Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learn Kubernetes Security
  • Table Of Contents Toc
  • Feedback & Rating feedback
Learn Kubernetes Security

Learn Kubernetes Security

By : Kaizhe Huang, Pranjal Jumde
5 (10)
Buy this Book
close
close
Learn Kubernetes Security

Learn Kubernetes Security

5 (10)
By: Kaizhe Huang, Pranjal Jumde
Buy this Book

Overview of this book

Kubernetes is an open source orchestration platform for managing containerized applications. Despite widespread adoption of the technology, DevOps engineers might be unaware of the pitfalls of containerized environments. With this comprehensive book, you'll learn how to use the different security integrations available on the Kubernetes platform to safeguard your deployments in a variety of scenarios. Learn Kubernetes Security starts by taking you through the Kubernetes architecture and the networking model. You'll then learn about the Kubernetes threat model and get to grips with securing clusters. Throughout the book, you'll cover various security aspects such as authentication, authorization, image scanning, and resource monitoring. As you advance, you'll learn about securing cluster components (the kube-apiserver, CoreDNS, and kubelet) and pods (hardening image, security context, and PodSecurityPolicy). With the help of hands-on examples, you'll also learn how to use open source tools such as Anchore, Prometheus, OPA, and Falco to protect your deployments. By the end of this Kubernetes book, you'll have gained a solid understanding of container security and be able to protect your clusters from cyberattacks and mitigate cybersecurity threats.
Table of Contents (19 chapters)
close
close
close
Preface
chevron up
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Code in Action
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
1
Section 1: Introduction to Kubernetes
Icon
Section 1: Introduction to Kubernetes
Lock Free Chapter
2
Chapter 1: Kubernetes Architecture
Icon
Chapter 1: Kubernetes Architecture
Icon
The rise of Docker and the trend of microservices
Icon
Kubernetes components
Icon
Kubernetes objects
Icon
Kubernetes variations
Icon
Kubernetes and cloud providers
Icon
Summary
Icon
Questions
Icon
Further reading
3
Chapter 2: Kubernetes Networking
Icon
Chapter 2: Kubernetes Networking
Icon
Overview of the Kubernetes network model
Icon
Communicating inside a pod
Icon
Communicating between pods
Icon
Introducing the Kubernetes service
Icon
Introducing the CNI and CNI plugins
Icon
Summary
Icon
Questions
Icon
Further reading
4
Chapter 3: Threat Modeling
Icon
Chapter 3: Threat Modeling
Icon
Introduction to threat modeling
Icon
Component interactions
Icon
Threat actors in Kubernetes environments
Icon
Threats in Kubernetes clusters
Icon
Threat modeling application in Kubernetes
Icon
Summary
Icon
Questions
Icon
Further reading
5
Chapter 4: Applying the Principle of Least Privilege in Kubernetes
Icon
Chapter 4: Applying the Principle of Least Privilege in Kubernetes
Icon
The principle of least privilege
Icon
Least privilege of Kubernetes subjects
Icon
Least privilege for Kubernetes workloads
Icon
Summary
Icon
Questions
Icon
Further reading
6
Chapter 5: Configuring Kubernetes Security Boundaries
Icon
Chapter 5: Configuring Kubernetes Security Boundaries
Icon
Introduction to security boundaries
Icon
Security boundaries versus trust boundaries
Icon
Kubernetes security domains
Icon
Kubernetes entities as security boundaries
Icon
Security boundaries in the system layer
Icon
Security boundaries in the network layer
Icon
Summary
Icon
Questions
Icon
Further references
7
Section 2: Securing Kubernetes Deployments and Clusters
Icon
Section 2: Securing Kubernetes Deployments and Clusters
8
Chapter 6: Securing Cluster Components
Icon
Chapter 6: Securing Cluster Components
Icon
Securing kube-apiserver
Icon
Securing kubelet
Icon
Securing etcd
Icon
Securing kube-scheduler
Icon
Securing kube-controller-manager
Icon
Securing CoreDNS
Icon
Benchmarking a cluster's security configuration
Icon
Summary
Icon
Questions
Icon
Further reading
9
Chapter 7: Authentication, Authorization, and Admission Control
Icon
Chapter 7: Authentication, Authorization, and Admission Control
Icon
Requesting a workflow in Kubernetes
Icon
Kubernetes authentication
Icon
Kubernetes authorization
Icon
Admission controllers
Icon
Introduction to OPA
Icon
Summary
Icon
Questions
Icon
Further reading
10
Chapter 8: Securing Kubernetes Pods
Icon
Chapter 8: Securing Kubernetes Pods
Icon
Hardening container images
Icon
Configuring the security attributes of pods
Icon
The power of PodSecurityPolicy
Icon
Summary
Icon
Questions
Icon
Further reading
11
Chapter 9: Image Scanning in DevOps Pipelines
Icon
Chapter 9: Image Scanning in DevOps Pipelines
Icon
Introducing container images and vulnerabilities
Icon
Scanning images with Anchore Engine
Icon
Integrating image scanning into the CI/CD pipeline
Icon
Summary
Icon
Questions
Icon
Further references
12
Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster
Icon
Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster
Icon
Real-time monitoring and management in monolith environments
Icon
Managing resources in Kubernetes
Icon
Monitoring resources in Kubernetes
Icon
Summary
Icon
Questions
Icon
Further references
13
Chapter 11: Defense in Depth
Icon
Chapter 11: Defense in Depth
Icon
Introducing Kubernetes auditing
Icon
Enabling high availability in a Kubernetes cluster
Icon
Managing secrets with Vault
Icon
Detecting anomalies with Falco
Icon
Conducting forensics with Sysdig Inspect and CRIU
Icon
Summary
Icon
Questions
Icon
Further references
14
Section 3: Learning from Mistakes and Pitfalls
Icon
Section 3: Learning from Mistakes and Pitfalls
15
Chapter 12: Analyzing and Detecting Crypto-Mining Attacks
Icon
Chapter 12: Analyzing and Detecting Crypto-Mining Attacks
Icon
Analyzing crypto-mining attacks
Icon
Detecting crypto-mining attacks
Icon
Defending against attacks
Icon
Summary
Icon
Questions
Icon
Further reading
16
Chapter 13: Learning from Kubernetes CVEs
Icon
Chapter 13: Learning from Kubernetes CVEs
Icon
The path traversal issue in kubectl cp – CVE-2019-11246
Icon
DoS issues in JSON parsing – CVE-2019-1002100
Icon
A DoS issue in YAML parsing – CVE-2019-11253
Icon
The Privilege escalation issue in role parsing – CVE-2019-11247
Icon
Scanning for known vulnerabilities using kube-hunter
Icon
Summary
Icon
Questions
Icon
Further references
17
Assessments
Icon
Chapter 1
Icon
Chapter 2
Icon
Chapter 3
Icon
Chapter 4
Icon
Chapter 5
Icon
Chapter 6
Icon
Chapter 7
Icon
Chapter 8
Icon
Chapter 9
Icon
Chapter 10
Icon
Chapter 11
Icon
Chapter 12
Icon
Chapter 13
18
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

