Availability: Hacking Kubernetes | Technische Universität München

Hacking Kubernetes: threat-driven analysis and defense

Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vu...

Full description

Saved in:

Bibliographic Details
Main Author:	Martin, Andrew (Author)
Format:	Electronic eBook
Language:	English
Published:	Sebastapol, CA O'Reilly Media 2021
Edition:	First edition.
Subjects:	Open source software > Security measures Application software > Security measures Logiciels libres ; Sécurité ; Mesures Logiciels d'application ; Sécurité ; Mesures
Links:	https://learning.oreilly.com/library/view/-/9781492081722/?ar
Summary:	Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack. This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system. Understand where your Kubernetes system is vulnerable with threat modelling techniques Focus on pods, from configurations to attacks and defenses Secure your cluster and workload traffic Define and enforce policy with RBAC, OPA, and Kyverno Dive deep into sandboxing and isolation techniques Learn how to detect and mitigate supply chain attacks Explore filesystems, volumes, and sensitive information at rest Discover what can go wrong when running multitenant workloads in a cluster Learn what you can do if someone breaks in despite you having controls in place.
Item Description:	Online resource; title from digital title page (viewed on October 28, 2021)
Physical Description:	1 Online-Ressource
ISBN:	9781492081708 1492081701 9781492081685 149208168X

Staff View

MARC


LEADER	00000cam a22000002c 4500
001	ZDB-30-ORH-06157631X
003	DE-627-1
005	20240228121446.0
007	cr uuu---uuuuu
008	210216s2021 xx \|\|\|\|\|o 00\| \|\|eng c
020			\|a 9781492081708 \|c electronic book \|9 978-1-4920-8170-8
020			\|a 1492081701 \|c electronic book \|9 1-4920-8170-1
020			\|a 9781492081685 \|c electronic book \|9 978-1-4920-8168-5
020			\|a 149208168X \|c electronic book \|9 1-4920-8168-X
035			\|a (DE-627-1)06157631X
035			\|a (DE-599)KEP06157631X
035			\|a (ORHE)9781492081722
035			\|a (DE-627-1)06157631X
040			\|a DE-627 \|b ger \|c DE-627 \|e rda
041			\|a eng
082	0		\|a 005.3 \|2 23
100	1		\|a Martin, Andrew \|e VerfasserIn \|4 aut
245	1	0	\|a Hacking Kubernetes \|b threat-driven analysis and defense \|c Andrew Martin and Michael Hausenblas
250			\|a First edition.
264		1	\|a Sebastapol, CA \|b O'Reilly Media \|c 2021
264		4	\|c ©2021
300			\|a 1 Online-Ressource
336			\|a Text \|b txt \|2 rdacontent
337			\|a Computermedien \|b c \|2 rdamedia
338			\|a Online-Ressource \|b cr \|2 rdacarrier
500			\|a Online resource; title from digital title page (viewed on October 28, 2021)
520			\|a Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack. This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system. Understand where your Kubernetes system is vulnerable with threat modelling techniques Focus on pods, from configurations to attacks and defenses Secure your cluster and workload traffic Define and enforce policy with RBAC, OPA, and Kyverno Dive deep into sandboxing and isolation techniques Learn how to detect and mitigate supply chain attacks Explore filesystems, volumes, and sensitive information at rest Discover what can go wrong when running multitenant workloads in a cluster Learn what you can do if someone breaks in despite you having controls in place.
650		0	\|a Open source software \|x Security measures
650		0	\|a Application software \|x Security measures
650		4	\|a Logiciels libres ; Sécurité ; Mesures
650		4	\|a Logiciels d'application ; Sécurité ; Mesures
776	1		\|z 1492081736
776	0	8	\|i Erscheint auch als \|n Druck-Ausgabe \|z 1492081736
966	4	0	\|l DE-91 \|p ZDB-30-ORH \|q TUM_PDA_ORH \|u https://learning.oreilly.com/library/view/-/9781492081722/?ar \|m X:ORHE \|x Aggregator \|z lizenzpflichtig \|3 Volltext
912			\|a ZDB-30-ORH
912			\|a ZDB-30-ORH
951			\|a BO
912			\|a ZDB-30-ORH
049			\|a DE-91

