Photo by Bob Jenkin on Unsplash

Photo by Bob Jenkin on Unsplash

Checking Kubernetes Security Drift

Against the Current

Article from ADMIN 93/2026
By , By , By
Learn how to detect and eliminate security drift across Kubernetes clusters.

When you run multiple Kubernetes (K8s) clusters (e.g., production, staging, disaster recovery), you expect them to enforce the same security controls. But do they? Emergency fixes, temporary permission grants, and one-off exceptions slowly cause clusters to diverge. Driftwatch is a lightweight, open source command-line interface (CLI) tool that catches these security discrepancies before they lead to incidents or audit failures.

Security Drift in Multicluster Environments

Consider a scenario where a deployment issue arises on a Friday afternoon. A service account is granted elevated permissions as a quick fix, but those permissions are never revoked. Meanwhile, in another cluster, a developer modifies a NetworkPolicy to resolve a connectivity issue and forgets to revert the change. These seemingly minor actions accumulate over time – a phenomenon known as security drift – leaving clusters in a less secure state than intended [1].

Most tools look at each cluster separately. They check whether a cluster is following practices, but they do not check whether your production and disaster recovery clusters have the same security controls. That's where Driftwatch comes in.

Driftwatch

Instead of comparing static configuration files, Driftwatch evaluates how clusters behave across three areas:

  • Role-based access control (RBAC) authorization: Check the permissions that each user or service account has and compare them across clusters.
  • NetworkPolicy segmentation: Examine the NetworkPolicies in each cluster and check whether they allow the same traffic [2].
  • Namespace-level Pod Security Admission (PSA): Inspect the security labels applied to each namespace and flag any differences between

...

Use one of the options below to read the full article

Buy this article as PDF

Download Article PDF now with Express Checkout
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
SUBSCRIPTIONS
Print Subscriptions
Digital Subscriptions

Related content

  • Photo by Kier in Sight Archives on Unsplash
    Serverless applications with OpenFaaS
    Use advanced techniques for automation, optimization, and security to deploy serverless applications with the OpenFaaS framework in a Linux environment.
    more »
  • Lead Image © Zlatko Guzmic, 123RF.com
    Kubernetes clusters within AWS EKS
    Automated deployment of the AWS-managed Kubernetes service EKS helps you run a production Kubernetes cluster in the cloud with ease.
    more »
  • Lead Image © Beboy, Fotolia.com
    Correctly integrating containers
    If you run microservices in containers, they are forced to communicate with each other – and with the outside world. We explain how to network pods and nodes in Kubernetes.
    more »
  • Photo by Andrea Davis on Unsplash
    Nested Kubernetes with Loft
    Kubernetes has limited support for multitenancy, so many admins prefer to build multiple standalone Kubernetes clusters that eat up resources and complicate management. As a solution, Loft launches any number of clusters within the same control plane.
    more »
  • Lead Image © Zachery Blanton, 123RF.com
    Secure access to Kubernetes
    Kubernetes comes with a sophisticated system for ensuring secure access by users and system components through an API. We look at the options for authentication, authorization, and access control.
    more »
comments powered by Disqus