Java知识分享网 - 轻松学习从此开始!    

Java知识分享网

Java1234官方群25:java1234官方群17
Java1234官方群25:838462530
        
SpringBoot+SpringSecurity+Vue+ElementPlus权限系统实战课程 震撼发布        

最新Java全栈就业实战课程(免费)

springcloud分布式电商秒杀实战课程

IDEA永久激活

66套java实战课程无套路领取

锋哥开始收Java学员啦!

Python学习路线图

锋哥开始收Java学员啦!
当前位置: 主页 > Java文档 > 大数据云计算 >

Kubernetes Security PDF 下载


分享到:
时间:2020-05-11 17:16来源:http://www.java1234.com 作者:小锋  侵权举报
Kubernetes Security PDF 下载
失效链接处理
Kubernetes Security PDF 下载

下载地址:

提取码:wbj7

相关截图:


主要内容:

Protecting credentials
Chapter 7 discusses how to store credentials and pass them
safely into applications.
We finish in Chapter 8 with some advanced ideas for securing your
Kubernetes cluster.
But before we get started on Kubernetes-specific information, let’s
introduce a few important general security concepts that we’ll use in
the rest of the book.
Security Principles
In this section, we’ll discuss three important principles that can be
used to increase security: defense in depth, least privilege, and limit‐
ing the attack surface.
Defense in Depth
Picture a medieval castle under siege. It has strong, high walls to
keep undesirables out. The wall is surrounded by a moat, with
access via a drawbridge that is lowered only occasionally to let peo‐
ple in and out. The castle has thick doors, and bars across any win‐
dows. Archers patrol the castle walls, ready to fire at any attacker.
The castle has several layers of defense. Attackers who can swim
might be prepared to cross the moat, but then they have the walls to
scale, and the likelihood of being picked off by an archer. It might be
possible to compromise any given layer in the defensive structure,
but by having several layers, it’s hard for an attacker to successfully
enter the castle.
In the same way, it’s preferable to have several layers of defense
against attacks on your Kubernetes cluster. If you’re relying on a sin‐
gle defensive measure, attackers might find their way around it.
Least Privilege
The principle of least privilege tells us to restrict access so that differ‐
ent components can access only the information and resources they
need to operate correctly. In the event of a component being com‐
promised, an attacker can reach only the subset of information and
resources available to that component. This limits the “blast radius”
of the attack.
 

------分隔线----------------------------

锋哥公众号


锋哥微信


关注公众号
【Java资料站】
回复 666
获取 
66套java
从菜鸡到大神
项目实战课程

锋哥推荐