Hacking Kubernetes: Threat-Driven Analysis and Defense

by Andrew Martin, Michael Hausenblas

Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide to Kubernetes security. Each chapter examines a particular component's architecture and potential default settings and then reviews existing high-profile attacks and historical Common Vulnerabilities and Exposures (CVEs). Authors Andrew Martin and Michael Hausenblas share best-practice configuration to help you harden clusters from possible angles of attack. This book begins with a vanilla Kubernetes installation with built-in defaults. You'll examine an abstract threat model of a distributed system running arbitrary workloads, and then progress to a detailed assessment of each component of a secure Kubernetes system.

Genres: Technology, Programming, Technical, Engineering, Reference, Computer Science, Computers

311 pages, Paperback

Published November 16, 2021

About the author

Librarian Note: There is more than one author in the GoodReads database with this name.

Andrew Martin (born 6 July 1962) is an English novelist and journalist.

Martin was brought up in Yorkshire, studied at the University of Oxford and qualified as a barrister. He has since worked as a freelance journalist for a number of publications while writing novels, starting with Bilton, a comic novel about journalists, and The Bobby Dazzlers, a comic novel set in the North of England, for which he was named Spectator Young Writer of the Year. His series of detective novels about Jim Stringer, a railwayman reassigned to the North Eastern Railway Police in Edwardian England, includes The Necropolis Railway, The Blackpool Highflyer, The Lost Luggage Porter, Murder at Deviation Junction and Death on a Branch Line. He has also written the non-fiction book; How to Get Things Really Flat: A Man's Guide to Ironing, Dusting and Other Household Arts.

Reviews

[∃Ⓐ∀ · Rating 3 out of 5]

I would maybe give it a 3 and a half starts instead. The first few chapters were very good in that in seemed like the author was going to dive deeper than they did on technical details related to the kernel. For instance, he described some basic concepts that perhaps most people would already be familiar with reading the book, but missed opportunities to describe cgroups and capabilities in detail, as well as covering data that can be obtained abut the host via /proc and /proc/fs. Some chapters felt more like review of tools, which I appreciated at times, but he leaned a bit too much on tooling how-tos in some chapters. I still enjoyed it and was able to make note of several other areas for further investigation.

[pandapoo · Rating 4 out of 5]

Expected it to be more technical. It has a nice list of resources in Appendix B.

[Mayur Sinha · Rating 3 out of 5]

You don’t necessarily need this book to hack Kubernetes. Instead, it’s more useful for checking the references provided within it. By using these references, you can effectively hack and secure your Kubernetes infrastructure.