Kubernetes has lots of native security controls that require proper configuration and fine-tuning over time. The community commitment to the platform’s security has also led to the creation of various commercial and open source tools for further ensuring the security of your applications and environment. Kube-hunter is a good example: it’s an open source tool for pen-testing your cluster and its nodes.
Basically, penetration testing is to security what chaos testing is to resiliency. By assuming that you have weaknesses that an attacker can exploit (because you almost certainly do), you more proactively build security into your systems. You’re attacking yourself to discover holes before someone else does. It can also help promote a healthier culture that doesn’t treat security as “someone else’s job,” but a mindset that permeates your software supply chain and all of the individual roles its success depends upon.
