book

Kubernetes Security

by Liz Rice, Michael Hausenblas

November 2018

Intermediate to advanced

84 pages

1h 37m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Why We Wrote This BookWho Is This Book For?Which Version of Kubernetes?A Note on FederationAcknowledgments
Security PrinciplesDefense in DepthLeast PrivilegeLimiting the Attack Surface
API ServerKubeletKubelet Certificate RotationRunning etcd SafelyKubernetes DashboardValidating the ConfigurationCIS Security BenchmarkPenetration Testing
IdentityAuthentication ConceptsAuthentication StrategiesTooling and Good Practices
Authorization ConceptsAuthorization ModesAccess Control with RBACTooling and Good Practices
Scanning Container ImagesPatching Container ImagesCI/CD Best PracticesImage StorageCorrect Image VersionsRunning the Correct Version of Container ImagesImage Trust and Supply ChainMinimizing Images to Reduce the Attack Surface
Say No to RootAdmission ControlSecurity BoundariesPoliciesSecurity Context and PoliciesNetwork PoliciesExample Network PolicyEffective Network Policies
Applying the Principle of Least PrivilegeSecret EncryptionKubernetes Secret StorageStoring Secrets in etcdStoring Secrets in Third-Party StoresPassing Secrets into Containerized CodeDon’t Build Secrets into ImagesPassing Secrets as Environment VariablesPassing Secrets in FilesSecret Rotation and RevocationSecret Access from Within the ContainerSecret Access from a Kubelet
Monitoring, Alerting, and AuditingHost SecurityHost Operating SystemNode RecyclingSandboxing and Runtime ProtectionMultitenancyDynamic Admission ControlNetwork ProtectionService MeshesStatic Analysis of YAMLFork Bombs and Resource-Based AttacksCryptocurrency MiningKubernetes Security Updates

Content preview from Kubernetes Security

Introduction

This book will teach you practices to make your Kubernetes deployments more secure. It will introduce you to security features in Kubernetes and tell you about other things you should be aware of in the context of containerized applications running on Kubernetes; for example, container image best practices from a security point of view.

We describe practical techniques and provide an accompanying website with references and recipes, so if you want to follow along, check it out!

Why We Wrote This Book

Kubernetes has rapidly become a popular choice for deploying code “in the cloud” and is now used by enterprises of all sizes to deploy mission-critical applications. However, information about securing Kubernetes is distributed across the internet and in the code itself. We want to make it easier for anyone who is using Kubernetes to think about and address the security of their deployments by gathering information into one resource.

Who Is This Book For?

This book is written for developers, operation folks, and security professionals who are using Kubernetes. Please note that we assume familiarity with basic Kubernetes concepts. If you don’t have that familiarity yet, a great book to get started is Kubernetes: Up and Running by Kelsey Hightower et al. (O’Reilly). In addition, Kubernetes Cookbook by Michael Hausenblas (one of the authors of this book) and Sébastien Goasguen (O’Reilly) provides recipes for common tasks.

In this book, we tackle the technical aspects ...