Security recommendation/hardening guide for applications that use Kubernetes client

[AnshumanTripathi]

Create a security recommendation/hardening guide for applications that use the Kubernetes client. This could include different use-cases like:

1. Creating an application which runs kubectl commands.
2. An application that uses the Kubernetes client
3. A Kubernetes Operator

[chadmcrowell]

Hello, I'd like to contribute here. Just to be clear, the guide would focus on the security recommendations for applications interacting with the Kubernetes API? I can contribute in the following ways to recommend:

• handling of sensitive data (e.g. config, secrets, user creds)
• corruption of data or tampering
• security controls for principle of least privilege
• tightening up RBAC
• dependency control and vulnerability management
• enforcing network policy
• security of apps to maximize availability
• reduce attack vectors, and maintaining isolated workloads
• compliance and audit requirements
• supply chain attack prevention
• establish zero-trust for apps interacting with Kubernetes