Learn Kubernetes Security
Kaizhe Huang Pranjal Jumde Loris Degioanni更新时间:2021-06-18 18:32:55
最新章节:Leave a review - let other readers know what you think封面
版权信息
Why subscribe?
Foreword
Contributors About the authors
About the reviewer
Packt is searching for authors like you
Preface
Section 1: Introduction to Kubernetes
Chapter 1: Kubernetes Architecture
The rise of Docker and the trend of microservices
Kubernetes components
Kubernetes objects
Kubernetes variations
Kubernetes and cloud providers
Summary
Questions
Further reading
Chapter 2: Kubernetes Networking
Overview of the Kubernetes network model
Communicating inside a pod
Communicating between pods
Introducing the Kubernetes service
Introducing the CNI and CNI plugins
Summary
Questions
Further reading
Chapter 3: Threat Modeling
Introduction to threat modeling
Component interactions
Threat actors in Kubernetes environments
Threats in Kubernetes clusters
Threat modeling application in Kubernetes
Summary
Questions
Further reading
Chapter 4: Applying the Principle of Least Privilege in Kubernetes
The principle of least privilege
Least privilege of Kubernetes subjects
Least privilege for Kubernetes workloads
Summary
Questions
Further reading
Chapter 5: Configuring Kubernetes Security Boundaries
Introduction to security boundaries
Security boundaries versus trust boundaries
Kubernetes security domains
Kubernetes entities as security boundaries
Security boundaries in the system layer
Security boundaries in the network layer
Summary
Questions
Further references
Section 2: Securing Kubernetes Deployments and Clusters
Chapter 6: Securing Cluster Components
Securing kube-apiserver
Securing kubelet
Securing etcd
Securing kube-scheduler
Securing kube-controller-manager
Securing CoreDNS
Benchmarking a cluster's security configuration
Summary
Questions
Further reading
Chapter 7: Authentication Authorization and Admission Control
Requesting a workflow in Kubernetes
Kubernetes authentication
Kubernetes authorization
Admission controllers
Introduction to OPA
Summary
Questions
Further reading
Chapter 8: Securing Kubernetes Pods
Hardening container images
Configuring the security attributes of pods
The power of PodSecurityPolicy
Summary
Questions
Further reading
Chapter 9: Image Scanning in DevOps Pipelines
Introducing container images and vulnerabilities
Scanning images with Anchore Engine
Integrating image scanning into the CI/CD pipeline
Summary
Questions
Further references
Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster
Real-time monitoring and management in monolith environments
Managing resources in Kubernetes
Monitoring resources in Kubernetes
Summary
Questions
Further references
Chapter 11: Defense in Depth
Introducing Kubernetes auditing
Enabling high availability in a Kubernetes cluster
Managing secrets with Vault
Detecting anomalies with Falco
Conducting forensics with Sysdig Inspect and CRIU
Summary
Questions
Further references
Section 3: Learning from Mistakes and Pitfalls
Chapter 12: Analyzing and Detecting Crypto-Mining Attacks
Analyzing crypto-mining attacks
Detecting crypto-mining attacks
Defending against attacks
Summary
Questions
Further reading
Chapter 13: Learning from Kubernetes CVEs
The path traversal issue in kubectl cp – CVE-2019-11246
DoS issues in JSON parsing – CVE-2019-1002100
A DoS issue in YAML parsing – CVE-2019-11253
The Privilege escalation issue in role parsing – CVE-2019-11247
Scanning for known vulnerabilities using kube-hunter
Summary
Questions
Further references
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Other Books You May Enjoy
Leave a review - let other readers know what you think
更新时间:2021-06-18 18:32:55