PCI Container Orchestration Guidance for Kubernetes
In September 2022 the PCI council released Guidance for Containers and Container Orchestration Tools which is intended to help organizations who use tools like Docker and Kubernetes in payment systems, do so in a secure fashion. The guidance should also be useful as a general guide to Kubernetes security hardening.
One of the key parts of the document is a table of risks and best practices which span 16 areas.
The guidance is fairly generic, so to help apply this specifically to Kubernetes I’ve been writing a series of blogs to look at each of these areas. This page provides a handy index for those posts. As this guidance will be used by assessors as well, I made some notes on the challenges of doing security assessments on Kubernetes.