Different ways to provide API-Security on kubernetes

0 votes
Could you list the different ways in which I can provide API-security on kubernetes?
Jul 23, 2019 in Kubernetes by Karan
 • 19,610 points 895 views

1 answer to this question.

0 votes

  • Use the correct auth mode with API server authorization-mode=Node,RBAC

  • Ensure all traffic is protected by TLS

  • Use API authentication (smaller cluster may use certificates but larger multi-tenants may want an AD or some OIDC authentication).

  • Make kubeless protect its API via authorization-mode=Webhook

  • Make sure the kube-dashboard uses a restrictive RBAC role policy

  • Monitor RBAC failures

  • Remove default ServiceAccount permissions

  • Filter egress to Cloud API metadata APIs

  • Filter out all traffic coming into kube-system namespace except DNS

  • A default deny policy on all inbound on all namespaces is good practice. You explicitly allow per deployment.

  • Use a podsecurity policy to have container restrictions and protect the Node

  • Keep kube at the latest version.

answered Jul 23, 2019 by Sirajul
 • 59,230 points

Related Questions In Kubernetes

0 votes
1 answer

What are the different ways to access kubernetes dashboard?

There are three main ways to access ...READ MORE

answered Nov 23, 2018 in Kubernetes by Hannah
 • 18,520 points 1,367 views
0 votes
1 answer

Unable to run Kubernetes on rancher cluster

switch Docker to 1.12.x; Kubernetes doesn't support ...READ MORE

answered Aug 28, 2018 in Kubernetes by Kalgi
 • 52,350 points 1,382 views
0 votes
1 answer

Not able to access kubernetes api from a pod in azure

Follow these steps Add --bind-address=0.0.0.0 option to the line https://github.com/kubernetes/kubernetes/blob/v1.2.0/docs/getting-started-guides/coreos/azure/cloud_config_templates/kubernetes-cluster-main-nodes-template.yml#L218  Created ...READ MORE

answered Aug 30, 2018 in Kubernetes by Kalgi
 • 52,350 points 1,015 views
0 votes
2 answers

Not able to expose port 80 on the host, kubernetes ingress

I was facing the same error. The nginix ...READ MORE

answered Sep 11, 2018 in Kubernetes by Kalgi
 • 52,350 points 2,123 views
+6 votes
1 answer

Web UI (Dashboard): https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

Hey @nmentityvibes, you seem to be using ...READ MORE

answered Dec 13, 2018 in Kubernetes by Kalgi
 • 52,350 points 7,933 views
+1 vote
1 answer

set up kubernetes NGINX ingress in AWS with SSL termination

Try using ingress itself in this manner except ...READ MORE

answered Oct 10, 2018 in Kubernetes by Kalgi
 • 52,350 points 3,088 views
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17, 2019 in Others by anonymous
 15,476 views
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
 • 8,450 points 4,034 views
0 votes
1 answer

What all packages do i need to install to use kubernetes on my machine?

Install below packages on all of your ...READ MORE

answered Jul 11, 2019 in Kubernetes by Sirajul
 • 59,230 points 903 views
0 votes
1 answer

What all components run inside a worker node to provide a kubernetes runtime environment?

Node components run on every node, maintaining ...READ MORE

answered Jul 24, 2019 in Kubernetes by Sirajul
 • 59,230 points 1,034 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.