Security in Canonical Kubernetes

This page provides links to the various pages across our documentation that have security implications on Canonical Kubernetes.

Security pages

• Security overview explanation

• How to report a security issue

• How to harden your cluster

Authentication

• Certificates explanation

• How to refresh Kubernetes certificates

• How to use intermediate CAs with Vault

• Cluster certificates and configuration reference

Compliance

• CIS hardening explanation

• How to assess for CIS compliance

• How to assess for DISA STIG compliance

Updates

Keeping up to date with the latest security updates is an important part of security maintenance. Read the latest release notes and learn how to upgrade your cluster.

• Release notes

• How to upgrade the Canonical Kubernetes snap

Air-gapped deployment

• How to install in air-gapped environments

Reference material

Our reference material contains technical information that can be used to understand the security posture of Canonical Kubernetes such as what ports are exposed, what are the different security configuration options available during bootstrap and much more.

• Architecture

• Ports and services

• Configuration files