The Kubernetes Book

By : Nigel Poulton, Pushkar Joglekar

The Kubernetes Book

By: Nigel Poulton, Pushkar Joglekar

Overview of this book

Kubernetes is the leading orchestrator of cloud-native apps. With knowledge of how to work with Kubernetes, you can easily deploy and manage applications on the cloud or in your on-premises data center. The book begins by introducing you to Kubernetes and showing you how to install it. You’ll learn how to use Kubernetes Services and bring stable and reliable networking to apps that are deployed on Kubernetes. You'll delve deep into the powerful storage subsystem of Kubernetes and learn how to leverage the variety of external storage backends in your applications. As the book progresses, it shows you how to use features such as DaemonSets, Helm, and RBAC to enhance your Kubernetes applications. You'll explore the six categories of identifying vulnerabilities and look at a few ways to prevent and mitigate them. You'll also look at ways to secure the software delivery pipeline by discussing some image-related best practices. The book ends by sharing with you some resources that’ll help take your Kubernetes knowledge to the next level. By the end of the book, you’ll have the confidence and skills to leverage all the features of Kubernetes to develop scalable applications.

Preface

About the Book

Free Chapter

Chapter 1

Kubernetes Primer

Kubernetes Background

Where did Kubernetes Come From?

A Data Center OS

Summary

Chapter 2

Kubernetes Principles of Operation

Kubernetes from 40k Feet

Masters and Nodes

Summary

Chapter 3

Installing Kubernetes

Play with Kubernetes

Docker Desktop

Minikube

Google Kubernetes Engine (GKE)

Summary

Chapter 4

Working with Pods

Pod Theory

Hands-On with Pods

Summary

Chapter 5

Kubernetes Deployments

Deployment Theory

How to Create a Deployment

Performing a Rolling Update

How to Perform a Rollback

Summary

Chapter 6

Kubernetes Services

Setting the Scene

Hands-On with Services

Real-World Example

Summary

Chapter 7

Kubernetes Storage

The Big Picture

Storage Providers

The Container Storage Interface (CSI)

The Kubernetes Persistent Volume Subsystem

Storage Classes and Dynamic Provisioning

Demo

Summary

Chapter 8

Other Important Kubernetes Stuff

Role-Based Access Control (RBAC)

Helm

Summary

Chapter 9

Threat Modeling Kubernetes

Information Disclosure

Denial of Service

Elevation of Privilege

Pod Security Policies

Summary

Chapter 10

Real-World Kubernetes Security

CI/CD Pipeline

Infrastructure and Networking

Identity and Access Management (IAM)

Auditing and Security Monitoring

Real-World Example

Summary

Chapter 11

What Next

Practice Makes Perfect

More Books

Events and Meetups

Feedback

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Threat Model

Threat modeling is the process of identifying vulnerabilities so that we can put measures in place to prevent and mitigate them. In this chapter, we'll look at the popular STRIDE model and see how it can be applied to Kubernetes.

STRIDE defines six categories of potential threat:

Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Elevation of privilege

While the model is good, it's important to keep in mind that no threat model guarantees coverage of all possible threats. However, models such as this are useful in giving us a structured way to look at an entire system.

For the rest of this chapter, we'll look at each of the six threat categories of the STRIDE model in turn. For each one, we'll give a quick description, and then look at some of the ways it applies to Kubernetes and how we can prevent and mitigate the threat.

This chapter doesn't attempt to cover everything. It&apos...

The Kubernetes Book

By : Nigel Poulton, Pushkar Joglekar

The Kubernetes Book

By: Nigel Poulton, Pushkar Joglekar

Overview of this book

Related Content you might be interested in

Current Title:

The Kubernetes Book

The KCNA Book

The DevOps 2.3 Toolkit

The Kubernetes Bible

Threat Model