Skip to content

Latest commit

 

History

History
289 lines (223 loc) · 19.7 KB

README.md

File metadata and controls

289 lines (223 loc) · 19.7 KB

Hello and welcome to Kubernetes Security, the resource center for the O'Reilly book on this topic by Liz Rice and Michael Hausenblas.

Kubernetes Security book cover

In the book we explore security concepts including defense in depth, least privilege, and limiting the attack surface. We discuss and show how to secure clusters, and you'll also learn how Kubernetes uses authentication and authorization. The book will teache you how to secure container images against known vulnerabilities and abuse by third parties, enforce policies on the container runtime level as well as the networking level, and give you to rundown on how to handle sensitive information such as credentials.

Table of contents


Securing the cluster

Relevant pages in the official Kubernetes documentation:

Further reading:

Tooling:

Authentication and authorization

Introductions and overview resources for authn & authz in Kubernetes:

Tooling:

  • jwt.io
  • kubeadm
  • kubectl-who-can - a kubectl plugin for seeing which identities have permission to perform a given action on a given set of resources

Authentication

Relevant pages in the official Kubernetes documentation:

Further reading:

Tooling:

Authorization

Relevant pages in the official Kubernetes documentation:

Further reading:

Tooling:

Securing your container images

Further reading:

Tooling:

Running containers securely

Relevant pages in the official Kubernetes documentation:

Further reading:

Tooling:

Secrets management

Relevant pages in the official Kubernetes documentation:

Further reading:

Tooling:

Advanced topics

Tooling:

References

Official Kubernetes documentation

API and resource references relevant to security (Kubernetes v1.19) docs:

Useful kubectl commands

  • kubectl create secretdocs
  • kubectl create serviceaccountdocs
  • kubectl create roledocs
  • kubectl create rolebindingdocs
  • kubectl auth can-idocs

Providers


The logo uses a padlock icon by Freepik from www.flaticon.com and the Kubernetes logo kudos to the CNCF, The Linux Foundation.