Learn Kubernetes Security

More Information
  • Understand the basics of Kubernetes architecture and networking
  • Gain insights into different security integrations provided by the Kubernetes platform
  • Delve into Kubernetes' threat modeling and security domains
  • Explore different security configurations from a variety of practical examples
  • Get to grips with using and deploying open source tools to protect your deployments
  • Discover techniques to mitigate or prevent known Kubernetes hacks

Kubernetes is an open source orchestration platform for managing container applications. Despite widespread adoption of the technology, most developers are unaware of the pitfalls of containerized environments. With this comprehensive book, you'll learn how to use the different security integrations available on the Kubernetes platform to safeguard your deployments in a variety of scenarios.

Learn Kubernetes Security starts by taking you through the Kubernetes architecture and the networking model. You'll then learn about the Kubernetes threat model and get to grips with securing clusters. Throughout the book, you'll cover various security aspects such as authentication, authorization, image scanning, and resource monitoring. As you advance, you'll learn about securing cluster components (the API server, Kube-Dns, and Kubelet) and Pods (hardening image and PodSecurityPolicy). With the help of hands-on examples, you'll also learn to use open source tools such as Anchore, Prometheus, OPA, and Falco to protect your deployments.

By the end of this Kubernetes book, you'll have gained a solid understanding of container security and be able to protect your clusters from cyberattacks and mitigate cybersecurity threats.

  • Explore a variety of Kubernetes components that help you to prevent cyberattacks
  • Perform effective resource management and monitoring with Prometheus and built-in Kubernetes tools
  • Learn techniques to prevent attackers from compromising applications and accessing resources for crypto-coin mining
Page Count 258
Course Length 7 hours 44 minutes
ISBN 9781839216503
Date Of Publication 24 Jul 2020


Kaizhe Huang

Kaizhe Huang is Security Researcher in Sysdig where he spent a lot of time in security research in Kubernetes and containers. Kaizhe is one of the maintainers of Falco, a incubation level CNCF project and the original author of multiple open source projects like kube-psp-advisor. Previously, as Senior Security Engineer at Oracle Database Security Group, he helped build security products including: Database Vault, Database Privilege Analyzer and Database Assessment Tool. Kaizhe holds M.S. degrees in Information Security from Carnegie Mellon University.

Pranjal Jumde

Pranjal Jumde is a Senior Security Engineer at Brave Inc. His primary research interest is Browser Security and Exploitation. In the security industry, he has worked on different aspects of security Web Application Security, DevOps, Reverse Engineering malware, Security Automation and development of security/privacy features. Pranjal holds M.S. degrees in Information Security from Carnegie Mellon University.