Hardening a scheduling application server that was never intended to be hardened (wrapped by private R&D security IP not made publicly available) is always a challenge. Especially in light of everything else one must consider and engineer around;

• Cluster Architecture
• Containers
• Workloads
• Services, Load Balancing, and Networking
• Storage
• Configuration
• Policies
• Scheduling, Preemption and Eviction
• Cluster Administration
• Extending Kubernetes

Which is why it is worthwhile to view my lecture on the project that became Kubernetes. Design decisions were made of that era's philosophy. Hence this walkthrough to right the sins that were made.