Chapter 8. Advanced Topics
This chapter covers a collection of crosscutting topics related to making your Kubernetes cluster and its applications more secure. We’ll build on the topics discussed in the previous chapters and sometimes go beyond Kubernetes proper (for example, with monitoring or service meshes).
Tip
Many of the ideas in this chapter are evolving and under discussion within the Kubernetes community. We welcome involvement from end users as well as those contributing to the development of cloud native projects themselves. If you’re not already involved, there is a list of different ways to get involved; the Community section of the Kubernetes website provides a list of ways to get involved, from mailing lists and Slack channels to in-person events.
Monitoring, Alerting, and Auditing
The community seems to be standardizing on Prometheus for monitoring Kubernetes clusters, so a good start is to familiarize yourself with it. Since there are so many moving parts (from nodes to pods to services), alerting on each event is not practical. What you can do, however, is think about who needs to be informed about what kind of event. For example, a policy could be that node-related or namespace-related events are handled by admins, and developers are paged for pod-level events. The same applies more or less for logs, but here you also should be aware of where and when your sensitive data lands on disk; see Chapter 7 for details.
Another useful feature Kubernetes offers via ...
Get Kubernetes Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
