Want to run your Kubernetes workloads safely and securely? This
practical book provides a threat-based guide to Kubernetes security.
Each chapter examines a particular component's architecture and
potential default settings and then reviews existing high-profile
attacks and historical Common Vulnerabilities and Exposures (CVEs).
Authors Andrew Martin and Michael Hausenblas share best-practice
configuration to help you harden clusters from possible angles of
attack.
This book begins with a vanilla Kubernetes installation with built-in
defaults. You'll examine an abstract threat model of a distributed
system running arbitrary workloads, and then progress to a detailed
assessment of each component of a secure Kubernetes system.
- Understand where your Kubernetes system is vulnerable with threat
modelling techniques
- Focus on pods, from configurations to attacks and defenses
- Secure your cluster and workload traffic
- Define and enforce policy with RBAC, OPA, and Kyverno
- Dive deep into sandboxing and isolation techniques
- Learn how to detect and mitigate supply chain attacks
- Explore filesystems, volumes, and sensitive information at rest
- Discover what can go wrong when running multitenant workloads in a
cluster
- Learn what you can do if someone breaks in despite you having controls
in place
