Kubernetes Security
Cluster security posture and runtime protection
Clusters
12
Nodes
247
Pods
18
Namespaces
3
Critical Issues
Finding Distribution
By Category
Container Security
18
RBAC
8
Network Security
12
Secrets Management
5
Resource Management
44
Security Findings
critical
container securityPrivileged container in production
K8S-001·default·Pod/data-processor-xxx
Set securityContext.privileged=false
critical
rbacCluster-admin bound to service account
K8S-RBAC-001·ClusterRoleBinding/app-cluster-admin
Apply principle of least privilege
critical
network securityPod using host network
K8S-007·monitoring·Pod/network-scanner
Set hostNetwork=false
high
container securityContainers running as root (15 pods)
K8S-002·default·Deployment/web-app
Set runAsNonRoot=true and specify runAsUser
medium
network securityNo NetworkPolicy in 5 namespaces
K8S-NET-001·Namespace/multiple
Implement NetworkPolicies for east-west traffic control
medium
resource managementMissing resource limits (42 containers)
K8S-004·staging·Deployment/multiple
Set resources.limits for all containers