Secure your Kubernetes Cluster running on Google cloud (features : out of the box)

Kubernetes engine has 2 parts -> Master Nodes and Worker Nodes

Google cloud provides out of the Box security features:

**Master Nodes and API: Security features

  1. Master API network access : only from whitelisted IP range (Firewall rules)

2. Master API : TLS encryption

3. Master API access by IAM authentication: Roles and permissions

**Worker Nodes and API: Security features

  1. VM’s and Pods are assigned Private IP (RFC 1918 IP addresses)
  2. Worker nodes cluster runs inside a Private VPC
  3. Set Firewalls rules to Worker nodes
  4. Attach Network policy to any Kubernetes Pod
  5. Kube network policies allow you to restrict pod-to-pod traffic (east-west)
  6. Calico Network Plugin, created with Tigera
  7. Layer 7 protection to Kube Ingress (HTTPS server)
  8. Secure Traffic between Clients and Google Ingress (Load balancer) using TLS certificates
  9. Attach a Private key and Certificate to Ingress using a Kube Secret

**Securely connect to Google’s managed services, without exposing your traffic to the public internet. Traffic from Pods to Google Services, is passing through Google Private network.