Security of modern applications is critical not only at the code level but also at the infrastructure level. In this article, we'll explore the fundamental principles and practical applications for building a secure and scalable backend infrastructure on Kubernetes.
Why is Security So Important?
Your Kubernetes cluster is the heart of a company. API services, databases, cache systems, and many other critical components run here. A security vulnerability can lead to the compromise of your entire system. Therefore, establishing security measures correctly from the start is essential.
Micro-Segmentation with Network Policies
By default in Kubernetes, all pods can communicate with each other. While this is convenient in development environments, it poses a serious security risk in production environments.
Network Policy Example
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: backend-policy
namespace: production
spec:
podSelector:
matchLabels:
app: backend-api
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
ports:
- protocol: TCP
port: 8080
egress:
- to:
- podSelector:
matchLabels:
app: postgres
ports:
- protocol: TCP
port: 5432
This policy ensures that the backend API only accepts traffic from frontend pods and can only connect to the PostgreSQL database. All other traffic is blocked by default.
Authorization with RBAC
Role-Based Access Control (RBAC) controls who can access what in your Kubernetes cluster. Each user or service account should be granted only the permissions they need (principle of least privilege).
Service Account with Minimum Privilege
apiVersion: v1
kind: ServiceAccount
metadata:
name: backend-sa
namespace: production
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: backend-role
namespace: production
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: backend-binding
namespace: production
subjects:
- kind: ServiceAccount
name: backend-sa
roleRef:
kind: Role
name: backend-role
apiGroup: rbac.authorization.k8s.io
Secrets Management
Kubernetes Secrets are base64 encoded, meaning they are not encrypted. In production environments, encryption at rest must be enabled, or an external secret management system like HashiCorp Vault should be used.
Using Secrets as Environment Variables
apiVersion: v1
kind: Pod
metadata:
name: backend-pod
spec:
serviceAccountName: backend-sa
containers:
- name: api
image: backend-api:1.0.0
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-credentials
key: password
- name: API_KEY
valueFrom:
secretKeyRef:
name: api-keys
key: external-api
Security Context and Pod Security Standards
Pod Security Standards control the security configuration of pods. Especially in production environments, it's critical that pods don't run as root.
Secure Pod Configuration
apiVersion: v1
kind: Pod
metadata:
name: secure-backend
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
seccompProfile:
type: RuntimeDefault
containers:
- name: api
image: backend-api:1.0.0
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
Image Security
The security of your container images is also critically important. You should only use signed and scanned images in your registry.
- Perform image vulnerability scanning with tools like Trivy or Clair
- Use multi-stage builds to minimize image size and attack surface
- Prefer minimal base images like distroless or Alpine
- Use specific version tags instead of the latest tag
Logging and Monitoring
Comprehensive logging and monitoring are essential for detecting security incidents. Centralize your logs with solutions like ELK Stack or Loki + Grafana.
Conclusion
Building a secure backend infrastructure on Kubernetes requires taking measures at many different layers. Topics such as network policies, RBAC, secrets management, pod security, and image security should not be neglected. When you apply these principles correctly, you can achieve both a secure and scalable infrastructure.
"Security is not a product, but a process. You must stay constantly updated and prepared for new threats."