Kubero runs on Kubernetes and controls app deployments, secrets, and build workflows. Security should focus on Kubernetes RBAC, namespace isolation, and hardened container policies.
¶ 1) Enforce Kubernetes RBAC and namespace isolation
- Restrict Kubero service account permissions to least privilege.
- Separate teams/apps by namespaces and enforce network policies.
- Limit who can deploy, modify, or delete production workloads.
- Audit Kubernetes role bindings and cluster-wide privileges regularly.
- Enforce non-root containers and drop unnecessary Linux capabilities.
- Use read-only root filesystem where possible.
- Deny privileged pods and hostPath mounts unless explicitly approved.
- Scan images before deployment and pin trusted registries.
¶ 3) Secure ingress, secrets, and observability
- Enforce HTTPS ingress and strict TLS settings.
- Store secrets in Kubernetes Secrets or external secret manager with rotation policy.
- Restrict dashboard/admin ingress to trusted networks.
- Centralize audit logs for deployments and RBAC changes.
- Kubero repository: https://github.com/kubero-dev/kubero
- Kubero documentation: https://docs.kubero.dev/
Any questions?
Feel free to contact us. Find all contact information on our contact page.