Secure Kubernetes with Kubescape

Inspection

Containerized environments are complex and comprise several layers, especially if Kubernetes is involved as a fleet orchestrator. Container security is a particular challenge because today's cloud stack combines so many components from so many different sources, in a more or less meaningful way, that it is not easy to keep track of and identify security updates for the various sources, finding the ones that you need for your own environment, and installing them in good time. As if that weren't enough trouble, more or less the same thing applies to compliance. Most glaring security issues are not caused by bugs, but by trivial misconfigurations that nobody notices in the review. If all the internal control processes fail, your own container landscape is left as open as the proverbial barn door in a worst case scenario.

To ensure that containerland does not turn into a horror movie, companies need to bear a few things in mind when they look to operate a large number of containers. After all, Kubernetes and others of the same ilk do not maintain themselves, and container-based approaches are no less complex than their traditional predecessors; you have to deal with even more loose ends than in conventional setups. The runtime environment for containers, Kubernetes itself, a number of on-top solutions such as the Istio service mesh, various package managers such as Helm, and the various sources from which container images can be obtained today are just a few examples.

This is where Kubescape [1] enters the scene. Its developers make some bold promises, claiming that it is the first tool that can completely automate the process of checking the entire container stack of an environment for security and compliance problems according to accepted rules (e.g., from the US National Institute of Standards and Technology (NIST), the not-for-profit MITRE organization, or the joint US National Security Agency

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Nested Kubernetes with Loft
    Kubernetes has limited support for multitenancy, so many admins prefer to build multiple standalone Kubernetes clusters that eat up resources and complicate management. As a solution, Loft launches any number of clusters within the same control plane.
  • Safeguard and scale containers
    Security, deployment, and updates for thousands of nodes prove challenging in practice, but with CoreOS and Kubernetes, you can orchestrate container-based web applications in large landscapes.
  • Monitoring container clusters with Prometheus
    In native cloud environments, classic monitoring tools reach their limits when monitoring transient objects such as containers. Prometheus closes this gap, which Kubernetes complements, thanks to its conceptual similarity, simple structure, and far-reaching automation.
  • Exploring Kubernetes with Minikube
    Minikube lets you set up Kubernetes in a local environment, so you can get some practice before rolling it out in a network or cloud setting.
  • Linking Kubernetes clusters
    When Kubernetes needs to scale applications, it searches for free nodes that meet a container's CPU and main memory requirements; however, when the existing hardware is at full capacity, the Kubernetes Cluster Federation project (KubeFed) takes the pain out of adding clusters.
comments powered by Disqus