Op werkdagen voor 23:00 besteld, morgen in huis Gratis verzending vanaf €20
,

Kubernetes Security and Observability

A Holistic Approach to Securing Containers and Cloud Native Applications

Paperback Engels 2021 9781098107109
Verwachte levertijd ongeveer 8 werkdagen

Samenvatting

Securing, observing, and troubleshooting containerized workloads on Kubernetes can be daunting. It requires a range of considerations, from infrastructure choices and cluster configuration to deployment controls and runtime and network security. With this practical book, you'll learn how to adopt a holistic security and observability strategy for building and securing cloud native applications running on Kubernetes.

Whether you're already working on cloud native applications or are in the process of migrating to its architecture, this guide introduces key security and observability concepts and best practices to help you unleash the power of cloud native applications. Authors Brendan Creane and Amit Gupta from Tigera take you through the full breadth of new cloud native approaches for establishing security and observability for applications running on Kubernetes.

- Learn why you need a security and observability strategy for cloud native applications and determine your scope of coverage
- Understand key concepts behind the book's security and observability approach
- Explore the technology choices available to support this strategy
- Discover how to share security responsibilities across multiple teams or roles
- Learn how to architect Kubernetes security and observability for multicloud and hybrid environments

Specificaties

ISBN13:9781098107109
Taal:Engels
Bindwijze:paperback
Aantal pagina's:165
Uitgever:O'Reilly
Druk:1
Verschijningsdatum:8-11-2021
Hoofdrubriek:IT-management / ICT
ISSN:

Lezersrecensies

Wees de eerste die een lezersrecensie schrijft!

Geef uw waardering

Zeer goed Goed Voldoende Matig Slecht

Inhoudsopgave

Preface
The Stages of Kubernetes Adoption
Who This Book Is For
The Platform Team
The Networking Team
The Security Team
The Compliance Team
The Operations Team
What You Will Learn
Conventions Used in This Book
Using Code Examples
O’Reilly Online Learning
How to Contact Us
Acknowledgments

1. Security and Observability Strategy
Security for Kubernetes: A New and Different World
Deploying a Workload in Kubernetes: Security at Each Stage
Build-Time Security: Shift Left
Deploy-Time Security
Runtime Security
Observability
Security Frameworks
Security and Observability
Conclusion

2. Infrastructure Security
Host Hardening
Choice of Operating System
Nonessential Processes
Host-Based Firewalling
Always Research the Latest Best Practices
Cluster Hardening
Secure the Kubernetes Datastore
Secure the Kubernetes API Server
Encrypt Kubernetes Secrets at Rest
Rotate Credentials Frequently
Authentication and RBAC
Restricting Cloud Metadata API Access
Enable Auditing
Restrict Access to Alpha or Beta Features
Upgrade Kubernetes Frequently
Use a Managed Kubernetes Service
CIS Benchmarks
Network Security
Conclusion

3. Workload Deployment Controls
Image Building and Scanning
Choice of a Base Image
Container Image Hardening
Container Image Scanning Solution
Privacy Concerns
Container Threat Analysis
CI/CD
Scan Images by Registry Scanning Services
Scan Images After Builds
Inline Image Scanning
Kubernetes Admission Controller
Securing the CI/CD Pipeline
Organization Policy
Secrets Management
etcd to Store Secrets
Secrets Management Service
Kubernetes Secrets Store CSI Driver
Secrets Management Best Practices
Authentication
X509 Client Certificates
Bearer Token
OIDC Tokens
Authentication Proxy
Anonymous Requests
User Impersonation
Authorization
Node
ABAC
AlwaysDeny/AlwaysAllow
RBAC
Namespaced RBAC
Privilege Escalation Mitigation
Conclusion

4. Workload Runtime Security
Pod Security Policies
Using Pod Security Policies
Pod Security Policy Capabilities
Pod Security Context
Limitations of PSPs
Process Monitoring
Kubernetes Native Monitoring
Seccomp
SELinux
AppArmor
Sysctl
Conclusion

5. Observability
Monitoring
Observability
How Observability Works for Kubernetes
Implementing Observability for Kubernetes
Linux Kernel Tools
Observability Components
Aggregation and Correlation
Visualization
Service Graph
Visualization of Network Flows
Analytics and Troubleshooting
Distributed Tracing
Packet Capture
Conclusion

6. Observability and Security
Alerting
Machine Learning
Examples of Machine Learning Jobs
Security Operations Center
User and Entity Behavior Analytics
Conclusion

7. Network Policy
What Is Network Policy?
Why Is Network Policy Important?
Network Policy Implementations
Network Policy Best Practices
Ingress and Egress
Not Just Mission-Critical Workloads
Policy and Label Schemas
Default Deny and Default App Policy
Policy Tooling
Development Processes and Microservices Benefits
Policy Recommendations
Policy Impact Previews
Policy Staging and Audit Modes
Conclusion

8. Managing Trust Across Teams
Role-Based Access Control
Limitations with Kubernetes Network Policies
Richer Network Policy Implementations
Admission Controllers
Conclusion

9. Exposing Services to External Clients
Understanding Direct Pod Connections
Understanding Kubernetes Services
Cluster IP Services
Node Port Services
Load Balancer Services
externalTrafficPolicy:local
Network Policy Extensions
Alternatives to kube-proxy
Direct Server Return
Limiting Service External IPs
Advertising Service IPs
Understanding Kubernetes Ingress
Conclusion

10. Encryption of Data in Transit
Building Encryption into Your Code
Sidecar or Service Mesh Encryption
Network-Layer Encryption
Conclusion

11. Threat Defense and Intrusion Detection
Threat Defense for Kubernetes (Stages of an Attack)
Intrusion Detection
Intrusion Detection Systems
IP Address and Domain Name Threat Feeds
Special Considerations for Domain Name Feeds
Advanced Threat Defense Techniques
Canary Pods/Resources
DNS-Based Attacks and Defense

Conclusion
Conclusion
Index

Managementboek Top 100

Rubrieken

Populaire producten

    Personen

      Trefwoorden

        Kubernetes Security and Observability