Establish what are the Attack Surfaces in K8S and which ones would you like to address.
Can be created as:
- Kubernetes Operator (basically an app deployed in the cluster)
- kubectl plugin (extend kubectl CLI with new features): every API call to k8s goes through a 3-step process (authentication,authorization,admission controllers)
- Istio service mesh: Istio manages traffic flows between microservices, enforces access policies, mTLS and aggregates telemetry data, all without requiring changes to application code
- K8S network policies: Vanilla kubernetes object that describes what network traffic is allowed for a set of Pods
- Falco Runtime Security: it uses syscalls to monitor the state of pods and nodes in the cluster