Michael Hausenblas is an AWS developer advocate.
Liz Rice is the Technology Evangelist with container security specialists Aqua Security, where she also works on container-related open source projects including kube-hunter, kube-bench and manifesto. She was Co-Chair of the CNCF’s KubeCon + CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle.
She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift.
发表于2024-11-23
Kubernetes Security 2024 pdf epub mobi 电子书
图书标签: 软件工程 计算机科学 英文版 容器 分布式 2019
Kubernetes has fundamentally changed the way DevOps teams create, manage, and operate container-based applications, but as with any production process, you can never provide enough security. This practical ebook walks you through Kubernetes security features—including when to use what—and shows you how to augment those features with container image best practices and secure network communication.
Liz Rice from Aqua Security and Michael Hausenblas from Red Hat not only describe practical security techniques for Kubernetes but also maintain an accompanying website. Developers will learn how to build container images with security in mind, and ops folks will pick up techniques for configuring and operating a Kubernetes cluster more securely.
Explore security concepts including defense in depth, least privilege, and limiting the attack surface
Safeguard clusters by securing worker nodes and control plane components, such as the API server and the etcd key value store
Learn how Kubernetes uses authentication and authorization to grant fine-grained access
Secure container images against known vulnerabilities and abuse by third parties
Examine security boundaries and policy enforcement features for running containers securely
Learn about the options for handling secret information such as credentials
Delve into advanced topics such as monitoring, alerting, and auditing, as well as sandboxing and runtime protection
三四两章基本是 Reference/Accessing the API 重新整理组织了一下,相对更简短清晰一些,Authenticate 相关细节还是得看代码(kubernetes/staging/src/k8s.io/apiserver/pkg/authentication);agg layer 逃不开 Auth proxy;正确的配置 Authenticate/Authorization,核心组件就不用自己去配 RBAC = =
评分三四两章基本是 Reference/Accessing the API 重新整理组织了一下,相对更简短清晰一些,Authenticate 相关细节还是得看代码(kubernetes/staging/src/k8s.io/apiserver/pkg/authentication);agg layer 逃不开 Auth proxy;正确的配置 Authenticate/Authorization,核心组件就不用自己去配 RBAC = =
评分更像是一个博客集合
评分更像是一个博客集合
评分三四两章基本是 Reference/Accessing the API 重新整理组织了一下,相对更简短清晰一些,Authenticate 相关细节还是得看代码(kubernetes/staging/src/k8s.io/apiserver/pkg/authentication);agg layer 逃不开 Auth proxy;正确的配置 Authenticate/Authorization,核心组件就不用自己去配 RBAC = =
Kubernetes Security 2024 pdf epub mobi 电子书