- Introduction
- Threat Modeling
- Kubernetes Pod Security
- Network isolation and hardening
- Authentication and Authorization
- Log Audit
- Upgrading and application security practices
- Appendix A: Example Dockerfile for non-root applications
- Appendix B: Deployment template example for read-only file system
- Appendix C: Pod Security Policy Example
- Appendix D: Namespace Example
- Appendix E: Network Policy Example
- Appendix F: LimitRange Example
- Appendix G: ResourceQuota Example
- Appendix H: Encryption Example
- Appendix I: KMS configuration example
- Appendix J: pod-reader RBAC role
- Appendix K: RBAC RoleBinding and ClusterRoleBinding examples
- Appendix L: Audit Strategy
- Appendix M: Example of flags for submitting audit policy files to kube-apiserver
- Appendix N: webhook configuration