𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Kubernetes Security: Operating Kubernetes Clusters and Applications Safely

✍ Scribed by Liz Rice; Michael Hausenblas

Publisher
O'Reilly
Year
2018
Tongue
English
Leaves
85
Series
Report
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Kubernetes has fundamentally changed the way DevOps teams create, manage, and operate container-based applications, but as with any production process, you can never provide enough security. This practical ebook walks you through Kubernetes security featuresβ€”including when to use whatβ€”and shows you how to augment those features with container image best practices and secure network communication.

Liz Rice from Aqua Security and Michael Hausenblas from Red Hat not only describe practical security techniques for Kubernetes but also maintain an accompanying website. Developers will learn how to build container images with security in mind, and ops folks will pick up techniques for configuring and operating a Kubernetes cluster more securely.

  • Explore security concepts including defense in depth, least privilege, and limiting the attack surface
  • Safeguard clusters by securing worker nodes and control plane components, such as the API server and the etcd key value store
  • Learn how Kubernetes uses authentication and authorization to grant fine-grained access
  • Secure container images against known vulnerabilities and abuse by third parties
  • Examine security boundaries and policy enforcement features for running containers securely
  • Learn about the options for handling secret information such as credentials
  • Delve into advanced topics such as monitoring, alerting, and auditing, as well as sandboxing and runtime protection

✦ Table of Contents

Cover
Copyright
Table of Contents
Introduction
Why We Wrote This Book
Who Is This Book For?
Which Version of Kubernetes?
A Note on Federation
Acknowledgments
Chapter 1. Approaching Kubernetes Security
Security Principles
Defense in Depth
Least Privilege
Limiting the Attack Surface
Chapter 2. Securing the Cluster
API Server
Kubelet
Kubelet Certificate Rotation
Running etcd Safely
Kubernetes Dashboard
Validating the Configuration
CIS Security Benchmark
Penetration Testing
Chapter 3. Authentication
Identity
Authentication Concepts
Authentication Strategies
Tooling and Good Practices
Chapter 4. Authorization
Authorization Concepts
Authorization Modes
Access Control with RBAC
Tooling and Good Practices
Chapter 5. Securing Your Container Images
Scanning Container Images
Patching Container Images
CI/CD Best Practices
Image Storage
Correct Image Versions
Running the Correct Version of Container Images
Image Trust and Supply Chain
Minimizing Images to Reduce the Attack Surface
Chapter 6. Running Containers Securely
Say No to Root
Admission Control
Security Boundaries
Policies
Security Context and Policies
Network Policies
Example Network Policy
Effective Network Policies
Chapter 7. Secrets Management
Applying the Principle of Least Privilege
Secret Encryption
Kubernetes Secret Storage
Storing Secrets in etcd
Storing Secrets in Third-Party Stores
Passing Secrets into Containerized Code
Don’t Build Secrets into Images
Passing Secrets as Environment Variables
Passing Secrets in Files
Secret Rotation and Revocation
Secret Access from Within the Container
Secret Access from a Kubelet
Chapter 8. Advanced Topics
Monitoring, Alerting, and Auditing
Host Security
Host Operating System
Node Recycling
Sandboxing and Runtime Protection
Multitenancy
Dynamic Admission Control
Network Protection
Service Meshes
Static Analysis of YAML
Fork Bombs and Resource-Based Attacks
Cryptocurrency Mining
Kubernetes Security Updates
About the Authors

πŸ“œ SIMILAR VOLUMES

Hands-On Multi-Cloud Kubernetes: Multi-c
πŸ“ Hands-On Multi-Cloud Kubernetes: Multi-cluster Kubernetes deployment and scaling with FluxCD, Virtual Kubelet
✍ Joe Brian πŸ“‚ Library πŸ“… 2023 πŸ› GitforGits 🌐 English

"Hands-On Multi-Cloud Kubernetes" is an essential guide for anyone looking to understand Kubernetes and how it can be used to manage multi-cloud infrastructure. With eight comprehensive chapters, this book provides hands-on experience in setting up Kubernetes clusters, administering deployments and

Kubernetes Everywhere: Managing Professi
πŸ“ Kubernetes Everywhere: Managing Professional Kubernetes Clusters and Applications (Early Release)
✍ Christopher Negus πŸ“‚ Library πŸ“… 2023 πŸ› Addison-Wesley 🌐 English

As the mass migration to containerize software applications continues, Kubernetes has overwhelmingly become the platform to run those applications. Cloud providers like AWS, Google, and Microsoft bundle complex Kubernetes services to make it easier to deploy and scale applications. On-premises data

Hands-On Multi-Cloud Kubernetes: Multi-c
πŸ“ Hands-On Multi-Cloud Kubernetes: Multi-cluster kubernetes deployment and scaling with FluxCD, Virtual Kubelet, Submariner and KubeFed
✍ Joe Brian πŸ“‚ Library πŸ“… 2023 πŸ› GitforGits 🌐 English

<p><span>"Hands-On Multi-Cloud Kubernetes" is an essential guide for anyone looking to understand Kubernetes and how it can be used to manage multi-cloud infrastructure. With eight comprehensive chapters, this book provides hands-on experience in setting up Kubernetes clusters, administering deploym

Hands-On Multi-Cloud Kubernetes: Multi-c
πŸ“ Hands-On Multi-Cloud Kubernetes: Multi-cluster kubernetes deployment and scaling with FluxCD, Virtual Kubelet, Submariner and KubeFed
✍ Joe Brian πŸ“‚ Library πŸ“… 2023 πŸ› GitforGits 🌐 English

<p><span>"Hands-On Multi-Cloud Kubernetes" is an essential guide for anyone looking to understand Kubernetes and how it can be used to manage multi-cloud infrastructure. With eight comprehensive chapters, this book provides hands-on experience in setting up Kubernetes clusters, administering deploym

Managing Kubernetes: operating Kubernete
πŸ“ Managing Kubernetes: operating Kubernetes clusters in the real world
✍ Burns, Brendan;Tracey, Craig πŸ“‚ Library πŸ“… 2018;2019 πŸ› O'Reilly Media 🌐 English

While Kubernetes has greatly simplified the task of deploying containerized applications, managing this orchestration framework on a daily basis can still be a complex undertaking. With this practical book, site reliability and DevOps engineers will learn how to build, operate, manage, and upgrade a

Managing Kubernetes: Operating Kubernete
πŸ“ Managing Kubernetes: Operating Kubernetes Clusters in the Real World
✍ Brendan Burns; Craig Tracey πŸ“‚ Library πŸ“… 2018 πŸ› O'Reilly Media 🌐 English

While Kubernetes has greatly simplified the task of deploying containerized applications, managing this orchestration framework on a daily basis can still be a complex undertaking. With this practical book, site reliability and DevOps engineers will learn how to build, operate, manage, and upgrade a