-
Book Overview & Buying
-
Table Of Contents
Learning Kubernetes Security - Second Edition
By :
In this chapter, you learned practical strategies for hardening Kubernetes workloads at every stage of the container lifecycle, from image build to runtime. We began by applying CIS Docker Benchmarks to create secure container images, then moved into configuring key Kubernetes workload security attributes such as runAsUser and readOnlyRootFilesystem, and dropping capabilities.
We also explored PSA and the PSS framework that lets you enforce consistent, namespace-based security controls using modes such as audit and warn, and enforce Kubernetes workloads in a secure way. This happens at the build stage. It is also important to build adaptive PSPs for different Kubernetes workloads. The goal is to restrict most of the workloads to run with limited privileges while allowing only a few workloads to run with extra privileges, and without breaking workload availability. This happens at the runtime stage.
By putting these practices into action, you will ensure that Kubernetes...