Upgrade and apply security practices

Following the hardening guidelines outlined in this document is one step in ensuring the security of applications running on Kubernetes orchestration containers. However, security is an ongoing process and it is critical to keep up with patches, updates, and upgrades. The specific software components will vary based on individual configurations, but every piece of the entire system should be kept as secure as possible. This includes updates to: Kubernetes, the hypervisor, virtualization software, plug-ins, the operating system the environment runs on, the applications running on the servers, and any other software hosted in the Kubernetes environment.

The Center for Internet Security (CIS) publishes benchmarks for securing software. Administrators should adhere to the CIS baseline for Kubernetes and any other related system components. Administrators should regularly check to ensure that the security of their systems complies with the current consensus among security experts on best practices. Regular vulnerability scanning and penetration testing of various system components should be performed to proactively look for insecure configurations and zero-day vulnerabilities. Any findings should be promptly remediated before potential cyber actors discover and exploit them.

As updates are deployed, administrators should also keep up with removing any old components from the environment that are no longer needed. Using a managed Kubernetes service can help automate upgrades and patching of Kubernetes, operating systems, and network protocols. However, administrators still have to patch and upgrade their containerized applications.