Password based authentication to the hosts should be disabled
Root user access should be disabled
Only SSH key based authentication should be allowed
Securing the cluster
kube-apiserver is the center of all operation within the k8s cluster. We interact with it to make changes to the cluster. So, the first line of defense is to control access to the kube-apiserver. This involves two considerations:
Who can access the cluster (authentication)
What can they do (authorization)
All communications within the k8s cluster between the various processes of k8s is secured by TLS encryption.
By default, every pod can access every other pod in the cluster. We can restrict access between them using
