Summary

Summary of the concepts learned in this chapter.

The purpose of this chapter was to give you an idea of some of the real-world security considerations affecting many Kubernetes clusters.

We started out by looking at ways to secure the software delivery pipeline by discussing some image-related best practices. These included how to secure your image registries, scanning images for vulnerabilities, and cryptographically signing images. Then, we looked at some of the workload isolation options that exist at different layers of the infrastructure stack. In particular, we looked at cluster-level isolation, node-level isolation, and some of the different runtime isolation options. We talked about identity and access management, including places where additional security measures might be useful. We then talked about auditing and finished up with a real-world issue that could have been easily avoided by implementing some of the best practices already covered.

Hopefully, you now have enough understanding to start securing your own Kubernetes clusters.

Get hands-on with 1200+ tech skills courses.