Considerations for Securing Kubernetes Clusters

Need for holistic Security Assessment

As per the CNCF (Cloud Native Computing Foundation),

“Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private and hybrid clouds.

Containers, service meshes, microservices, immutable infrastructure and declarative APIs exemplify this approach.”

Containers are a great way to bundle and run applications but in a production environment, you need to manage the containers that run the applications and ensure that there is no downtime.This is where Kubernetes (abbreviated as k8s in certain parts of the document) steps in.

Kubernetes provides a framework to run distributed systems resiliently. It takes care of deployment, scaling and failover for your application etc but operates at the container level. Kubernetes is an Orchestration system that follows a declarative model that pushes the current state towards the desired state.

Kubernetes Clusters can be deployed in diverse environments including Private Clouds, Public Clouds and Bare Metal but the common denominator is the Kubernetes API and it provides the portability for the applications to be deployed anywhere.

Diverse Environments for running Kubernetes Clusters

Kubernetes Distributions

If you take a deeper look at the infastructure stack on which Kubernetes Clusters run, it will look something like this.

If one were to validate if the Kubernetes Cluster is compliant from a security posture point of view, all these individual elements of the stack needs to audited and assessed along with the Kubernetes Pods themselves. Note that we are only talking about Kubernetes Cluster security here. There is a whole another aspect to Pod Level and Application Level security but we are not going into that territory here.

Different Elements of Kubernetes Cluster Security

Security Frameworks and Tools

In the industry there are guidelines and recommendations to address the security for each of these layers of the kubernetes cluster.

Compliane Guidelines for Security Best Practices and hardening

And there are a multitue of tools available that can help audit the different layers of the stack. I am listing a few here as examples.

1/ kube-bench

Automated auditing of the CIS Kubernetes Benchmark.

2/Docker-Bench

Checks for best practices for deploying docker containers in production.

3/ Lynis

Security audit tool for computer systems running Linux and their hardening.

When Kubernetes clusters are deployed in diverse environments, the auditors may or may not have access to some of these targets.

Audit Targets and ease of access

When using some of these tools in Public Cloud environments some of the following things apply:

1/

https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#automated_auditing_of_the_cis_kubernetes_benchmark

“You can use an open-source tool kube-bench to test your cluster configuration against the CIS Kubernetes Benchmark. Note that you will be unable to run the kube-bench master tests against your GKE workloads, since you do not have access to the master node directly; and will only be able to run the kube-bench node tests”

2/

Public Cloud services have their own audit tools. For example GKE provides the following:

https://cloud.google.com/security-command-center/docs/how-to-use-security-health-analytics

Bringing it all together

If you have all the information available at hand, the following methodology could then be used to create a compliance and enforcement model.

In the picture below, a higher level orchestration system does the job of deploying Kubernetes Pods. Two levels of validations and assessments are done to enforce policy and decide if the pod should be deployed.

1. Whether the Kubernetes Cluster meets the necessary security requirements
2. Whether the Kubernetes Pod meets the necessary security requirements.

Kubernetes Security Posture Enforcement Model

The process of arriving at these decisions should include audit assessments from different tools, interpretting the output and scores provided by audit tools and normalizing them as per the organizational security requirements or policy.

All the Kubernetes clusters that are in use across the organization could be subject to standard minimum score that is considered secure whereas the minimum score needed for a pod to be considered secure and complaint with the company security practices could be variable or exceptions could be allowed using governance.

Useful Links:

CIS BenchMarks:

https://www.cisecurity.org/benchmark/kubernetes/

NIST 800–190: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-190.pdf