The Cloud Native Computing Foundation (CNCF) this week announced the results of its recent audit performed as part of its ongoing commitment to continuously improve Kubernetes security.
CNCF CTO Chris Aniszczyk says as part of the effort, the CNCF later this year also plans to kick off a bounty program through which it will provide incentives to researchers who identify bugs and other cybersecurity flaws.
Aniszczyk says all highly severe cybersecurity issues identified by the Security Audit Working Group funded by the CNCF have been addressed by the committee that oversees Kubernetes development. The auditors narrowed their focus on eight core Kubernetes components: Kube-apiserver, etcd, Kube-scheduler, Kube-controller-manager, cloud-controller-manager, Kubelet, Kube-proxy and container runtime. The auditors concluded the Kubernetes-specific issues organizations should address include:
- Policies may not be applied, leading to a false sense of security.
- Insecure TLS is in use by default.
- Credentials are exposed in environment variables and command-line arguments.
- Names of secrets are leaked in logs.
- No certificate revocation.
- Seccomp is not enabled by default.
The auditors also published specific recommendations for both developers and Kubernetes administrators. Developers are advised to:
- Avoid hardcoding paths to dependencies.
- Check file permissions.
- Monitor processes on Linux.
- Move processes to a cgroup.
- Be aware of future cgroup considerations for Kubernetes.
- Be aware of future process handling considerations for Kubernetes.
Kubernetes administrators, meanwhile, are advised to focus on:
- Attribute-based access controls vs. role-based access controls.
- RBAC best practices.
- Node-host configurations and permissions.
- Default settings and backwards compatibility.
- Environment considerations.
- Logging and alerting.
Aniszczyk says the CNCF expects to fund its next major audit of Kubernetes in about two years. This audit follows previous audits conducted for the CoreDNS, Envoy and Prometheus projects the CNCF also oversees.
While Kubernetes is going to have bugs and flaws, like all software, Aniszczyk notes the level of cooperation among all the vendors and organizations that have committed to support Kubernetes shows the amount of resources being applied to Kubernetes cybersecurity are greater than any other platform.
The CNCF is also committed to providing an unprecedented level of transparency into the process, says Aniszczyk, which also should aid auditors in their efforts to certify that Kubernetes environments are secure.
Overall, Aniszczyk says that from a cybersecurity perspective, the best thing about Kubernetes and the containerized applications that run on top of it is how quickly modules containing flawed code can be replaced. Instead of waiting months to path a monolithic application environment, a Kubernetes environment can be updated within the context of an iterative DevOps process, which is much faster and agile than existing legacy approaches to patch management, notes Aniszczyk.
Like any emerging technology platform, cybersecurity always will be a concern. Most organizations are still in the process of determining what tools and processes to employ to best secure Kubernetes environments. As those DevSecOps processes become more mature, however, the number of applications being deployed on Kubernetes clusters should increase dramatically.