Secure your Kubernetes clusters with RBAC, Secrets management, Pod Security Standards, service accounts, and security best practices.
23 recipes available
Implement Kubernetes-native policy management using Kyverno to validate, mutate, and generate resources with declarative policies written in YAML
Secure your Kubernetes pods with Security Context settings. Learn to set user/group IDs, file system permissions, capabilities, and privilege escalation controls.
Encrypt Kubernetes secrets for safe Git storage with Sealed Secrets. Learn to seal, manage, and rotate secrets in GitOps workflows securely.
Securely access cloud services from Kubernetes pods without static credentials. Configure Workload Identity for AWS, Azure, and GCP with IRSA, Workload Identity, and Federation.
Automate TLS certificate management with cert-manager. Configure issuers, request certificates from Let's Encrypt, and enable automatic renewal.
Scan container images for vulnerabilities before deployment. Integrate Trivy and other tools into CI/CD pipelines and runtime admission control.
Sync secrets from external providers like AWS Secrets Manager, HashiCorp Vault, and Azure Key Vault into Kubernetes using External Secrets Operator.
Implement policy-as-code with Kyverno. Validate, mutate, and generate Kubernetes resources without writing webhook code.
Enforce security standards with Pod Security Admission. Configure privileged, baseline, and restricted policies at namespace level for cluster-wide security.
Best practices for managing secrets in Kubernetes. Learn encryption at rest, secret rotation, and integration with external secret stores.
Secure your Kubernetes workloads with service accounts and role-based access control. Create roles, bindings, and implement least-privilege access patterns.
Implement container image scanning in Kubernetes using Trivy. Learn to scan images in CI/CD, admission controllers, and runtime.
Secure your Kubernetes workloads using Pod Security Standards (PSS). Learn to enforce Privileged, Baseline, and Restricted policies at the namespace level.
Master Kubernetes RBAC (Role-Based Access Control) to secure your cluster. Learn to create Roles, ClusterRoles, and bind them to ServiceAccounts.
Securely manage secrets with HashiCorp Vault in Kubernetes. Learn to inject secrets into pods using the Vault Agent Injector and CSI Provider.
Enhance container isolation using gVisor sandbox runtime to add an additional security layer between containers and the host kernel for untrusted workloads
Configure OpenID Connect (OIDC) authentication to integrate Kubernetes with identity providers like Keycloak, Okta, Azure AD, and Google for secure user access
Set up secure API server access with authentication and authorization. Configure RBAC, API groups, and audit logging for cluster security.
Build validating and mutating admission webhooks to enforce policies and modify resources. Implement custom admission controllers for Kubernetes.
Enable and configure Kubernetes API audit logging. Track who did what, when, and to which resources for security compliance and troubleshooting.
Configure different container runtimes for workloads. Use gVisor, Kata Containers, or other runtimes for enhanced security and isolation.
Master advanced Kubernetes NetworkPolicies for fine-grained traffic control. Learn egress rules, CIDR blocks, namespace isolation, and common security patterns.
Configure Kubernetes secrets encryption at rest using external KMS providers. Learn to set up AWS KMS, GCP KMS, and Azure Key Vault encryption.
Our book includes an entire chapter dedicated to security with dozens more examples.
📖 Explore All Chapters