Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Michael Hausenblas, Liz Rice
Kubernetes Security
Introduction
Why We Wrote This Book
Who Is This Book For?
Which Version of Kubernetes?
A Note on Federation
Acknowledgments
1. Approaching Kubernetes Security
Security Principles
Defense in Depth
Least Privilege
Limiting the Attack Surface
2. Securing the Cluster
API Server
Kubelet
Kubelet Certificate Rotation
Running etcd Safely
Kubernetes Dashboard
Validating the Configuration
CIS Security Benchmark
Penetration Testing
3. Authentication
Identity
Authentication Concepts
Authentication Strategies
Tooling and Good Practices
4. Authorization
Authorization Concepts
Authorization Modes
Access Control with RBAC
Tooling and Good Practices
5. Securing Your Container Images
Scanning Container Images
Patching Container Images
CI/CD Best Practices
Image Storage
Correct Image Versions
Running the Correct Version of Container Images
Image Trust and Supply Chain
Minimizing Images to Reduce the Attack Surface
6. Running Containers Securely
Say No to Root
Admission Control
Security Boundaries
Policies
Security Context and Policies
Network Policies
Example Network Policy
Effective Network Policies
7. Secrets Management
Applying the Principle of Least Privilege
Secret Encryption
Kubernetes Secret Storage
Storing Secrets in etcd
Storing Secrets in Third-Party Stores
Passing Secrets into Containerized Code
Don’t Build Secrets into Images
Passing Secrets as Environment Variables
Passing Secrets in Files
Secret Rotation and Revocation
Secret Access from Within the Container
Secret Access from a Kubelet
8. Advanced Topics
Monitoring, Alerting, and Auditing
Host Security
Host Operating System
Node Recycling
Sandboxing and Runtime Protection
Multitenancy
Dynamic Admission Control
Network Protection
Service Meshes
Static Analysis of YAML
Fork Bombs and Resource-Based Attacks
Cryptocurrency Mining
Kubernetes Security Updates
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Kubernetes Security
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset