You're reading from Learn Kubernetes Security Securely orchestrate, scale, and manage your microservices in Kubernetes deployments

Product type Paperback

Published in Jul 2020

Publisher Packt

ISBN-13 9781839216503

Length 330 pages

Edition 1st Edition

Languages

C++

Tools

Kubernetes

Concepts

Cloud Security

Authors (2):

Pranjal Jumde

Kaizhe Huang

View More author details

Table of Contents (19) Chapters

Preface

1. Section 1: Introduction to Kubernetes

2. Chapter 1: Kubernetes Architecture FREE CHAPTER

3. Chapter 2: Kubernetes Networking

4. Chapter 3: Threat Modeling

5. Chapter 4: Applying the Principle of Least Privilege in Kubernetes

6. Chapter 5: Configuring Kubernetes Security Boundaries

7. Section 2: Securing Kubernetes Deployments and Clusters

8. Chapter 6: Securing Cluster Components

9. Chapter 7: Authentication, Authorization, and Admission Control

10. Chapter 8: Securing Kubernetes Pods

11. Chapter 9: Image Scanning in DevOps Pipelines

12. Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster

13. Chapter 11: Defense in Depth

14. Section 3: Learning from Mistakes and Pitfalls

15. Chapter 12: Analyzing and Detecting Crypto-Mining Attacks

16. Chapter 13: Learning from Kubernetes CVEs

17. Assessments

18. Other Books You May Enjoy

Leave a review - let other readers know what you think

Security boundaries in the network layer

A Kubernetes network policy defines the rules for different groups of Pods that are allowed to communicate with each other. In the previous chapter, we briefly talked about the egress rule of a Kubernetes network policy, which can be leveraged to enforce the principle of least privilege for microservices. In this section, we will go through a little more on the Kubernetes network policy and will focus on the ingress rule. We will show how the ingress rules of network policies can help to establish the trust boundaries among microservices.

Network policies

As mentioned in the previous chapter, as per the network model requirement, Pods inside a cluster can communicate with each other. But still, from a security perspective, you may want to restrict your microservice to being accessed by only a few services. How can we achieve that in Kubernetes? Let's take a quick look at the following Kubernetes network policy example: