Cloud Provider and Infrastructure Security

In 2022, the NSA and CISA published version 1.2 of their Kubernetes Hardening Guidance after analyzing real-world attack patterns where adversaries bypassed cluster-level controls entirely by exploiting misconfigured nodes. The pattern is consistent: the infrastructure layer underneath Kubernetes is the most trusted and the least audited. A compromised node means compromised workloads, regardless of what the cluster-level policies say.

This maps to the KCSA "Cloud Provider and Infrastructure Security" subtopic (14% domain weight). What follows covers the shared responsibility model, infrastructure hardening at the node and OS level, CIS Kubernetes Benchmarks for validating that baseline, and kubelet security as the most underestimated attack surface on a Kubernetes node.