Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learning Kubernetes Security
  • Table Of Contents Toc
Learning Kubernetes Security

Learning Kubernetes Security - Second Edition

By : Raul Lapaz
close
close
Learning Kubernetes Security

Learning Kubernetes Security

By: Raul Lapaz

Overview of this book

With readily available services, support, and tools, Kubernetes has become a foundation for digital transformation and cloud-native development, but it brings significant security challenges such as breaches and supply chain attacks. This updated edition equips you with defense strategies to protect your applications and infrastructure while understanding the attacker mindset, including tactics like container escapes and exploiting vulnerabilities to compromise clusters. The author distills his 25+ years of experience to guide you through Kubernetes components, architecture, and networking, addressing authentication, authorization, image scanning, resource monitoring, and traffic sniffing. You’ll implement security controls using third-party plugins (krew) and tools like Falco, Tetragon, and Cilium. You’ll also secure core components, such as the kube-apiserver, CoreDNS, and kubelet, while hardening images, managing security contexts, and applying PodSecurityPolicy. Through practical examples, the book teaches advanced techniques like redirecting traffic from misconfigured clusters to rogue pods and enhances your support incident response with effective cluster monitoring and log analysis. By the end of the book, you'll have a solid grasp of container security as well as the skills to defend your clusters against evolving threats.
Table of Contents (18 chapters)
close
close

Preface

Kubernetes has emerged as one of the standards for orchestrating containerized applications in the cloud. Its flexibility and scalability enable organizations to deploy and manage modern applications with efficiency. However, with this power comes complexity, and increased security risks. As Kubernetes adoption grows, so does the interest of attackers in exploiting its components and workloads.

This book was written to help administrators, developers, architects, and security professionals to understand the evolving landscape of Kubernetes security. Whether you are operating Kubernetes in production or you are a beginner, this book helps you understand how Kubernetes works and know how to secure it.

The book begins with foundational concepts, such as architecture and networking, to give you a strong technical background. From there, we introduce the threat model, giving you the ability to detect risks and threat actors. Practical security principles are introduced in the chapters on least privilege, security boundaries, and securing cluster components, helping to minimize exposure.

The book explores authentication, authorization, and admission control, the first layers of defense for controlling access. Then, we dive deeper into runtime hardening in securing Pods, where you’ll learn how to enforce policies that limit what workloads can do. Recognizing the importance of proactive security, the chapter on shift left introduces strategies and open source tools such as Trivy, Syft, and Cosign to integrate security earlier in the CI/CD pipeline.

Monitoring and visibility are key to security within an organization. The book addresses this through real-time monitoring and observability and security monitoring and log analysis, where tools such as Prometheus, Grafana, and auditing techniques are discussed. We also talk about how to apply defense in depth with the help of tools such as Vault, Falco, and Tetragon, combining multiple layers of protection.

No security book is complete without understanding the attacker’s mindset. You will step into the mindset of an adversary, exploring practical and real-world attack scenarios, misconfigurations, and container escape methods. The goal is not just to defend but to anticipate and be proactive to mitigate threats.

To further secure cluster defenses, we cover third-party plugins that extend Kubernetes’ native capabilities, and we conclude with an appendix on enhancements in Kubernetes 1.30–1.33, highlighting the latest features that improve security.

This book was written with a hands-on, practical approach. It’s designed to empower and enable. As Kubernetes continues to grow, in order to secure your clusters, you must evolve too. Whether you’re securing multi-tenant clusters, developing secure applications, or defending production workloads, this book will serve as your guide to building and maintaining a robust Kubernetes security posture.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Learning Kubernetes Security
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon