- Always use the latest stable version.
- Enable role-based access control (RBAC). Avoid granting cluster-wide permissions.
- Make sure to create non-default namespaces with security boundaries customized by their workload.
- Run especially sensitive workloads on a dedicated set of machines to limit fallout from any breaches.
- Carefully secure access to cloud metadata.
- Create and define cluster network policies.
- Define a cluster-wide Pod Security Policy for how workloads may run in each cluster.
- Harden node security by ensuring your host is secure & controlling network access to sensitive ports.
- Enable audit logs. Actively monitor them to identify access attempts.
Full post here, 5 mins read