NASCIMENTO, L. R. S. R.; NASCIMENTO, Luiz Ricardo Siqueira Rodrigues.
Resumen:
The portability and ease to deploy and manage software and services while employing containers, cause this kind of platform to be broadly utilized in the software development and system administration communities. The default settings of container runtimes on container orchestrators are not ideal for the security requirements of the systems to be deployed, but are in many cases left as they came for practical reasons or lack of attention to detail from the system administrator on the occasion of the deployment. This increases in a huge scale the risk to security issues on the environment, such as that in many occasions it’s the path that is used to actively violate the data and services hosted on cloud environments or in any other way connected to the network. Thus, a proposal of a set of basic settings to be implemented on production environments was built, based mainly on the recommended security settings indicated on the Kubernetes documentation, through tests run over an environment simulating a production one. The open source application Kube-bench, well known and of ample use in the security and system administration communities, was employed here to analyze the impacts of changes made.