失效链接处理 |
Kubernetes Security PDF 下载 下载地址:
提取码:wbj7
相关截图: 主要内容:
Protecting credentials
Chapter 7 discusses how to store credentials and pass them
safely into applications.
We finish in Chapter 8 with some advanced ideas for securing your
Kubernetes cluster.
But before we get started on Kubernetes-specific information, let’s
introduce a few important general security concepts that we’ll use in
the rest of the book.
Security Principles
In this section, we’ll discuss three important principles that can be
used to increase security: defense in depth, least privilege, and limit‐
ing the attack surface.
Defense in Depth
Picture a medieval castle under siege. It has strong, high walls to
keep undesirables out. The wall is surrounded by a moat, with
access via a drawbridge that is lowered only occasionally to let peo‐
ple in and out. The castle has thick doors, and bars across any win‐
dows. Archers patrol the castle walls, ready to fire at any attacker.
The castle has several layers of defense. Attackers who can swim
might be prepared to cross the moat, but then they have the walls to
scale, and the likelihood of being picked off by an archer. It might be
possible to compromise any given layer in the defensive structure,
but by having several layers, it’s hard for an attacker to successfully
enter the castle.
In the same way, it’s preferable to have several layers of defense
against attacks on your Kubernetes cluster. If you’re relying on a sin‐
gle defensive measure, attackers might find their way around it.
Least Privilege
The principle of least privilege tells us to restrict access so that differ‐
ent components can access only the information and resources they
need to operate correctly. In the event of a component being com‐
promised, an attacker can reach only the subset of information and
resources available to that component. This limits the “blast radius”
of the attack.
|