Implementing tools for cluster configuration and container security
Kubernetes gives us many inbuilt options for the security of cluster configurations and container permissions. Since we've already talked about RBAC, TLS Ingress, and encrypted Kubernetes Secrets, let's discuss a few concepts that we haven't had time to review yet: admission controllers, Pod security policies, and network policies.
Using admission controllers
Admission controllers are an often overlooked but extremely important Kubernetes feature. Many of Kubernetes' advanced features use admission controllers under the hood. In addition, you can create new admission controller rules in order to add custom functionality to your cluster.
There are two general types of admission controllers:
- Mutating admission controllers
- Validating admission controllers
Mutating admission controllers take in Kubernetes resource specifications and return an updated resource specification...