12 Securing Kubernetes

 

This chapter covers

  • Keeping your cluster up to date and patched
  • Managing disruptions
  • Using DaemonSets to deploy node agents to every node
  • Running containers as the non-root user
  • Using admission controllers to validate and modify Kubernetes objects
  • Enforcing Pod Security Standards
  • Controlling namespace access with RBAC

So far, this book has focused on deploying different types of software into Kubernetes clusters. In this last chapter, I’ll cover some key topics when it comes to keeping everything secure. Security is a huge area in general, and Kubernetes is no exception. If you deploy code to a Kubernetes cluster managed by another team, then lucky you—you may not need to worry about some of these topics. For developers who are also responsible for operations or are cluster operators themselves, securing and updating the cluster is a key responsibility.

In addition to keeping your cluster up to date, handling disruption, deploying node agents, and building non-root containers, this chapter takes you through the process of creating a dedicated namespace for a team of developers and how access can be granted specifically to that namespace. This is a pretty common pattern I’ve observed in companies where several teams share clusters.

12.1 Staying up to date

 

12.1.1 Cluster and node updates

 
 
 

12.1.2 Updating containers

 
 
 

12.1.3 Handling disruptions

 
 

12.2 Deploying node agents with DaemonSet

 

12.3 Pod security context

 
 

12.4 Non-root containers

 

12.5 Admission controllers

 

12.5.1 Pod Security admission

 
 
 
 

12.5.2 Balancing security with compatibility

 

12.6 Role-based access control

 

12.7 Next steps

 
 
 

Summary

 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest