Book Description
Kubernetes has fundamentally changed the way DevOps teams create, manage, and operate container-based applications, but as with any production process, you can never provide enough security. This practical ebook walks you through Kubernetes security features—including when to use what—and shows you how to augment those features with container image best practices and secure network communication.
Liz Rice from Aqua Security and Michael Hausenblas from Red Hat not only describe practical security techniques for Kubernetes but also maintain an accompanying website. Developers will learn how to build container images with security in mind, and ops folks will pick up techniques for configuring and operating a Kubernetes cluster more securely.
- Explore security concepts including defense in depth, least privilege, and limiting the attack surface
- Safeguard clusters by securing worker nodes and control plane components, such as the API server and the etcd key value store
- Learn how Kubernetes uses authentication and authorization to grant fine-grained access
- Secure container images against known vulnerabilities and abuse by third parties
- Examine security boundaries and policy enforcement features for running containers securely
- Learn about the options for handling secret information such as credentials
- Delve into advanced topics such as monitoring, alerting, and auditing, as well as sandboxing and runtime protection
Table of Contents
- Introduction
- 1. Approaching Kubernetes Security
- 2. Securing the Cluster
- 3. Authentication
- 4. Authorization
- 5. Securing Your Container Images
- 6. Running Containers Securely
- 7. Secrets Management
- 8. Advanced Topics