Create Manage_Security_Like_Pro.md

Security/Manage_Security_Like_Pro.md

@@ -0,0 +1,28 @@
+# Kubernetes Security Journey for DevSecOps Engineers
+
+As DevSecOps engineers, one of the primary resposibilities is to maintain security of your Kubernetes clusters and the containers.
+Here are some of the mandatory things to consider.
+
+## Secure your API server
+The Kubernetes API server is a critical component of the cluster and should be secured with strong authentication and authorization mechanisms. 
+Use TLS certificates for all communications with the API server.
+
+## RBAC
+Use Role-Based Access Control to define who can access the Kubernetes API and what actions they are allowed to perform. 
+Use strong authentication methods like multi-factor authentication and enforce password policies.
+
+## Network Policies
+Use network policies to restrict traffic within the cluster and to/from external sources. 
+Use firewalls and security groups to control traffic to and from the cluster.
+
+## Encrypt data at rest
+Use encryption to protect sensitive data stored in etcd and other components of the cluster.
+
+## Secure Container Images
+Use container images from trusted sources and scan them for vulnerabilities before deployment.
+
+## Cluster Monitoring
+Use tools like Kubernetes Audit Logs and security monitoring solutions to detect and respond to security threats in real-time.
+
+## Upgrades
+Keep the Kubernetes cluster and its components up to date with the latest security patches and updates.