More than 50% of respondents to the State of Kubernetes Security Report 2023 were highly concerned about misconfigurations and vulnerabilities when it came to the security of their applications in containers and Kubernetes environments.
But, there are ways to mitigate the risks introduced by misconfigurations. One way is to take a proactive approach with configuration management - introducing automation for security scanning, having a zero trust policy within the cluster, ensuring you are thinking about security for the platform and the application-level.
A couple of best practices for configuration management are:
- Set egress policies for your pods: A lot of external attacks or breaches on the pod-level come via the internet. You can configure your pods to prevent this. A lot of pods might not need internet access at all - they just need to be able to communicate with other pods and DNS. You can set egress policies for your pods and by making egress impossible, you can mitigate it at the pod level by eliminating the possibility of the pod accessing the internet and being vulnerable to being attacked.
- Containers have writable file systems that are ephemeral. But, you can change this to ensure you are using read-only file systems and empty-dr. Tools like podman-diffs to gain visibility into how your apps are interacting with local file systems and can help you check this.
Watch the second episode of the Security Series on Ask an OpenShift Admin, where Chris Porter joins Andrew and Jonny to talk about Configuration Management for security in more detail! They go over how to build a security mindset, small steps you can take today to build apps the DevSecOps way, and more best practices for configuration management.
At Red Hat, we offer Red Hat Advanced Cluster Security for Kubernetes as a way to manage container images and their related issues. Try ACS Cloud Service today!
Tune in next week for part three on Runtime Security of this new series!
저자 소개
Jehlum is in the Red Hat OpenShift Product Marketing team and is very passionate about learning about how customers are adopting OpenShift and helping them do more with OpenShift!
유사한 검색 결과
2025 Red Hat Ansible Automation Platform: A year in review
New observability features in Red Hat OpenShift 4.20 and Red Hat Advanced Cluster Management 2.15
Technically Speaking | Taming AI agents with observability
Get into GitOps | Technically Speaking
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
가상화
온프레미스와 클라우드 환경에서 워크로드를 유연하게 운영하기 위한 엔터프라이즈 가상화의 미래
