loading
Loading content
loading
Also known as k8s security
Kubernetes security is the practice of locking down a cluster so a single bad workload cannot become a full compromise. The controls fall on the cluster and the workload. At the cluster level you scope RBAC to least privilege, restrict who can reach the API server, protect etcd, and rotate service account tokens. At the workload level you apply network policies to segment pod traffic, drop unneeded Linux capabilities, block privileged and host-mounted pods, and enforce admission policies.
It matters because Kubernetes defaults are permissive and the components are interconnected. An exposed dashboard, an over-scoped service account, or a pod allowed to mount the host filesystem gives an attacker a path from one container to the node and then to the whole cluster. Reachable API servers and kubelets are a common cloud finding.
The discipline overlaps with neighbors. Container security and image scanning keep the workloads themselves clean, an IAM misconfiguration in the cloud account can hand over the cluster, and cloud security posture management tracks these settings at scale.
In a Trickest workflow you fingerprint exposed Kubernetes API servers and dashboards across an IP range, flag anonymous access and known component versions, and re-run the check so new clusters get caught as teams deploy them.
Related terms