Learn Kubernetes Security
Securely orchestrate, scale, and manage your microservices in Kubernetes deployments
- 330 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Learn Kubernetes Security
Securely orchestrate, scale, and manage your microservices in Kubernetes deployments
About This Book
Secure your container environment against cyberattacks and deliver robust deployments with this practical guide
Key Features
- Explore a variety of Kubernetes components that help you to prevent cyberattacks
- Perform effective resource management and monitoring with Prometheus and built-in Kubernetes tools
- Learn techniques to prevent attackers from compromising applications and accessing resources for crypto-coin mining
Book Description
Kubernetes is an open source orchestration platform for managing containerized applications. Despite widespread adoption of the technology, DevOps engineers might be unaware of the pitfalls of containerized environments. With this comprehensive book, you'll learn how to use the different security integrations available on the Kubernetes platform to safeguard your deployments in a variety of scenarios.
Learn Kubernetes Security starts by taking you through the Kubernetes architecture and the networking model. You'll then learn about the Kubernetes threat model and get to grips with securing clusters. Throughout the book, you'll cover various security aspects such as authentication, authorization, image scanning, and resource monitoring. As you advance, you'll learn about securing cluster components (the kube-apiserver, CoreDNS, and kubelet) and pods (hardening image, security context, and PodSecurityPolicy). With the help of hands-on examples, you'll also learn how to use open source tools such as Anchore, Prometheus, OPA, and Falco to protect your deployments.
By the end of this Kubernetes book, you'll have gained a solid understanding of container security and be able to protect your clusters from cyberattacks and mitigate cybersecurity threats.
What you will learn
- Understand the basics of Kubernetes architecture and networking
- Gain insights into different security integrations provided by the Kubernetes platform
- Delve into Kubernetes' threat modeling and security domains
- Explore different security configurations from a variety of practical examples
- Get to grips with using and deploying open source tools to protect your deployments
- Discover techniques to mitigate or prevent known Kubernetes hacks
Who this book is for
This book is for security consultants, cloud administrators, system administrators, and DevOps engineers interested in securing their container deployments. If you're looking to secure your Kubernetes clusters and cloud-based deployments, you'll find this book useful. A basic understanding of cloud computing and containerization is necessary to make the most of this book.
Frequently asked questions
Information
Section 1: Introduction to Kubernetes
- Chapter 1, Kubernetes Architecture
- Chapter 2, Kubernetes Networking
- Chapter 3, Threat Modeling
- Chapter 4, Applying the Principle of Least Privilege in Kubernetes
- Chapter 5, Configuring Kubernetes Security Boundaries
Chapter 1: Kubernetes Architecture
- The rise of Docker and the trend of microservices
- Kubernetes components
- Kubernetes objects
- Kubernetes variations
- Kubernetes and cloud providers
The rise of Docker and the trend of microservices
- Scaling: A monolith application is difficult to scale. It's been proven that the proper way to solve a scalability problem is via a distributed method.
- Operational cost: The operation cost increases with the complexity of a monolith application. Updates and maintenance require careful analysis and enough testing before deployment. This is the opposite of scalability; you can't scale down a monolithic application easily as the minimum resource requirement is high.
- Longer release cycle: The maintenance and development barrier is significantly high for monolith applications. For developers, when there is a bug, it takes a lot of time to identify the root cause in a complex and ever-growing code base. The testing time increases significantly. Regression, integration, and unit tests take significantly longer to pass with a complex code base. When the customer's requests come in, it takes months or even a year for a single feature to ship. This makes the release cycle long and impacts the company's business significantly.
- With a well-defined interface, developers only need to focus on the functionality of the services they own.
- The code logic is simplified, which makes the application easier to maintain and easier to debug. Furthermore, the release cycle of microservices has shortened tremendously compared to monolithic applications, so customers do not have to wait for too long for a new feature.
Table of contents
- Learn Kubernetes Security
- Why subscribe?
- Preface
- Section 1: Introduction to Kubernetes
- Chapter 1: Kubernetes Architecture
- Chapter 2: Kubernetes Networking
- Chapter 3: Threat Modeling
- Chapter 4: Applying the Principle of Least Privilege in Kubernetes
- Chapter 5: Configuring Kubernetes Security Boundaries
- Section 2: Securing Kubernetes Deployments and Clusters
- Chapter 6: Securing Cluster Components
- Chapter 7: Authentication, Authorization, and Admission Control
- Chapter 8: Securing Kubernetes Pods
- Chapter 9: Image Scanning in DevOps Pipelines
- Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster
- Chapter 11: Defense in Depth
- Section 3: Learning from Mistakes and Pitfalls
- Chapter 12: Analyzing and Detecting Crypto-Mining Attacks
- Chapter 13: Learning from Kubernetes CVEs
- Assessments
- Other Books You May Enjoy