Book Image

The Kubernetes Book

By : Nigel Poulton, Pushkar Joglekar
Book Image

The Kubernetes Book

By: Nigel Poulton, Pushkar Joglekar

Overview of this book

Kubernetes is the leading orchestrator of cloud-native apps. With knowledge of how to work with Kubernetes, you can easily deploy and manage applications on the cloud or in your on-premises data center. The book begins by introducing you to Kubernetes and showing you how to install it. You’ll learn how to use Kubernetes Services and bring stable and reliable networking to apps that are deployed on Kubernetes. You'll delve deep into the powerful storage subsystem of Kubernetes and learn how to leverage the variety of external storage backends in your applications. As the book progresses, it shows you how to use features such as DaemonSets, Helm, and RBAC to enhance your Kubernetes applications. You'll explore the six categories of identifying vulnerabilities and look at a few ways to prevent and mitigate them. You'll also look at ways to secure the software delivery pipeline by discussing some image-related best practices. The book ends by sharing with you some resources that’ll help take your Kubernetes knowledge to the next level. By the end of the book, you’ll have the confidence and skills to leverage all the features of Kubernetes to develop scalable applications.
Table of Contents (23 chapters)
Free Chapter
1
Chapter 1
3
Chapter 2
5
Chapter 3
7
Chapter 4
9
Chapter 5
11
Chapter 6
13
Chapter 7
15
Chapter 8
17
Chapter 9
19
Chapter 10
21
Chapter 11

Spoofing

Spoofing is pretending to be something, or somebody, you are not. In the context of information security, it's pretending to be a different user or entity, with the aim of gaining extra privileges on a system.

Let's look at how Kubernetes authenticates users to prevent spoofing.

Securing Communications with the API Server

Kubernetes comprises lots of small components that work together. These include control plane components such as the API server, controller manager, scheduler, cluster store, and others. It also includes node components such as the kubelet and container runtime. Each of these has its own set of privileges that allow it to interact with, and even modify, the cluster. Even though Kubernetes implements a least-privilege model, spoofing the identity of any of these components can have unforeseen and potentially disastrous consequences.

Fortunately, Kubernetes implements a security model that requires components to authenticate via mutual...