Chapter 13. Securing cluster nodes and the network

This chapter covers

Using the node’s default Linux namespaces in pods
Running containers as different users
Running privileged containers
Adding or dropping a container’s kernel capabilities
Defining security policies to limit what pods can do
Securing the pod network

In the previous chapter, we talked about securing the API server. If an attacker gets access to the API server, they can run whatever they like by packaging their code into a container image and running it in a pod. But can they do any real damage? Aren’t containers isolated from other containers and from the node they’re running on?

Not necessarily. In this chapter, you’ll learn how to allow pods to access the resources of the ...

Get Kubernetes in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kubernetes in Action by Marko Luksa

Chapter 13. Securing cluster nodes and the network

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly