1. Always use the latest stable version.
  2. Enable role-based access control (RBAC). Avoid granting cluster-wide permissions.
  3. Make sure to create non-default namespaces with security boundaries customized by their workload.
  4. Run especially sensitive workloads on a dedicated set of machines to limit fallout from any breaches.
  5. Carefully secure access to cloud metadata.
  6. Create and define cluster network policies.
  7. Define a cluster-wide Pod Security Policy for how workloads may run in each cluster.
  8. Harden node security by ensuring your host is secure & controlling network access to sensitive ports.
  9. Enable audit logs. Actively monitor them to identify access attempts.

Full post here, 5 mins read