Kubernetes Security - STRIDE Threat Model | PrimeThreat
Examples Kubernetes

Kubernetes Security

Cloud-native container orchestration platform. The control plane is the crown jewel - compromise here means full cluster takeover.

Cluster Architecture

Kubernetes cluster with service mesh, external secrets management, and container registry.

ExternaluntrustedUsersAttackerIngresssemi trustedLoad BalancerIngressMeshWorkloadstrustedPodsServicesJobsControl Planehighly trustedAPI ServeretcdSchedulerSecretshighly trustedVaultRegistry

Crown Jewel: Control Plane

The API Server and etcd are the most critical components. An attacker with API server access can deploy any workload, read all secrets, and pivot to any node. etcd contains the entire cluster state including encoded secrets. Protect these with your life.

Ingress Layer

Load balancers, ingress controllers, and service mesh. First line of defense.

Workload Layer

Pods, services, and jobs. Where your applications run.

Control Plane

API server, etcd, scheduler. The brain of the cluster.

Secrets Management

Vault, registry. Where sensitive data lives.

Previous
CI/CD
Next
Mobile App