Your organization recently adopted a container-based workflow for application development.
Your team develops numerous applications that are deployed continuously through an automated build pipeline to a Kubernetes cluster in the production environment.
The security auditor is concerned that developers or operators could circumvent automated testing and push code changes to production without approval.
What should you do to enforce approvals?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The concern raised by the security auditor is valid because a lack of proper controls could result in unauthorized or untested code changes making it to production environments. To enforce approvals, you can implement one or more of the following measures:
A. Configure the build system with protected branches that require pull request approval: This measure is useful when using a version control system such as Git. Protected branches can prevent direct pushes to a specific branch and require pull request approvals from designated users or teams. This ensures that only approved code changes are merged into the production branch. However, this measure does not guarantee that the approved code changes are secure and have been tested.
B. Use an Admission Controller to verify that incoming requests originate from approved sources: An Admission Controller is a Kubernetes component that intercepts and validates API requests to the Kubernetes API server. By configuring an Admission Controller, you can verify that incoming requests originate from approved sources, such as trusted IP addresses or users with proper authentication credentials. This ensures that only authorized users can deploy changes to production. However, this measure does not ensure that the deployed code changes are secure and have been tested.
C. Leverage Kubernetes Role-Based Access Control (RBAC) to restrict access to only approved users: Kubernetes RBAC allows you to restrict access to Kubernetes resources based on users' roles and permissions. By configuring RBAC, you can limit access to production environments to only authorized users and teams. This ensures that only approved users can deploy changes to production. However, this measure does not ensure that the deployed code changes are secure and have been tested.
D. Enable binary authorization inside the Kubernetes cluster and configure the build pipeline as an attestor: Binary Authorization is a feature in Kubernetes that enables you to require approval for deploying container images based on their metadata, such as their SHA256 digest. By configuring binary authorization, you can ensure that only approved container images are deployed to production. To configure this, you can set up the build pipeline as an attestor that approves or denies container images based on predefined criteria. This ensures that only approved, secure, and tested container images are deployed to production.
In summary, all four measures can help enforce approvals in a container-based workflow. However, measures B, C, and D are more comprehensive because they ensure that only authorized, secure, and tested code changes are deployed to production.