Kubernetes Security
November 10, 2024
Hardening container orchestration RBAC, pod security, admission control, and runtime threat detection on Kubernetes.
Research scope
Kubernetes introduces a new attack surface: the control plane, etcd, API server, and workload configuration. This track documents defense-in-depth for clusters running production workloads.
Areas covered
- API server hardening and RBAC least privilege
- Pod Security Standards / restricted profiles
- Admission policies (Kyverno, Gatekeeper)
- Runtime detection with Falco or cloud-native agents
- Secrets encryption and etcd backup security