Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the example code files
• Code in Action
• Download the color images
• Conventions used
• Get in touch
• Reviews

1. Section 1: Introduction to Kubernetes

2. Chapter 1: Kubernetes Architecture FREE CHAPTER

• The rise of Docker and the trend of microservices
• Kubernetes components
• Kubernetes objects
• Kubernetes variations
• Kubernetes and cloud providers
• Summary
• Questions
• Further reading

3. Chapter 2: Kubernetes Networking

• Overview of the Kubernetes network model
• Communicating inside a pod
• Communicating between pods
• Introducing the Kubernetes service
• Introducing the CNI and CNI plugins
• Summary
• Questions
• Further reading

4. Chapter 3: Threat Modeling

• Introduction to threat modeling
• Component interactions
• Threat actors in Kubernetes environments
• Threats in Kubernetes clusters
• Threat modeling application in Kubernetes
• Summary
• Questions
• Further reading

5. Chapter 4: Applying the Principle of Least Privilege in Kubernetes

• The principle of least privilege
• Least privilege of Kubernetes subjects
• Least privilege for Kubernetes workloads
• Summary
• Questions
• Further reading

6. Chapter 5: Configuring Kubernetes Security Boundaries

• Introduction to security boundaries
• Security boundaries versus trust boundaries
• Kubernetes security domains
• Kubernetes entities as security boundaries
• Security boundaries in the system layer
• Security boundaries in the network layer
• Summary
• Questions
• Further references

7. Section 2: Securing Kubernetes Deployments and Clusters

8. Chapter 6: Securing Cluster Components

• Securing kube-apiserver
• Securing kubelet
• Securing etcd
• Securing kube-scheduler
• Securing kube-controller-manager
• Securing CoreDNS
• Benchmarking a cluster's security configuration
• Summary
• Questions
• Further reading

9. Chapter 7: Authentication, Authorization, and Admission Control

• Requesting a workflow in Kubernetes
• Kubernetes authentication
• Kubernetes authorization
• Admission controllers
• Introduction to OPA
• Summary
• Questions
• Further reading

10. Chapter 8: Securing Kubernetes Pods

• Hardening container images
• Configuring the security attributes of pods
• The power of PodSecurityPolicy
• Summary
• Questions
• Further reading

11. Chapter 9: Image Scanning in DevOps Pipelines

• Introducing container images and vulnerabilities
• Scanning images with Anchore Engine
• Integrating image scanning into the CI/CD pipeline
• Summary
• Questions
• Further references

12. Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster

• Real-time monitoring and management in monolith environments
• Managing resources in Kubernetes
• Monitoring resources in Kubernetes
• Summary
• Questions
• Further references

13. Chapter 11: Defense in Depth

• Introducing Kubernetes auditing
• Enabling high availability in a Kubernetes cluster
• Managing secrets with Vault
• Detecting anomalies with Falco
• Conducting forensics with Sysdig Inspect and CRIU
• Summary
• Questions
• Further references

14. Section 3: Learning from Mistakes and Pitfalls

15. Chapter 12: Analyzing and Detecting Crypto-Mining Attacks

• Analyzing crypto-mining attacks
• Detecting crypto-mining attacks
• Defending against attacks
• Summary
• Questions
• Further reading

16. Chapter 13: Learning from Kubernetes CVEs

• The path traversal issue in kubectl cp – CVE-2019-11246
• DoS issues in JSON parsing – CVE-2019-1002100
• A DoS issue in YAML parsing – CVE-2019-11253
• The Privilege escalation issue in role parsing – CVE-2019-11247
• Scanning for known vulnerabilities using kube-hunter
• Summary
• Questions
• Further references

17. Assessments

• Chapter 2
• Chapter 3
• Chapter 4
• Chapter 5
• Chapter 6
• Chapter 7
• Chapter 8
• Chapter 9
• Chapter 10
• Chapter 11
• Chapter 12
• Chapter 13

18. Other Books You May Enjoy

• Leave a review - let other readers know what you think