Conversation

Updates to our #Kubernetes Hardening Guide with

are live! Thanks to all who reached out with feedback to help make the guidance more comprehensive — including more detailed info on logging and threat detection in addition to other clarifications.

nsa.gov

NSA, CISA release Kubernetes Hardening Guidance

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report

3:41 PM · Mar 15, 2022Sprout Social

Replying to

@NSACyber

and

@CISAgov

"The Kubernetes API server should not be exposed to the Internet or an untrusted network." STRONG AGREE! I use

@openziti

to expose my kubernetes API. #zerotrust all the way!

Kenneth Bingham

@qrkourier

Mar 15

Right, there’s no reason to expose apiserver or any other cluster workload to any network other than the loopback interface. All server comms should be initiated as outbound (reverse path) under #ZeroTrust .

Show replies

Replying to

and

Nice recommendations. Would love to see it including how to harden the control and data planes by embedding opensource, private zero trust directly into the apps making network security entirely irrelevant.