- Whether you have encryption for masters and nodes in kubernetes cluster? (Available option set tls certificates, ecryption provider for etcd like kms,vaullt, ebs encryption,Network Encryption provider CNI like cilium,calico,etc)
- Whether you have encryption between pod-to-pod communication (Option is Service mesh like linkerd, istio,mtls,etc)
- Network Firewall for Pod ? (Network Policy for ingress and egress traffic to block unnecessary connection from pod-to-pod).
- Cluster and Node AMI Is harden or not? (Select Harden AMI during cluster setup)
- Do you have obeservability in cluster for anomaly activity detection? ( Use ebpf base CNI in network like cilium and calico also use falcon and tetragon,etc tool to check observability of cluster,node and pods)
- Do you have cluster access control for users? (Use RBAC and clusterrole, resource priviledge, namespace for namespace specific access list,etc)
- Do you have control over resource consumption for pods? (Use resources and limit for pods using matric server)
- Did your pod is secure with respect to exploit of privilege escalation vulnerability? (Use podsecurity like runas user, seccomp, ebpf, capabilities, read only file system, apprmore, selinux,etc)
- Did your container image is secure (Use Docker scan, Xray,etc)
- Does your secret are secure ? (Use Vault, AWS Secret Manager,etc)
- AWS EKS monitoring ? (Use cloud watch agent, gafana, prometheus, ELK for logs,etc)
- AWS EKS malware and virus detection? (Use Gaurd Duty on EBS for malware and other threat)
IT Consulting & IT Training 
Leave a comment