Member-only story
Kubernetes Cluster Configuration and Vulnerability Scan
Kubernetes has become the go-to tool for managing container-based infrastructure and is part of the daily life of every engineer.
By now, we all know how much it means when it comes to managing clusters of servers and containers, big or small. How much it helps to make our life easier by dealing with network communication, deployments, storage, pods, and much more.
Regardless of the power of Kubernetes and everything that it does, there are still things that we as engineers need to take into account regarding security, having a correct configuration, using the correct docker images, and so on.
As much as we try, we can’t memorize and handle all of this thing manually and be sure that we’re making the correct decisions and using the correct setup or images. We’re only humans, after all, and we can only do so much.
Imagine if we mess up and use a docker image that is not verified and audited, security-wise. We can create potential vulnerabilities for attackers which they can exploit and bring our infrastructure down or deploy ransomware.
We need tooling to help us optimize our processes, automate all the security checks and configuration validations that we need to run, and make our life easier in the process so that we can sleep well at night 😉.
There are a lot of tools that help us deal with these checks and even automate them, like Kube-bench, terrascan, Kube-hunter, etc. You can read more about these tools in this article by Gupta Bless. My preferred one, and the one that this article will describe is Kubescape Cloud.
Kubescape can be configured with different CI/CD platforms like GitHub, Gitlab, CircleCI, and Jenkins, which can be integrated with VSCode and Kubernetes Lens or Prometheus for monitoring. It can also be integrated with Slack and Jira.
Kubescape scans clusters, code repository images, and registries against several frameworks with different control checks. Some of the frameworks are ArmoBest, Center for Internet Security (CIS), MITRE, and NSA. All these frameworks have…
