Secure your Kubernetes clusters with RBAC, Secrets management, Pod Security Standards, service accounts, and security best practices.
36 recipes available
Configure custom Certificate Authority trust across an OpenShift cluster using proxy config, image config, and automatic CA bundle injection into pods.
Configure custom Certificate Authority trust in both OpenShift and vanilla Kubernetes for private registries, internal services, and corporate PKI.
Configure custom Certificate Authority trust in vanilla Kubernetes using ConfigMap mounts, node-level trust stores, and containerd registry configuration.
Secure OpenClaw deployments with Kubernetes NetworkPolicies to restrict egress to messaging APIs, block unauthorized ingress, and isolate the gateway.
Manage API keys, bot tokens, and credentials for OpenClaw on Kubernetes using Kubernetes Secrets, External Secrets Operator, and Sealed Secrets.
Replace admin credentials in the OpenShift cluster-wide pull secret with a Quay robot account for secure, auditable container image pulls across all namespaces.
Configure OpenShift to trust a custom Certificate Authority for private container registries using additionalTrustedCA and image.config.openshift.io settings.
Automate Quay robot account token rotation across Kubernetes namespaces with zero-downtime credential updates and validation scripts.
Understand SELinux device relabeling and Security Context Constraints (SCC) requirements for the NVIDIA GPU Operator driver pods on OpenShift.
Replace and activate new TLS certificates tenant by tenant in OpenShift IngressController deployments with verification steps and rollback guidance.
Set up tenant-isolated TLS in OpenShift by assigning a dedicated certificate Secret to each IngressController for multi-tenant routing security.
Implement low-risk secret rotation in OpenShift multi-tenant environments using versioned Secrets and controlled rollouts.
Implement Kubernetes-native policy management using Kyverno to validate, mutate, and generate resources with declarative policies written in YAML
Secure your Kubernetes pods with Security Context settings. Learn to set user/group IDs, file system permissions, capabilities, and privilege escalation.
Encrypt Kubernetes secrets for safe Git storage with Sealed Secrets. Learn to seal, manage, and rotate secrets in GitOps workflows securely.
Securely access cloud services from Kubernetes pods without static credentials. Configure Workload Identity for AWS, Azure, and GCP with IRSA, Workload.
Automate TLS certificate management with cert-manager. Configure issuers, request certificates from Let's Encrypt, and enable automatic renewal.
Implement container image vulnerability scanning with Trivy, Grype, and other tools. Integrate scanning into CI/CD pipelines and admission control.
Scan container images for vulnerabilities before deployment. Integrate Trivy and other tools into CI/CD pipelines and runtime admission control.
Sync secrets from external providers like AWS Secrets Manager, HashiCorp Vault, and Azure Key Vault into Kubernetes using External Secrets Operator.
Enforce Kubernetes policies with Kyverno. Validate, mutate, and generate resources using declarative YAML policies without code.
Enforce security standards with Pod Security Admission. Configure privileged, baseline, and restricted policies at namespace level for cluster-wide.
Best practices for managing secrets in Kubernetes. Learn encryption at rest, secret rotation, and integration with external secret stores.
Secure your Kubernetes workloads with service accounts and role-based access control. Create roles, bindings, and implement least-privilege access.
Secure your Kubernetes workloads using Pod Security Standards (PSS). Learn to enforce Privileged, Baseline, and Restricted policies at the namespace level.
Master Kubernetes RBAC (Role-Based Access Control) to secure your cluster. Learn to create Roles, ClusterRoles, and bind them to ServiceAccounts.
Rotate and update Certificate Authority (CA) certificates in Kubernetes clusters including kube-apiserver, etcd, kubelet, and custom CA bundles for TLS.
Enhance container isolation using gVisor sandbox runtime to add an additional security layer between containers and the host kernel for untrusted workloads
Securely manage secrets with HashiCorp Vault in Kubernetes. Learn to inject secrets into pods using the Vault Agent Injector and CSI Provider.
Configure OpenID Connect (OIDC) authentication to integrate Kubernetes with identity providers like Keycloak, Okta, Azure AD, and Google for secure user.
Set up secure API server access with authentication and authorization. Configure RBAC, API groups, and audit logging for cluster security.
Build validating and mutating admission webhooks to enforce policies and modify resources. Implement custom admission controllers for Kubernetes.
Enable and configure Kubernetes API audit logging. Track who did what, when, and to which resources for security compliance and troubleshooting.
Configure different container runtimes for workloads. Use gVisor, Kata Containers, or other runtimes for enhanced security and isolation.
Master advanced Kubernetes NetworkPolicies for fine-grained traffic control. Learn egress rules, CIDR blocks, namespace isolation, and common security.
Configure Kubernetes secrets encryption at rest using external KMS providers. Learn to set up AWS KMS, GCP KMS, and Azure Key Vault encryption.
Our book includes an entire chapter dedicated to security with dozens more examples.
📖 Explore All Chapters