entire context of the study case, we could make some questions:
How is authentication used? Does the kubernetes structure have countermeasures to maintain applications availability? Are Good Practices being considered in this environment?
Thus, there is a clear necessity to identify security challenges, so Owasp brings the Owasp top 10 Kubernetes and specifically provides material with security challenges for the kubernetes scenario. Next, we will list some challenges that we could list for our study case.
- K01: Insecure Workloads
- Challenge: Application processes running as root.
- K02: Supply Chain Vulnerabilities
- Challenge: Known software vulnerabilities in libraries.
- K03: Permissive Resistant Rbac Settings
- Challenge: Unnecessary use of cluster-admin, i.e. user or group, has access to the built-in Kubernetes “superuser” called cluster-admin, he can perform any action on any resource within a cluster.
- K04: Lack of Centralized Policy
- Challenge: Use of images from unreliable records.
- K05: Inadequate logging and monitoring
- Challenge: Logs and traces of running workloads are not monitored for suspicious activity.
- K06: Broken Authentication Mechanisms
- Challenge: Improper Authentication/Access to Kubernetes API
- K07: Missing Network Segmentation Controls
- Challenge: Attackers exploit workloads without network restrictions, traverse to other running containers or invoke private APIs.
- K08: Secrets management failures
- Challenge: Inadequate storage of defects.
- K09: Misconfigured Cluster Components
- Challenge: Configuration errors in key Kubernetes components can lead to full cluster compromise: kubelet, kube-apiserver, etc.
- K10: Outdated and standalone Kubernetes components
- Challenge: Vulnerabilities in the Kubernetes Cluster.
Facing the challenges – Security precautions in kubernetes
Some precautions minimize the challenges discussed above, then
It is worth taking care of the Cluster host and identifying whether good practices are applied, such as: Proper cluster versioning, the use of TLS. Along the same lines, be careful with the build: identify whether the images are reliable and have the minimum required image.
Care is also needed for deployment, considering what is being put into production. And to close this issue, runtime care. For example, check if anomalies are monitored during the execution of the Cluster.
In general terms, it is recommended to carry out Threat Modeling to identify possible gaps and requirements for this entire scenario.
In addition to prioritizing Hardening actions to reinforce the security of the systems, that is, mapping possible threats so that the protection of the systems can be improved.
Identify security gaps in Kubernetes
Continuing the study case, the Iac feature of the Conviso Platform was used to analyze gaps in this environment. When the Iac’s git action was executed, then the findings were identified and sent to the Conviso Platform (Figure 3).
Figura 3: Findings identificados após a execução git action do Iac
However, there is a real necessity to use Defect Management with focus to assess the findings and direct the correction of vulnerabilities, that is, in general, the objective is to collect, record and analyze security defects, in addition to the possibility of enriching this information. to use them in decision-making through metrics.
Conclusion about security precautions for Kubernetes
Therefore, in general terms, there are essential precautions to face the challenges of a Kubernetes structure in a Cloud IaaS scenario. such actions must be done manually and automatically to avoid security breaches and the most important thing is to carry out this process in an organized manner.