What this book covers

Chapter 1, Kubernetes Architecture, introduces the basics of Kubernetes components and Kubernetes objects.

Chapter 2, Kubernetes Networking, introduces Kubernetes' networking model and dives deep into the communication among microservices.

Chapter 3, Threat Modeling, discusses important assets, threat actors in Kubernetes, and how to conduct threat modeling for applications deployed in Kubernetes.

Chapter 4, Applying the Principle of Least Privilege in Kubernetes, discusses the security control mechanisms in Kubernetes that help in implementing the principle of least privilege in two areas: the least privilege of Kubernetes subjects and the least privilege of Kubernetes workloads.

Chapter 5, Configuring Kubernetes Security Boundaries, discusses the security domains and security boundaries in Kubernetes clusters. Also, it introduces security control mechanisms to strengthen security boundaries.

Chapter 6, Securing Cluster Components, discusses the sensitive configurations in Kubernetes components, such as kube-apiserver, kubelet, and so on. It introduces the use of kube-bench to help identify misconfigurations in Kubernetes clusters.

Chapter 7, Authentication, Authorization, and Admission Control, discusses the authentication and authorization mechanisms in Kubernetes. It also introduces popular admission controllers in Kubernetes.

Chapter 8, Securing Kubernetes Pods, discusses hardening images with CIS Docker Benchmark. It introduces Kubernetes security contexts, Pod Security Policies, and kube-psp-advisor, which helps to generate Pod security policies.

Chapter 9, Image Scanning in DevOps Pipelines, introduces the basic concepts of container images and vulnerabilities. It also introduces the image scanning tool Anchore Engine and how it can be integrated into DevOps pipelines.

Chapter 10, Real-Time Monitoring and Resource Management of a Kubernetes Cluster, introduces built-in mechanisms such as resource request/limits and LimitRanger. It also introduces built-in tools like Kubernetes Dashboard and metrics server, and third-party monitoring tools, such as Prometheus and a data visualization tool called Grafana.

Chapter 11, Defense in Depth, discusses various topics related to defense in depth: Kubernetes auditing, high availability in Kubernetes, secret management, anomaly detection, and forensics.

Chapter 12, Analyzing and Detecting Crypto-Mining Attacks, introduces the basic concepts of cryptocurrency and crypto mining attacks. It then discusses a few ways to detect crypto mining attacks with open source tools such as Prometheus and Falco.

Chapter 13, Learning from Kubernetes CVEs, discusses four well-known Kubernetes CVEs and some corresponding mitigation strategies. It also introduces the open source tool kube-hunter, which helps identify known vulnerabilities in Kubernetes.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Learn Kubernetes Security
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon