A Kubernetes security assessment

The Kubernetes community has posted theextensive results [PDF] of a security assessment performed earlier thisyear. "Overall, Kubernetes is a large system with significantoperational complexity. The assessment team found configuration anddeployment of Kubernetes to be non-trivial, with certain components havingconfusing default settings, missing operational controls, and implicitlydefined security controls. Also, the state of the Kubernetes codebase hassignificant room for improvement. The codebase is large and complex, withlarge sections of code containing minimal documentation and numerousdependencies, including systems external to Kubernetes. There are manycases of logic re-implementation within the codebase which could becentralized into supporting libraries to reduce complexity, facilitateeasier patching, and reduce the burden of documentation across disparateareas of the codebase."