About you

To get most out of the book, we assume that you either have a devops role, are a Kubernetes platform person, a cloud native architect, a Site Reliability Engineer (SRE), or something related to Chief Information Security Officer (CISO). We further assume that you’re interested in hands-on, that is, while we discuss threats and defenses in principle, we try our best to demonstrate them at the same time and point you to tools that can help you.

At this point we also want to make sure you understand that the book you’re reading is targeting advanced topics. We assume that you’re already familiar with Kubernetes, and specifically Kubernetes security topics, at least on a surface level. In other words, we don’t go into much details about how things work but summarise or recap important concepts or mechanisms on a per-chapter basis.

In particular, we assume that you understand what containers are for and how they run in Kubernetes. If you are not yet familiar with these topics, we recommend that you do some preliminary reading. The following are books we suggest consulting:

• Kubernetes: Up and Running by Brendan Burns, Kelsey Hightower, and Joe Beda

• Managing Kubernetes by Brendan Burns and Craig Tracey

• Kubernetes Security by Liz Rice and Michael Hausenblas

• Container Security by Liz Rice

Now that we hopefully made clear what this book tries to achieve and who will, in our view, benefit from it, let’s move on to a different topics: the authors.

About us

Based on our combined 10+ years of hands-on experience designing, running, attacking, and defending Kubernetes-based workloads and clusters, we, the authors, want to equip you, the cloud native security practitioner, with what you need to be successful in your job.

Security is often illuminated by the light of past mistakes, and both of the authors have been learning (and making mistakes in!) Kubernetes security for a while now. We wanted to be sure that what we thought we understood about the subject was true, so we wrote a book to verify our suspicions through a shared lens.

We both have served in different companies and roles, gave training sessions, and published material from tooling to blog posts as well as have shared lessons learned on the topic in various public speaking engagements. Much of what motivates us here and the examples we use are rooted in experiences we made in our day-to-day jobs and/or saw at customers.

How To Use This Book

This book is a threat-based guide to security in Kubernetes, using a vanilla Kubernetes installation with its (built-in) defaults as a starting point. We’ll kick off discussions with an abstract threat model of a distributed system running arbitrary workloads and progress to a detailed assessment of each component of a secure Kubernetes system.

An enhanced Kubernetes Attack Matrix is used to represent hostile activity, baselined on Microsoft’s matrix and enriched by Alcide and ControlPlane (and friends). We use attack trees to communicate a clear understanding of the chain of exploits required to achieve compromise.

In each chapter, we examine a component’s architecture and potential default settings and we reviews high-profile attacks and historical CVEs. We also demonstrate attacks and share best-practice configuration in order to demonstrate hardening it from possible angles of attack.

In order to aid you in navigating the book, here’s a quick rundown on the chapter level:

• In Chapter 1 we set the scene, introducing our main antagonist and also what threat modelling is.

• The Chapter 2 then focuses on pods, from configurations to attacks to defenses.

• Next up, in Chapter 3 we switch gears and dive deep into sandboxing and isolation techniques.

• The Chapter 4 then covers supply chain attacks and what you can do to detect and mitigate them.

• In Chapter 5 we then review networking defaults and how to secure your cluster and workload traffic.

• Then, in Chapter 6 we shift our focus on the persistency aspects, looking at filesystems, volumes, and sensitive information at rest.

• Chapter 7 covers the topic of running workloads for multi tenants in a cluster and what can go wrong with this.

• Next up is Chapter 8, where we review different kinds of policies in use, discuss access control—specifically Role-based access control (RBAC)—and generic policy solutions such as Open Policy Agent (OPA).

• In Chapter 9 we cover the question what you can do if, despite controls put in place, someone manages to break in.

• Chapter 10 is somewhat special, in that it doesn’t focus on tooling but on the human side of things, in the context of cloud as well as on-prem installations.

In the Appendix A we walk you througha hands-on exploration of attacks on the pod-level as discussed in Chapter 2. Finally, in Appendix B we put together further reading material on a per-chapter basis as well as a collection of annotated CVEs relevant in the context of this book.

You don’t have to read the chapters in order, we tried our best to keep the chapters as self-contained as possible and referring to related content where appropriate.

With this short guide on what to expect and a quick orientation done, let’s have a look at conventions used in the book, next.

Conventions Used in This Book

The following typographical conventions are used in this book:

Italic

Indicates new terms, URLs, email addresses, filenames, and file extensions.

Constant width

Used for program listings. Also used within paragraphs to refer to program elements such as variable or function names, databases, data types, environment variables, statements, and keywords.

Constant width bold

Shows commands or other text that should be typed exactly as written by the user.

Constant width italic

Shows text that should be replaced with user-supplied values or values determined by context.

Using Code Examples

Supplemental material (code examples, exercises, etc.) is available for download at https://github.com/oreillymedia/title_title.

If you have a technical question or a problem using the code examples, please email [email protected].

This book is here to help you get your job done. In general, if example code is offered with this book, you may use it in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a significant amount of example code from this book into your product’s documentation does require permission.

We appreciate but generally do not require attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: “Book Title by Some Author (O’Reilly). Copyright 2012 Some Copyright Holder, 978-0-596-xxxx-x.”

If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at [email protected].

O’Reilly Online Learning

Our unique network of experts and innovators shares its knowledge and expertise through books, articles, and our online learning platform. O’Reilly’s online learning platform gives on-demand access to live training courses, in-depth learning paths, interactive coding environments, and a vast collection of text and video from O’Reilly and 200+ other publishers. For more information, visit http://oreilly.com.

How to Contact Us

Please address comments and questions concerning this book to the publisher:

• O’Reilly Media, Inc.
• 1005 Gravenstein Highway North
• Sebastopol, CA 95472
• 800-998-9938 (in the United States or Canada)
• 707-829-0515 (international or local)
• 707-829-0104 (fax)

Email [email protected] to comment or ask technical questions about this book.

For news and information about our books and courses, visit http://oreilly.com.

Find us on Facebook: http://facebook.com/oreilly

Follow us on Twitter: http://twitter.com/oreillymedia

Watch us on YouTube: http://www.youtube.com/oreillymedia

Acknowledgements

Thanks go out to our reviewers Roland Huss, Liz Rice, Katie Gamanji, Ihor Dvoretskyi, and Michael Gasch. Your comments absolutely made a difference and we appreciate your guidance and suggestions.

Andy would like to thank his family and friends for their unceasing love and encouragement, the inspiring and razor-sharp team at ControlPlane for their assiduous insight, and the continually-enlightening cloud native security community for their relentless kindness and brilliance. Without you all it would be impossible, thank you from the bottom of my heart.

Michael would like to express his deepest gratitude to his awesome and supportive family: our kids Saphira, Ranya, and Iannis; my wicked smart and fun wife, Anneliese, and also our bestest of all dogs, Snoopy.

We would be remiss not to mention the Hacking Kubernetes Twitter list of our inspirations and mentors, featuring alphabetised luminaries such as antitree, bradgeesaman, brau_ner, christianposta, dinodaizovi, erchiang, garethr, IanColdwater, IanMLewis, jessfraz, jonpulsifer, jpetazzo, justincormack, kelseyhightower, krisnova, kubernetesonarm, liggitt, lizrice, lordcyphar, lorenc_dan, lumjjb, mauilion, MayaKaczorowski, mikedanese, monadic, raesene, swagitda_, tabbysable, tallclair, torresariass, WhyHiAnnabelle

Last but certainly not least, both authors thank the O’Reilly team, especially Angela Rufino, for shepherding us through the process of writing this book.