Summary
In this chapter, we used STRIDE for threat modeling in Kubernetes. We stepped through the six categories of threat and looked at some ways of preventing and mitigating them.
We saw that one threat can often lead to another, and that there are multiple ways to mitigate a single threat. As always, defense in depth is a key tactic.
We finished the chapter by discussing how Pod Security Policies provide a flexible and scalable way to implement Pod security defaults.
In the next chapter, we'll see some best practices and lessons learned from running Kubernetes in production.