Let’s be honest—Kubernetes is a big deal.

According to a Sentinel One article, “96% of organizations surveyed by CNCF (Cloud Native Computing Foundation) were either using or evaluating Kubernetes” in 2021.

Most in the industry will agree that Kubernetes (K8s) is powerful, convenient, and one of the most widely used platforms to organize containerized applications and services.

However, this convenience can lead to insecurities. If the DevOps team using Kubernetes does not engage the right security team to help them understand how to use it securely, the door is open to exploitable vulnerabilities.

A potential mistake security teams can make is to assume that the native PKI—certificates and private keys used for authentication of nodes and encryption of communications—is secure.

It is not. The tools used with Kubernetes for adding and managing networking properties are highly convenient, but they default to choices that are highly insecure. They also fail to implement the most important part of a PKI: an actual secure certificate authority.

The article goes on to give examples of some other exploits that work against Kubernetes, such as security tooling challenges. This includes default K8s configurations, least privilege implications, and the scalability of legacy security tools.

We’d like to add one more security recommendation: get in touch with SecureG for help before trying to deploy certificates. We can help you integrate a proper PKI solution into your system that can withstand the kinds of attacks now targeting critical infrastructure.