Kubernetes Security Best Practices on Amazon EKS

NGINX-Part-of-F5-horiz-black-type-RGB
Dave Morrissey Miniatur
Dave Morrissey
Published October 08, 2024

Modern apps now make up just over half of the average app portfolio, compared to just 29% in 2020.1 Frequently, these apps run in containers for faster deployment and automatic scaling, and the containers themselves likely run in more than one environment, as the majority of organizations (88%) use at least two app deployment models and roughly 40% use six.2 However, running modern apps in an increasing number of environments complicates reliable security and connectivity.

The pros and cons of Kubernetes orchestration

Kubernetes is the most popular container orchestration system, with 84% of organizations using or evaluating it, and 66% using it in production.3 Amazon Elastic Kubernetes Service (EKS) is the most popular platform for container orchestration, used by more than half of organizations surveyed.4

EKS is a managed service that offers built-in integrations with AWS services, cost efficiency due to automatic scaling and resource provisioning, and automatic patching of the Kubernetes control plane, making it easy to run Kubernetes on AWS or in on-premises data centers.

While Kubernetes orchestration offers numerous advantages, it isn’t without challenges. Research from Red Hat showed that many organizations still struggle with the complexity of securing container-based Kubernetes environments, as 89% reported at least one related security incident during the last 12 months.5 More than two-thirds of organizations also reported delaying or slowing deployment due to Kubernetes security concerns.6 When your Kubernetes environments span multiple clouds or on-premises locations, maintaining security and consistency is difficult. A solution is needed to let you secure containerized apps consistently, whether they run in Amazon EKS or any other environment.

Simplify Kubernetes connectivity and security

Scale, govern, and secure Kubernetes apps and microservices across all environments, including Amazon EKS, with F5 NGINX. It provides consistent connectivity and security on premises as well as in multiple clouds to reduce complexity while delivering real-time visibility.

Using NGINX as an Ingress Controller for Amazon EKS lets you manage app connectivity across clusters. NGINX also integrates with AWS services, such as load balancing, auto scaling, and AWS Lambda, making it a seamless addition to your AWS environment. It also helps you fulfill your portion of the shared responsibility model, providing security for your apps and data while AWS secures the infrastructure.

NGINX makes your Kubernetes deployments production-grade with load balancing and SSL termination to improve performance, increase uptime, and strengthen security. Mitigate threats from edge to cloud with continuous authentication and authorization, access control, end-to-end encryption, layer 7 OWASP and DoS protection, and actionable insights. You can also enable zero trust security for your Kubernetes apps with NGINX.

NGINX addresses several commonly reported Kubernetes challenges, such as security concerns and time to market. Self-service capabilities enable development teams to release apps faster without adding security risk. Using NGINX with your Kubernetes apps also mitigates complexity across multiple environments by reducing tool sprawl, increasing consistency, and providing better insight into app health and performance.

Simplify and secure Kubernetes everywhere

By using NGINX with your Kubernetes deployments on Amazon EKS—and anywhere else you run them—you can simplify operations and increase uptime with secure, streamlined app connectivity. Try NGINX out for free for 30 days on the AWS Marketplace or discover the many other F5 solutions available on AWS.

Learn more at f5.com/aws.

Sources:

  1. F5, 2024 State of Application Strategy Report, May 2024
  2. Ibid.
  3. Cloud Native Computing Foundation, CNCF 2023 Annual Survey, May 2024
  4. Red Hat, The State of Kubernetes Security Report, June 2024
  5. Ibid.
  6. Ibid.