更新时间:2021-06-18 18:32:55
封面
版权信息
Why subscribe?
Foreword
Contributors About the authors
About the reviewer
Packt is searching for authors like you
Preface
Section 1: Introduction to Kubernetes
Chapter 1: Kubernetes Architecture
The rise of Docker and the trend of microservices
Kubernetes components
Kubernetes objects
Kubernetes variations
Kubernetes and cloud providers
Summary
Questions
Further reading
Chapter 2: Kubernetes Networking
Overview of the Kubernetes network model
Communicating inside a pod
Communicating between pods
Introducing the Kubernetes service
Introducing the CNI and CNI plugins
Chapter 3: Threat Modeling
Introduction to threat modeling
Component interactions
Threat actors in Kubernetes environments
Threats in Kubernetes clusters
Threat modeling application in Kubernetes
Chapter 4: Applying the Principle of Least Privilege in Kubernetes
The principle of least privilege
Least privilege of Kubernetes subjects
Least privilege for Kubernetes workloads
Chapter 5: Configuring Kubernetes Security Boundaries
Introduction to security boundaries
Security boundaries versus trust boundaries
Kubernetes security domains
Kubernetes entities as security boundaries
Security boundaries in the system layer
Security boundaries in the network layer
Further references
Section 2: Securing Kubernetes Deployments and Clusters
Chapter 6: Securing Cluster Components
Securing kube-apiserver
Securing kubelet
Securing etcd
Securing kube-scheduler
Securing kube-controller-manager
Securing CoreDNS
Benchmarking a cluster's security configuration
Chapter 7: Authentication Authorization and Admission Control
Requesting a workflow in Kubernetes
Kubernetes authentication
Kubernetes authorization
Admission controllers
Introduction to OPA
Chapter 8: Securing Kubernetes Pods
Hardening container images
Configuring the security attributes of pods
The power of PodSecurityPolicy
Chapter 9: Image Scanning in DevOps Pipelines
Introducing container images and vulnerabilities
Scanning images with Anchore Engine
Integrating image scanning into the CI/CD pipeline
Chapter 10: Real-Time Monitoring and Resource Management of a Kubernetes Cluster
Real-time monitoring and management in monolith environments
Managing resources in Kubernetes
Monitoring resources in Kubernetes
Chapter 11: Defense in Depth
Introducing Kubernetes auditing
Enabling high availability in a Kubernetes cluster
Managing secrets with Vault
Detecting anomalies with Falco
