Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads
Containerized applications are pivotal to contemporary cloud-native architectures, yet they present novel security challenges. Kubernetes, a prevalent open-source platform for container orchestration, provides robust automation but lacks inherent security measures. The intricate architecture and sca...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-06-01
|
| Series: | Journal of Cybersecurity and Privacy |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2624-800X/5/2/30 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850168440382291968 |
|---|---|
| author | Zlatan Morić Vedran Dakić Tomislav Čavala |
| author_facet | Zlatan Morić Vedran Dakić Tomislav Čavala |
| author_sort | Zlatan Morić |
| collection | DOAJ |
| description | Containerized applications are pivotal to contemporary cloud-native architectures, yet they present novel security challenges. Kubernetes, a prevalent open-source platform for container orchestration, provides robust automation but lacks inherent security measures. The intricate architecture and scattered security documentation may result in misconfigurations and vulnerabilities, jeopardizing system confidentiality, integrity, and availability. This paper analyzes the key aspects of Kubernetes security by combining theoretical examination with practical application, concentrating on architectural hardening, access control, image security, and compliance assessment. The text commences with a synopsis of Kubernetes architecture, networking, and storage, analyzing prevalent security issues in containerized environments. The emphasis transitions to practical methodologies for safeguarding clusters, encompassing image scanning, authentication and authorization, monitoring, and logging. The paper also examines recognized Kubernetes CVEs and illustrates vulnerability scanning on a local cluster. The objective is to deliver explicit, implementable recommendations for enhancing Kubernetes security, assisting organizations in constructing more robust containerized systems. |
| format | Article |
| id | doaj-art-0657a5e072d84cdf86775ae31bd036c1 |
| institution | OA Journals |
| issn | 2624-800X |
| language | English |
| publishDate | 2025-06-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Journal of Cybersecurity and Privacy |
| spelling | doaj-art-0657a5e072d84cdf86775ae31bd036c12025-08-20T02:20:58ZengMDPI AGJournal of Cybersecurity and Privacy2624-800X2025-06-01523010.3390/jcp5020030Security Hardening and Compliance Assessment of Kubernetes Control Plane and WorkloadsZlatan Morić0Vedran Dakić1Tomislav Čavala2Department of System Engineering and Cybersecurity, Algebra Bernays University, 10000 Zagreb, CroatiaDepartment of System Engineering and Cybersecurity, Algebra Bernays University, 10000 Zagreb, CroatiaDepartment of System Engineering and Cybersecurity, Algebra Bernays University, 10000 Zagreb, CroatiaContainerized applications are pivotal to contemporary cloud-native architectures, yet they present novel security challenges. Kubernetes, a prevalent open-source platform for container orchestration, provides robust automation but lacks inherent security measures. The intricate architecture and scattered security documentation may result in misconfigurations and vulnerabilities, jeopardizing system confidentiality, integrity, and availability. This paper analyzes the key aspects of Kubernetes security by combining theoretical examination with practical application, concentrating on architectural hardening, access control, image security, and compliance assessment. The text commences with a synopsis of Kubernetes architecture, networking, and storage, analyzing prevalent security issues in containerized environments. The emphasis transitions to practical methodologies for safeguarding clusters, encompassing image scanning, authentication and authorization, monitoring, and logging. The paper also examines recognized Kubernetes CVEs and illustrates vulnerability scanning on a local cluster. The objective is to deliver explicit, implementable recommendations for enhancing Kubernetes security, assisting organizations in constructing more robust containerized systems.https://www.mdpi.com/2624-800X/5/2/30KubernetesKubernetes securityvulnerability managementDevSecOpsZero Trust Architecturehardening |
| spellingShingle | Zlatan Morić Vedran Dakić Tomislav Čavala Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads Journal of Cybersecurity and Privacy Kubernetes Kubernetes security vulnerability management DevSecOps Zero Trust Architecture hardening |
| title | Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads |
| title_full | Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads |
| title_fullStr | Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads |
| title_full_unstemmed | Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads |
| title_short | Security Hardening and Compliance Assessment of Kubernetes Control Plane and Workloads |
| title_sort | security hardening and compliance assessment of kubernetes control plane and workloads |
| topic | Kubernetes Kubernetes security vulnerability management DevSecOps Zero Trust Architecture hardening |
| url | https://www.mdpi.com/2624-800X/5/2/30 |
| work_keys_str_mv | AT zlatanmoric securityhardeningandcomplianceassessmentofkubernetescontrolplaneandworkloads AT vedrandakic securityhardeningandcomplianceassessmentofkubernetescontrolplaneandworkloads AT tomislavcavala securityhardeningandcomplianceassessmentofkubernetescontrolplaneandworkloads |