Record in the Search Index

DE-BY-TUM_katkey	ZDB-30-ORH-06157631X
_version_	1831287052424970241
adam_text
any_adam_object
author	Martin, Andrew
author_facet	Martin, Andrew
author_role	aut
author_sort	Martin, Andrew
author_variant	a m am
building	Verbundindex
bvnumber	localTUM
collection	ZDB-30-ORH
ctrlnum	(DE-627-1)06157631X (DE-599)KEP06157631X (ORHE)9781492081722
dewey-full	005.3
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.3
dewey-search	005.3
dewey-sort	15.3
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
edition	First edition.
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>03012cam a22004692c 4500</leader><controlfield tag="001">ZDB-30-ORH-06157631X</controlfield><controlfield tag="003">DE-627-1</controlfield><controlfield tag="005">20240228121446.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">210216s2021 xx \|\|\|\|\|o 00\| \|\|eng c</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781492081708</subfield><subfield code="c">electronic book</subfield><subfield code="9">978-1-4920-8170-8</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1492081701</subfield><subfield code="c">electronic book</subfield><subfield code="9">1-4920-8170-1</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781492081685</subfield><subfield code="c">electronic book</subfield><subfield code="9">978-1-4920-8168-5</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">149208168X</subfield><subfield code="c">electronic book</subfield><subfield code="9">1-4920-8168-X</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)06157631X</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)KEP06157631X</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ORHE)9781492081722</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)06157631X</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.3</subfield><subfield code="2">23</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Martin, Andrew</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Hacking Kubernetes</subfield><subfield code="b">threat-driven analysis and defense</subfield><subfield code="c">Andrew Martin and Michael Hausenblas</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">First edition.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Sebastapol, CA</subfield><subfield code="b">O'Reilly Media</subfield><subfield code="c">2021</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2021</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Online resource; title from digital title page (viewed on October 28, 2021)</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack. This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system. Understand where your Kubernetes system is vulnerable with threat modelling techniques Focus on pods, from configurations to attacks and defenses Secure your cluster and workload traffic Define and enforce policy with RBAC, OPA, and Kyverno Dive deep into sandboxing and isolation techniques Learn how to detect and mitigate supply chain attacks Explore filesystems, volumes, and sensitive information at rest Discover what can go wrong when running multitenant workloads in a cluster Learn what you can do if someone breaks in despite you having controls in place.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Open source software</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Application software</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Logiciels libres ; Sécurité ; Mesures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Logiciels d'application ; Sécurité ; Mesures</subfield></datafield><datafield tag="776" ind1="1" ind2=" "><subfield code="z">1492081736</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="z">1492081736</subfield></datafield><datafield tag="966" ind1="4" ind2="0"><subfield code="l">DE-91</subfield><subfield code="p">ZDB-30-ORH</subfield><subfield code="q">TUM_PDA_ORH</subfield><subfield code="u">https://learning.oreilly.com/library/view/-/9781492081722/?ar</subfield><subfield code="m">X:ORHE</subfield><subfield code="x">Aggregator</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">BO</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91</subfield></datafield></record></collection>
id	ZDB-30-ORH-06157631X
illustrated	Not Illustrated
indexdate	2025-05-05T13:23:47Z
institution	BVB
isbn	9781492081708 1492081701 9781492081685 149208168X
language	English
open_access_boolean
owner	DE-91 DE-BY-TUM
owner_facet	DE-91 DE-BY-TUM
physical	1 Online-Ressource
psigel	ZDB-30-ORH TUM_PDA_ORH ZDB-30-ORH
publishDate	2021
publishDateSearch	2021
publishDateSort	2021
publisher	O'Reilly Media
record_format	marc
spelling	Martin, Andrew VerfasserIn aut Hacking Kubernetes threat-driven analysis and defense Andrew Martin and Michael Hausenblas First edition. Sebastapol, CA O'Reilly Media 2021 ©2021 1 Online-Ressource Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Online resource; title from digital title page (viewed on October 28, 2021) Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack. This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system. Understand where your Kubernetes system is vulnerable with threat modelling techniques Focus on pods, from configurations to attacks and defenses Secure your cluster and workload traffic Define and enforce policy with RBAC, OPA, and Kyverno Dive deep into sandboxing and isolation techniques Learn how to detect and mitigate supply chain attacks Explore filesystems, volumes, and sensitive information at rest Discover what can go wrong when running multitenant workloads in a cluster Learn what you can do if someone breaks in despite you having controls in place. Open source software Security measures Application software Security measures Logiciels libres ; Sécurité ; Mesures Logiciels d'application ; Sécurité ; Mesures 1492081736 Erscheint auch als Druck-Ausgabe 1492081736
spellingShingle	Martin, Andrew Hacking Kubernetes threat-driven analysis and defense Open source software Security measures Application software Security measures Logiciels libres ; Sécurité ; Mesures Logiciels d'application ; Sécurité ; Mesures
title	Hacking Kubernetes threat-driven analysis and defense
title_auth	Hacking Kubernetes threat-driven analysis and defense
title_exact_search	Hacking Kubernetes threat-driven analysis and defense
title_full	Hacking Kubernetes threat-driven analysis and defense Andrew Martin and Michael Hausenblas
title_fullStr	Hacking Kubernetes threat-driven analysis and defense Andrew Martin and Michael Hausenblas
title_full_unstemmed	Hacking Kubernetes threat-driven analysis and defense Andrew Martin and Michael Hausenblas
title_short	Hacking Kubernetes
title_sort	hacking kubernetes threat driven analysis and defense
title_sub	threat-driven analysis and defense
topic	Open source software Security measures Application software Security measures Logiciels libres ; Sécurité ; Mesures Logiciels d'application ; Sécurité ; Mesures
topic_facet	Open source software Security measures Application software Security measures Logiciels libres ; Sécurité ; Mesures Logiciels d'application ; Sécurité ; Mesures
work_keys_str_mv	AT martinandrew hackingkubernetesthreatdrivenanalysisanddefense

Availability

‌

Read online