[raesene6]

yeah I've got that noted in the blog post :) but it was really just an example. One of the things thats struck me about docker/Kubernetes etc is that they tend to be tuned for a general use case in terms of security and configuration. Choices that might improve security and restrict usefulness of services are not usually defaults.

As such there needs to be a level of hardening done from an out of the box perspective where they're being used in a high-security environment (e.g. banking).

For Docker we have resources like docker_bench and the CIS guide which provide a list of possible hardening steps, but I've not managed to find anything like that for Kubernetes, which is why I'm interested in how Monzo are addressing that issue.

[dimastopel]

Not sure if you are looking for a commercial solution, but we (Twistlock [1]) develop a security suite for enterprises working with Docker and / or Kubernetes. In fact, we are officially recommended by Google for working with GKE which is very much based on Kubernetes [2]. I'd be glad to elaborate if relevant.

[1] https://www.twistlock.com/

[2] https://cloudplatform.googleblog.com/2015/11/enhancements-to...