You're reading from Learn Kubernetes Security Securely orchestrate, scale, and manage your microservices in Kubernetes deployments

Product type Paperback

Published in Jul 2020

Publisher Packt

ISBN-13 9781839216503

Length 330 pages

Edition 1st Edition

Languages

C++

Tools

Kubernetes

Concepts

Cloud Security

Authors (2):

Pranjal Jumde

Kaizhe Huang

View More author details

Table of Contents (19) Chapters

Preface

1. Section 1: Introduction to Kubernetes

2. Chapter 1: Kubernetes Architecture FREE CHAPTER

3. Chapter 2: Kubernetes Networking

4. Chapter 3: Threat Modeling

5. Chapter 4: Applying the Principle of Least Privilege in Kubernetes

6. Chapter 5: Configuring Kubernetes Security Boundaries

7. Section 2: Securing Kubernetes Deployments and Clusters

8. Chapter 6: Securing Cluster Components

9. Chapter 7: Authentication, Authorization, and Admission Control

10. Chapter 8: Securing Kubernetes Pods

11. Chapter 9: Image Scanning in DevOps Pipelines

12. Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster

13. Chapter 11: Defense in Depth

14. Section 3: Learning from Mistakes and Pitfalls

15. Chapter 12: Analyzing and Detecting Crypto-Mining Attacks

16. Chapter 13: Learning from Kubernetes CVEs

17. Assessments

18. Other Books You May Enjoy

Leave a review - let other readers know what you think

DoS issues in JSON parsing – CVE-2019-1002100

Patching is a commonly used technique used to update API objects at runtime. Developers use kubectl patch to update API objects at runtime. A simple example of this can be adding a container to a pod:

spec:
  template:
    spec:
      containers:
      - name: db
        image: redis

The preceding patch file allows a pod to be updated to have a new Redis container. kubectl patch allows patches to be in JSON format. The issue was in the JSON parsing code of kube-apiserver, which allowed an attacker to send a malformed json-patch instance to cause a DoS attack in the API server. In Chapter 10, Real-Time Monitoring and Resource Management of a Kubernetes Cluster, we discussed the importance of the availability of services within Kubernetes clusters. The root cause of this issue was unchecked error conditions...