Linux Kernel

Best of 2021 – 7 Principles of DevSecOps with Kubernetes

As we close 2021, at Container Journal we wanted to highlight the most popular articles of the year. This is the eighteenth in our Best of 2021 series.

In my article “9 Pillars of DevOps Engineering with Kubernetes,” I explain that continuous security is a central pillar of any well-designed DevOps.

As stated in the white paper, “From the Node Up: The Complete Guide to Kubernetes Security with Prisma Cloud, “Kubernetes is a complex, multi-layered platform that consists of more than half a dozen different components that present both challenges and opportunities for DevSecOps.

Complex applications running on a complex distributed infrastructure can be difficult to secure. Cloud native tools, such as Kubernetes, provide more information about what is going on in an application, making it easier to identify and resolve security issues. The enhanced orchestration controls, provided by Kubernetes on the deployment and deployed containerized applications, benefit from immutable consistency and improved response times. In addition, secret objects provide a secure way to store sensitive data.

In this article, I show how Kubernetes can be used and configured to satisfy seven principles for a successful DevSecOps approach using Kubernetes. The seven DevSecOps principles are those identified in the Department of Defense Corporate DevSecOps Reference Design.

Principle # 1: Remove bottlenecks (including human) and manual actions.

With Kubernetes, developers and testers can work better together. They can resolve faults quickly and accurately because developers can use the Kubernetes instance of the tester for debugging. This eliminates the long delays associated with replicating development and test environments. Kubernetes also helps testers and developers quickly exchange accurate information for application setups.

Principle 2: automate development and deployment activity as much as possible.

Kubernetes eliminates many manual provisioning and other tedious tasks from corporate IT operations. Additionally, the unified and automated orchestration approaches offered by Kubernetes simplify multi-cloud management, enabling more services to be delivered with less work and fewer errors.

Principle 3: Adopt common tools from planning and requirements to deployment and operations.

Kubernetes offers many features that allow a container to support many configuration environment contexts. the configuration cards The object, for example, supports configuration data used at runtime. This avoids the need for specialized containers for different environment configurations. The declarative syntax used to define the deployment state of container clusters deployed by Kubernetes greatly simplifies the management of delivery and deployments.

Principle # 4: Take advantage of agile software principles and favor small, incremental and frequent updates over larger, more sporadic versions.

Modular applications architectured as microservices benefit the most from Kubernetes. Software designed according to twelve-factor application principles and communicating through networked APIs work best for scalable deployments on clusters. Kubernetes is optimal for orchestrating cloud native applications. Modular distributed services are better able to scale and recover from outages.

Principle # 5: Apply cross-functional development, cybersecurity and operations skills throughout the software lifecycle, taking a continuous monitoring approach in parallel instead of waiting to apply every skill set of sequentially.

Kubernetes provides a unified approach to container orchestration that applies end-to-end across the value stream. Continuous monitoring is made easier because the cloud native applications, managed by Kubernetes, are built with health reporting metrics to enable the platform to manage lifecycle events if an instance becomes unhealthy. They produce (and make available for export) robust telemetry data to alert operators to issues and enable them to make informed decisions. Kubernetes supports activity and readiness probes that make it easy to determine the state of a containerized application.

Principle 6: The security risks of the underlying infrastructure must be measured and quantified, so that all risks and impacts on software applications are understood.

Kubernetes has many different layers and components that must be considered for security. The key elements for security are: API communications between different parts of a cluster, a scheduler that manages the distribution of workloads, controllers that manage the state of Kubernetes itself, agents that are running on each node of a cluster and a key-value store where the cluster configuration data resides. A multi-pronged defense strategy is needed to protect against all types of vulnerabilities. The following is a partial list of defense strategies.

  • Secure container images to run on Kubernetes. Use security code analysis tools to scan containerized code for vulnerabilities that may exist in the code of the container itself, as well as any upstream dependencies that the image is based on.
  • Isolate Kubernetes nodes on a separate network that is not directly exposed to public networks.
  • Kubernetes supports role-based access control (RBAC) policies to help guard against unauthorized access to cluster resources.
  • Resource quotas help mitigate downtime caused by denial of service attacks by depriving the rest of the cluster of sufficient resources to run.
  • Limit pod-to-pod traffic by using core Kubernetes data types to specify network access controls between pods.
  • Implement network border controls to enforce certain network border entry and exit controls in addition to the pod-level controls enforced by Kubernetes.
  • Application layer access control can be enforced with strong application layer authentication, such as transport-level mutual security protocols using the encrypted application identity.
  • Kubernetes support for multiple containers running with a shared localhost network for the pod enables sidecars and a service mesh approach to modernize existing applications. This reduces the difficulty of implementing mutual TLS solutions, so that each application has an adjacent proxy daemon that terminates and authenticates incoming connections and transparently authenticates outgoing connections.
  • Segment your Kubernetes clusters by integrity level; for example, your development and test environments might be hosted in a different cluster from your production environment.
  • Run your applications as a non-root user. Future Linux kernel vulnerabilities are more likely to be exploited by a root user than by an unprivileged user.
  • Use security monitoring and auditing to capture application logs, host-level logs, Kubernetes API audit logs, and logs from cloud providers. For security auditing purposes, consider serving your logs to an external location with add access only from your cluster.
  • Use the whitelist of processes to identify unexpected running processes.
  • Keep Kubernetes versions up to date.

A comprehensive security strategy for Kubernetes should include more than the handful of built-in security features.

Principle 7: Deploy immutable infrastructure, like containers.

The concept of immutable infrastructure supported by Kubernetes, in which deployed components are replaced in their entirety, rather than being updated in place, requires standardization and emulation of common infrastructure components to achieve consistent and predictable results.

In this article, I explained how Kubernetes can be used and configured to meet DoD’s Seven DevSecOps Principles for a Successful DevSecOps Approach using Kubernetes. Although Kubernetes provides built-in security tools, they are not sufficient for comprehensive protection against multiple types of potential vulnerabilities across multiple layers of the Kubernetes infrastructure. The seven DevSecOps principles are important for an integrated security strategy that mitigates threats at all layers and levels of your stack.


Source link