DevOps Articles

How to Give Kubernetes Immunity from Privilege Escalation

This is part of a series of contributed articles leading up to KubeCon + CloudNativeCon on Oct. 24-28. Security across virtualized and physical infrastructure environments has been refined over the past 20 years into a highly sophisticated craft that enables precise control over the access and availability of application workloads.

One of the cybersecurity pillars is application isolation through various forms of confinement, either through logical or physical separation.

When augmented by additional components like advanced container network interface and container storage interface providers, network transport and data at rest can also be confined to their workload applications purview.

When combined with traditional security practices at both physical, network, storage and virtualization layers, they ensure that there is a higher degree of confidence when running application workloads within Kubernetes.