You're reading from Learning Kubernetes Security A practical guide for secure and scalable containerized environments

Product type Paperback

Published in Jun 2025

Publisher Packt

ISBN-13 9781835886380

Length 390 pages

Edition 2nd Edition

Concepts

Cloud Security

Author (1):

Raul Lapaz

View More author details

Table of Contents (18) Chapters

Preface

1. Kubernetes Architecture FREE CHAPTER

2. Kubernetes Networking

3. Threat Modeling

4. Applying the Principle of Least Privilege in Kubernetes

5. Configuring Kubernetes Security Boundaries

6. Securing Cluster Components

7. Authentication, Authorization, and Admission Control

8. Securing Pods

9. Shift Left (Scanning, SBOM, and CI/CD)

10. Real-Time Monitoring and Observability

11. Security Monitoring and Log Analysis

12. Defense in Depth

13. Kubernetes Vulnerabilities and Container Escapes

14. Third-Party Plugins for Securing Kubernetes

15. Other Books You May Enjoy

Stay relevant in a rapidly changing cybersecurity world – join 65,000+ SecPro subscribers

16. Index

Download a Free PDF Copy of This Book

Appendix: Enhancements in Kubernetes 1.30–1.33

Overview of the Kubernetes network model

Applications running on a Kubernetes cluster are supposed to be accessible either internally from the cluster or externally, from outside the cluster. The implication from the network’s perspective is there may be a Uniform Resource Identifier (URI) or Internet Protocol (IP) address associated with the application. Multiple applications can run on the same Kubernetes worker node, but how can they expose themselves without conflicting with each other? Let’s look at this problem together and dive into the Kubernetes network model.

Port-sharing problems

Traditionally, if there are two different applications running on the same machine, they cannot listen on the same port. If they both try to listen on the same port in the same machine, one application will not launch as the port is in use. This occurs because the network stack prevents multiple applications from using the same IP and port simultaneously. A simple illustration...