You're reading from Learn Kubernetes Security Securely orchestrate, scale, and manage your microservices in Kubernetes deployments

Product type Paperback

Published in Jul 2020

Publisher Packt

ISBN-13 9781839216503

Length 330 pages

Edition 1st Edition

Languages

C++

Tools

Kubernetes

Concepts

Cloud Security

Authors (2):

Pranjal Jumde

Kaizhe Huang

View More author details

Table of Contents (19) Chapters

Preface

1. Section 1: Introduction to Kubernetes

2. Chapter 1: Kubernetes Architecture FREE CHAPTER

3. Chapter 2: Kubernetes Networking

4. Chapter 3: Threat Modeling

5. Chapter 4: Applying the Principle of Least Privilege in Kubernetes

6. Chapter 5: Configuring Kubernetes Security Boundaries

7. Section 2: Securing Kubernetes Deployments and Clusters

8. Chapter 6: Securing Cluster Components

9. Chapter 7: Authentication, Authorization, and Admission Control

10. Chapter 8: Securing Kubernetes Pods

11. Chapter 9: Image Scanning in DevOps Pipelines

12. Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster

13. Chapter 11: Defense in Depth

14. Section 3: Learning from Mistakes and Pitfalls

15. Chapter 12: Analyzing and Detecting Crypto-Mining Attacks

16. Chapter 13: Learning from Kubernetes CVEs

17. Assessments

18. Other Books You May Enjoy

Leave a review - let other readers know what you think

What this book covers

Chapter 1, Kubernetes Architecture, introduces the basics of Kubernetes components and Kubernetes objects.

Chapter 2, Kubernetes Networking, introduces Kubernetes' networking model and dives deep into the communication among microservices.

Chapter 3, Threat Modeling, discusses important assets, threat actors in Kubernetes, and how to conduct threat modeling for applications deployed in Kubernetes.

Chapter 4, Applying the Principle of Least Privilege in Kubernetes, discusses the security control mechanisms in Kubernetes that help in implementing the principle of least privilege in two areas: the least privilege of Kubernetes subjects and the least privilege of Kubernetes workloads.

Chapter 5, Configuring Kubernetes Security Boundaries, discusses the security domains and security boundaries in Kubernetes clusters. Also, it introduces security control mechanisms to strengthen security boundaries.

Chapter 6, Securing Cluster Components, discusses the sensitive configurations in Kubernetes components, such as kube-apiserver, kubelet, and so on. It introduces the use of kube-bench to help identify misconfigurations in Kubernetes clusters.

Chapter 7, Authentication, Authorization, and Admission Control, discusses the authentication and authorization mechanisms in Kubernetes. It also introduces popular admission controllers in Kubernetes.

Chapter 8, Securing Kubernetes Pods, discusses hardening images with CIS Docker Benchmark. It introduces Kubernetes security contexts, Pod Security Policies, and kube-psp-advisor, which helps to generate Pod security policies.

Chapter 9, Image Scanning in DevOps Pipelines, introduces the basic concepts of container images and vulnerabilities. It also introduces the image scanning tool Anchore Engine and how it can be integrated into DevOps pipelines.

Chapter 10, Real-Time Monitoring and Resource Management of a Kubernetes Cluster, introduces built-in mechanisms such as resource request/limits and LimitRanger. It also introduces built-in tools like Kubernetes Dashboard and metrics server, and third-party monitoring tools, such as Prometheus and a data visualization tool called Grafana.

Chapter 11, Defense in Depth, discusses various topics related to defense in depth: Kubernetes auditing, high availability in Kubernetes, secret management, anomaly detection, and forensics.

Chapter 12, Analyzing and Detecting Crypto-Mining Attacks, introduces the basic concepts of cryptocurrency and crypto mining attacks. It then discusses a few ways to detect crypto mining attacks with open source tools such as Prometheus and Falco.

Chapter 13, Learning from Kubernetes CVEs, discusses four well-known Kubernetes CVEs and some corresponding mitigation strategies. It also introduces the open source tool kube-hunter, which helps identify known vulnerabilities in Kubernetes.