Chapter 5. Minimize Microservice Vulnerabilities

Application stacks operated in a Kubernetes cluster often follow a microservices architecture. The domain “minimize microservice vulnerabilities” covers governance and enforcement of security settings on the Pod-level. We’ll touch on Kubernetes’ core features, as well as external tooling, that help with minimizing secuirty vulnerabilities. Additionally, we’ll also talk about encrypted network communication between Pods running microservices.

At a high level, this chapter covers the following concepts:

Setting up appropriate OS-level security domains with security contexts, Pod Security Admission (PSA), and Open Policy Agent (OPA) Gatekeeper
Managing Secrets
Using container runtime sandboxes, such as gVisor and kata containers
Implementing Pod-to-Pod communication encryption via mutual Transport Layer Security (TLS)

Setting Appropriate OS-Level Security Domains

Both core ...

Get Certified Kubernetes Security Specialist (CKS) Study Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Certified Kubernetes Security Specialist (CKS) Study Guide by Benjamin Muschko

Chapter 5. Minimize Microservice Vulnerabilities

Setting Appropriate OS-Level Security Domains

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly