-
Book Overview & Buying
-
Table Of Contents
Learning Kubernetes Security - Second Edition
By :
In this chapter, we went through the concept of least privilege. Implementing the principle of least privilege holistically is critical: if the least privilege is missed in any area, this will potentially leave an attack surface wide open. We then discussed the security control mechanism in Kubernetes that helps in implementing the principle of least privilege in two areas: Kubernetes subjects and Kubernetes workloads. Kubernetes offers built-in security controls to implement the principle of least privilege.
Ensuring the least privilege is a process from development to deployment: application developers should work with security architects to design the minimum privileges for the service accounts associated with the application, as well as the minimum capabilities and proper resource allocation. During deployment, DevOps should consider using Pod Security admission and a network policy to enforce the least privileges across the entire cluster.
In Chapter 5, Configuring...