To secure Kubernetes clusters, following role-based access among different users to perform various tasks is crucial. RBAC and role binding creates ‘roles’ , a set of capabilities for specific users. For instance, some users may have permission to list the pod alone, whereas other users may have permission to get, watch, update, patch, or delete pods.
Capital One, one of the top 10 US retail banks, faced a challenge while building a provisioning platform to handle millions of transactions per day and protect confidential data from fraud detection and unauthorized users.
After moving to Kubernetes, Gasser, a Lead Software Engineer at Capital One, says how they managed to reduce the attack vulnerability profile for applications in the cloud, “Our entire clusters get rebuilt from scratch periodically, with new fresh instances and virtual server images that are patched with the latest and greatest security patches.”