The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published recommendations for strengthening the security of an organization s Kubernetes system. The NSA and CISA released a 52-page cybersecurity technical report that offers guidance for admins to manage the open-source system securely. The agency notes that supply-chain attacks are often challenging to mitigate, adding that malicious threat actors way in is typically exploiting a vulnerability or leveraging misconfigurations. Use network separation, strong authentication, properly configured firewalls, and audit logs.
Source: https://www.bleepingcomputer.com/news/security/nsa-and-cisa-share-kubernetes-security-recommendations/