Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads

Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads

Containerized applications are pivotal to contemporary cloud-native architectures, yet they present novel security challenges. Kubernetes, a prevalent open-source platform for container orchestration, provides robust automation but lacks inherent security measures. The intricate architecture and sca...

Full description

Saved in:
Bibliographic Details
Main Authors: Zlatan Morić, Vedran Dakić, Tomislav Čavala
Format: Article
Language:English
Published: MDPI AG 2025-06-01
Series:Journal of Cybersecurity and Privacy
Subjects:
Kubernetes
Kubernetes security
vulnerability management
DevSecOps
Zero Trust Architecture
hardening
Online Access:https://www.mdpi.com/2624-800X/5/2/30
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Containerized applications are pivotal to contemporary cloud-native architectures, yet they present novel security challenges. Kubernetes, a prevalent open-source platform for container orchestration, provides robust automation but lacks inherent security measures. The intricate architecture and scattered security documentation may result in misconfigurations and vulnerabilities, jeopardizing system confidentiality, integrity, and availability. This paper analyzes the key aspects of Kubernetes security by combining theoretical examination with practical application, concentrating on architectural hardening, access control, image security, and compliance assessment. The text commences with a synopsis of Kubernetes architecture, networking, and storage, analyzing prevalent security issues in containerized environments. The emphasis transitions to practical methodologies for safeguarding clusters, encompassing image scanning, authentication and authorization, monitoring, and logging. The paper also examines recognized Kubernetes CVEs and illustrates vulnerability scanning on a local cluster. The objective is to deliver explicit, implementable recommendations for enhancing Kubernetes security, assisting organizations in constructing more robust containerized systems.
ISSN:2624-800X

Similar Items