The Cloud Native Computing Foundation published a blog post that identifies a set of steps for hardening your Kubernetes environments.

If you have not already implemented most of them, I would recommend to at least look at them and assess if they matter for your use-case, most of them should for general usage however.

What I found very interesting for us security guys, that might deal with the 90% of legacy applications that still drive business was, that the blog also recommends hardening the node security. This is something that often is not considered a priority and falls of the table. Securing access to the kubernetes API and controlling access to your cluster on a least privilege base are key components of securing the container orchestration platform (the thing those containers actually run on). I can tell you from my experience that this is hard, not only because we are usually dealing with at least 3 networks on a cluster, physical network, pod network and cluster networking, but also because of the missing visibility on those connections and a way to segment them off easily without breaking the cluster.