Kubernetes Security and Observability

دانلود کتاب Kubernetes Security and Observability

44000 تومان موجود

کتاب امنیت و قابلیت مشاهده Kubernetes نسخه زبان اصلی

دانلود کتاب امنیت و قابلیت مشاهده Kubernetes بعد از پرداخت مقدور خواهد بود
توضیحات کتاب در بخش جزئیات آمده است و می توانید موارد را مشاهده فرمایید


این کتاب نسخه اصلی می باشد و به زبان فارسی نیست.


امتیاز شما به این کتاب (حداقل 1 و حداکثر 5):

امتیاز کاربران به این کتاب:        تعداد رای دهنده ها: 10


توضیحاتی در مورد کتاب Kubernetes Security and Observability

نام کتاب : Kubernetes Security and Observability
عنوان ترجمه شده به فارسی : امنیت و قابلیت مشاهده Kubernetes
سری :
نویسندگان : ,
ناشر : O'Reilly Media, Inc.
سال نشر : 2021
تعداد صفحات : 237
ISBN (شابک) : 9781098107109 , 9781098107116
زبان کتاب : English
فرمت کتاب : pdf
حجم کتاب : 6 مگابایت



بعد از تکمیل فرایند پرداخت لینک دانلود کتاب ارائه خواهد شد. درصورت ثبت نام و ورود به حساب کاربری خود قادر خواهید بود لیست کتاب های خریداری شده را مشاهده فرمایید.


فهرست مطالب :


Preface
The Stages of Kubernetes Adoption
Who This Book Is For
The Platform Team
The Networking Team
The Security Team
The Compliance Team
The Operations Team
What You Will Learn
Conventions Used in This Book
Using Code Examples
O’Reilly Online Learning
How to Contact Us
Acknowledgments
1. Security and Observability Strategy
Security for Kubernetes: A New and Different World
Deploying a Workload in Kubernetes: Security at Each Stage
Build-Time Security: Shift Left
Deploy-Time Security
Runtime Security
Observability
Security Frameworks
Security and Observability
Conclusion
2. Infrastructure Security
Host Hardening
Choice of Operating System
Nonessential Processes
Host-Based Firewalling
Always Research the Latest Best Practices
Cluster Hardening
Secure the Kubernetes Datastore
Secure the Kubernetes API Server
Encrypt Kubernetes Secrets at Rest
Rotate Credentials Frequently
Authentication and RBAC
Restricting Cloud Metadata API Access
Enable Auditing
Restrict Access to Alpha or Beta Features
Upgrade Kubernetes Frequently
Use a Managed Kubernetes Service
CIS Benchmarks
Network Security
Conclusion
3. Workload Deployment Controls
Image Building and Scanning
Choice of a base image
Container Image Hardening
Container Image Scanning Solution
Privacy Concerns
Container Threat Analysis
CI/CD
Scan Images by Registry Scanning Services
Scan Images After Builds
Inline Image Scanning
Kubernetes Admission Controller
Securing the CI/CD pipeline
Organization Policy
Secrets Management
etcd to Store Secrets
Secrets Management Service
Kubernetes Secrets Store CSI Driver
Secrets Management Best Practices
Authentication
X509 Client Certificates
Bearer Token
OIDC Tokens
Authentication Proxy
Anonymous Requests
User impersonation
Authorization
Node
ABAC
AlwaysDeny/AlwaysAllow
RBAC
Namespaced RBAC
Privilege escalation mitigation
Conclusion
4. Workload runtime security
Pod Security Policies (PSPs)
Using Pod Security Policies
Pod Security Policy Capabilities
Pod Security Context
Limitations of PSPs
Process Monitoring
Kubernetes Native Monitoring
Seccomp
SELinux
AppArmor
Sysctl
Conclusion
5. Observability
Monitoring
Observability
How Observability Works for Kubernetes
Implementing Observability for Kubernetes
Linux Kernel Tools
Observability Components
Aggregation and Correlation
Visualization
Service Graph
Visualization of Network Flows
Analytics and Troubleshooting
Distributed Tracing
Packet Capture
Conclusion
6. Observability and Security
Alerting
Machine Learning
Security Operations Center
User and Entity Behavior Analytics
Conclusion
7. Network Policy
What Is Network Policy?
Why Is Network Policy Important?
Network Policy Implementations
Network Policy Best Practices
Ingress and egress
Not Just Mission-Critical Workloads
Policy and Label Schemas
Default Deny and Default App Policy
Policy Tooling
Development Processes and Microservices Benefits
Policy Recommendations
Policy Impact Previews
Policy Staging and Audit Modes
Conclusion
8. Managing Trust Across Teams
Role-Based Access Control
Limitations with Kubernetes Network Policies
Richer Network Policy Implementations
Admissions Controllers
Conclusion
9. Exposing Services to External Clients
Understanding Direct Pod Connections
Understanding Kubernetes Services
Cluster IP Services
Node Port Services
Load Balancer Services
externalTrafficPolicy:local
Network Policy Extensions
Alternatives to kube-proxy
Direct Server Return
Limiting Service External IPs
Advertising Service IPs
Understanding Kubernetes Ingress
Conclusion
10. Encryption of Data in Transit
Building Encryption into Your Ccode
Sidecar or Service Mesh Encryption
Network-Layer Encryption
Conclusion
11. Threat Defense and Intrusion Detection
Threat Defense for Kubernetes (Stages of an Attack)
Intrusion Detection
Intrusion Detection Systems
IP Address and Domain Name Threat feeds
Special Considerations for Domain Name Feeds
Advanced Threat Defense techniques
Canary Pods/Resources
DNS-Based Attacks and Defense
Conclusion
Conclusion




پست ها تصادفی