Deployment and management services become easier with Kubernetes. It is the best orchestrator and is used by many companies. The latest version of Kubernetes called 1.22 has arrived. It is observed latest version has a longer release cycle when it comes to updates. However, the new update has many interesting features with regard to security. Most of the existing features are in their maturation process. For instance, alpha releases are qualifying to beta. Kubernetes consulting companies are exploring the new version of Kubernetes along with its new features.
There are many features in this latest version of Kubernetes and these are some highlights with regard to security. Kubernetes consulting companies are essential for great containerization for your business.
Podsecurity admission controller
Kubernetes consulting companies are witnessing drastic changes in pod security admission controllers in the latest update. The Podsecurity feature was deplored in the former update and now it hit with the alpha feature. Being a user, you can not use it for production at the moment. But can test and see the results with regard to security admission control. The podsecurity admission controller is cool in design compared to the PSP feature. It is not very flexible and makes it a minor choice for complex policy requirements.
“Safe” label for Unprivileged port sysctl
Containers run as the “root” user as they can bind ports below 1024. This has been regarded as privileged and to access means additional permissions. Kubernetes 1.22 has changed this as it allows unprivileged users to configure low ports. As a result, developers could easily move to containers using “non-root user accounts”.
With version 1.22, you can change the sysctl as per your pod manifest for containers to run as underprivileged users to bind low ports.
Network policy Endport becomes beta
Access for different ports has been a request for a long time when it comes to Kubernetes network policy. You can easily access a set of services on adjacent ports using single rules.
Kubernetes consulting companies can use this feature by default while moving to beta. The only thing required is, your Container Network Interface must support it.
Default seccomp profile
Kubernetes consulting companies are grabbing this new feature to address a long-term weakness in Kubernetes default security posture. It is primarily caused by disabling of Docker’s seccomp policy when containers run in Kubernetes.
In a nutshell, most of the security features are advanced and available in alpha release.
The new version of Kubernetes 1.22 will be useful for administrators and users.
Urolime is one of the top Kubernetes consulting companies in India that delivers accurate IT solutions to diverse industries. Apart from Kubernetes consulting service, we also have got vast knowledge and experience in all major AWS services such as Automation, AIOps, DevOps, Cloud migration and services, Storage & Content Delivery, Database, Operational maturity, Networking, Enterprise Applications, Mobile Services, IoT, Developer and Management Tools, Security and Application Services other than DevOps consulting service. Urolime is one of the best Kubernetes consulting companies in India and the technical competence is what makes us different from other providers.