Learn Kubernetes Security: Securely orchestrate, scale, and manage your microservices in Kubernetes deployments

Huang, Kaizhe, Jumde, Pranjal

買這商品的人也買了...

商品描述

Kubernetes is an open source orchestration platform for managing containerized applications. Despite widespread adoption of the technology, DevOps engineers might be unaware of the pitfalls of containerized environments. With this comprehensive book, you'll learn how to use the different security integrations available on the Kubernetes platform to safeguard your deployments in a variety of scenarios.

Learn Kubernetes Security starts by taking you through the Kubernetes architecture and the networking model. You'll then learn about the Kubernetes threat model and get to grips with securing clusters. Throughout the book, you'll cover various security aspects such as authentication, authorization, image scanning, and resource monitoring. As you advance, you'll learn about securing cluster components (the kube-apiserver, CoreDNS, and kubelet) and pods (hardening image, security context, and PodSecurityPolicy). With the help of hands-on examples, you'll also learn how to use open source tools such as Anchore, Prometheus, OPA, and Falco to protect your deployments.

By the end of this Kubernetes book, you'll have gained a solid understanding of container security and be able to protect your clusters from cyberattacks and mitigate cybersecurity threats.

商品描述(中文翻譯)

Kubernetes 是一個用於管理容器化應用程式的開源編排平台。儘管這項技術已被廣泛採用,但 DevOps 工程師可能對容器化環境的風險不太熟悉。這本全面的書籍將教導您如何在 Kubernetes 平台上使用不同的安全整合功能,以在各種情境下保護您的部署。

《學習 Kubernetes 安全性》首先介紹 Kubernetes 的架構和網路模型。接著,您將了解 Kubernetes 的威脅模型並掌握如何保護叢集。在整本書中,您將涵蓋各種安全方面,例如身份驗證、授權、映像掃描和資源監控。隨著學習的深入,您還將學習如何保護叢集元件(kube-apiserver、CoreDNS 和 kubelet)以及 Pod(加固映像、安全內容和 PodSecurityPolicy)。透過實際示例的幫助,您還將學習如何使用 Anchore、Prometheus、OPA 和 Falco 等開源工具來保護您的部署。

通過閱讀這本 Kubernetes 書籍,您將對容器安全性有深入的了解,並能夠保護您的叢集免受網絡攻擊並減輕網絡安全威脅。

作者簡介

Kaizhe Huang is a security researcher at Sysdig, where he researches how to defend Kubernetes and containers from attacks ranging from web attacks to kernel attacks. Kaizhe is one of the maintainers of Falco, an incubation-level CNCF project, and the original author of multiple open source projects, such as kube-psp-advisor. Before joining Sysdig, as an employee at Stackrox, Kaizhe helped build a detection data pipeline, conducted security research, and innovated detection based on machine learning. Previously, as a senior security engineer at Oracle, he helped build security products: Database Vault, Database Privilege Analyzer, and Database Assessment Tool. Kaizhe holds an MS degree in information security from Carnegie Mellon University.

Pranjal Jumde

Pranjal Jumde is a senior security engineer at Brave Inc. In the security industry, he has worked on different aspects of security, such as browser security, OS/kernel security, DevSecOps, web application security, reverse engineering malware, security automation, and the development of security/privacy features. Before joining Brave, as an employee at Stackrox, Pranjal helped in the development of detection and enforcement features for the runtime detection platform. He has also worked at Apple and Adobe, where he worked on the development of features to harden various platforms. Pranjal holds an MS degree in information security from Carnegie Mellon University. He has also presented his research at different conferences, such as ACM CCS and BSides SF/Delhi.

作者簡介(中文翻譯)

Kaizhe Huang是Sysdig的安全研究員,他的研究範疇包括如何保護Kubernetes和容器免受從網路攻擊到核心攻擊的各種攻擊。Kaizhe是Falco的維護者之一,Falco是一個孵化階段的CNCF專案,他也是多個開源專案(如kube-psp-advisor)的原始作者。在加入Sysdig之前,Kaizhe在Stackrox擔任員工,協助建立偵測數據管道,進行安全研究並基於機器學習創新偵測方法。此前,作為Oracle的高級安全工程師,他協助建立了安全產品:Database Vault、Database Privilege Analyzer和Database Assessment Tool。Kaizhe擁有卡內基梅隆大學的資訊安全碩士學位。

Pranjal Jumde是Brave Inc.的高級安全工程師。在安全行業中,他涉獵了不同方面的安全領域,包括瀏覽器安全、作業系統/核心安全、DevSecOps、網路應用安全、惡意軟體逆向工程、安全自動化以及安全/隱私功能的開發。在加入Brave之前,作為Stackrox的員工,Pranjal協助開發了運行時偵測平台的偵測和執行功能。他還曾在蘋果和Adobe工作,參與了增強各種平台安全性的功能開發。Pranjal擁有卡內基梅隆大學的資訊安全碩士學位,並在ACM CCS和BSides SF/Delhi等不同的會議上發表過他的研究成果。