-
Book Overview & Buying
-
Table Of Contents
Learning Kubernetes Security - Second Edition
By :
In this chapter, you reviewed different security-sensitive configurations for each master and node component: kube-apiserver, kube-scheduler, kube-controller-manager, kubelet, CoreDNS, and etcd. You learned how each component can be secured. By default, components might not follow all the security best practices, so it is the responsibility of the cluster administrators to ensure that the components are secure. You also examined an open source tool, kubeletctl, and how it can detect misconfigured kubelet endpoints and take actions on them. Finally, you learned about kube-bench, which can be used to understand the security baseline for your running cluster.
It is important to understand these configurations and ensure that the components follow the given checklists to reduce the chance of a compromise.
In Chapter 7, Authentication, Authorization, and Admission Control, you will go through authentication and authorization mechanisms in Kubernetes. We briefly talked about...