دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Kubernetes Security and Observability: A Holistic Approach to Securing Containers and Cloud Native Applications
دانلود کتاب امنیت و مشاهده Kubernetes: یک رویکرد جامع برای تأمین ظروف و برنامه های بومی ابر
مشخصات کتاب
Kubernetes Security and Observability: A Holistic Approach to Securing Containers and Cloud Native Applications
ویرایش: 1
نویسندگان: Brendan Creane. Amit Gupta
سری:
ISBN (شابک) : 1098107101, 9781098107109
ناشر: O'Reilly Media
سال نشر: 2021
تعداد صفحات: 195
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 11 مگابایت
قیمت کتاب (تومان) : 80,000
در صورت تبدیل فایل کتاب Kubernetes Security and Observability: A Holistic Approach to Securing Containers and Cloud Native Applications به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب امنیت و مشاهده Kubernetes: یک رویکرد جامع برای تأمین ظروف و برنامه های بومی ابر نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
Cover Copyright Table of Contents Preface The Stages of Kubernetes Adoption Who This Book Is For The Platform Team The Networking Team The Security Team The Compliance Team The Operations Team What You Will Learn Conventions Used in This Book Using Code Examples O’Reilly Online Learning How to Contact Us Acknowledgments Chapter 1. Security and Observability Strategy Security for Kubernetes: A New and Different World Deploying a Workload in Kubernetes: Security at Each Stage Build-Time Security: Shift Left Deploy-Time Security Runtime Security Observability Security Frameworks Security and Observability Conclusion Chapter 2. Infrastructure Security Host Hardening Choice of Operating System Nonessential Processes Host-Based Firewalling Always Research the Latest Best Practices Cluster Hardening Secure the Kubernetes Datastore Secure the Kubernetes API Server Encrypt Kubernetes Secrets at Rest Rotate Credentials Frequently Authentication and RBAC Restricting Cloud Metadata API Access Enable Auditing Restrict Access to Alpha or Beta Features Upgrade Kubernetes Frequently Use a Managed Kubernetes Service CIS Benchmarks Network Security Conclusion Chapter 3. Workload Deployment Controls Image Building and Scanning Choice of a Base Image Container Image Hardening Container Image Scanning Solution Privacy Concerns Container Threat Analysis CI/CD Scan Images by Registry Scanning Services Scan Images After Builds Inline Image Scanning Kubernetes Admission Controller Securing the CI/CD Pipeline Organization Policy Secrets Management etcd to Store Secrets Secrets Management Service Kubernetes Secrets Store CSI Driver Secrets Management Best Practices Authentication X509 Client Certificates Bearer Token OIDC Tokens Authentication Proxy Anonymous Requests User Impersonation Authorization Node ABAC AlwaysDeny/AlwaysAllow RBAC Namespaced RBAC Privilege Escalation Mitigation Conclusion Chapter 4. Workload Runtime Security Pod Security Policies Using Pod Security Policies Pod Security Policy Capabilities Pod Security Context Limitations of PSPs Process Monitoring Kubernetes Native Monitoring Seccomp SELinux AppArmor Sysctl Conclusion Chapter 5. Observability Monitoring Observability How Observability Works for Kubernetes Implementing Observability for Kubernetes Linux Kernel Tools Observability Components Aggregation and Correlation Visualization Service Graph Visualization of Network Flows Analytics and Troubleshooting Distributed Tracing Packet Capture Conclusion Chapter 6. Observability and Security Alerting Machine Learning Examples of Machine Learning Jobs Security Operations Center User and Entity Behavior Analytics Conclusion Chapter 7. Network Policy What Is Network Policy? Why Is Network Policy Important? Network Policy Implementations Network Policy Best Practices Ingress and Egress Not Just Mission-Critical Workloads Policy and Label Schemas Default Deny and Default App Policy Policy Tooling Development Processes and Microservices Benefits Policy Recommendations Policy Impact Previews Policy Staging and Audit Modes Conclusion Chapter 8. Managing Trust Across Teams Role-Based Access Control Limitations with Kubernetes Network Policies Richer Network Policy Implementations Admission Controllers Conclusion Chapter 9. Exposing Services to External Clients Understanding Direct Pod Connections Understanding Kubernetes Services Cluster IP Services Node Port Services Load Balancer Services externalTrafficPolicy:local Network Policy Extensions Alternatives to kube-proxy Direct Server Return Limiting Service External IPs Advertising Service IPs Understanding Kubernetes Ingress Conclusion Chapter 10. Encryption of Data in Transit Building Encryption into Your Code Sidecar or Service Mesh Encryption Network-Layer Encryption Conclusion Chapter 11. Threat Defense and Intrusion Detection Threat Defense for Kubernetes (Stages of an Attack) Intrusion Detection Intrusion Detection Systems IP Address and Domain Name Threat Feeds Special Considerations for Domain Name Feeds Advanced Threat Defense Techniques Canary Pods/Resources DNS-Based Attacks and Defense Conclusion Conclusion Index About the Authors Colophon
نظرات کاربران
کتاب های تصادفی
دانلود کتاب Historia philosophiae Medii Aevi. Studien zur Geschichte der Philosophie des Mittelalters. Festschrift für Kurt Flasch zu seinem 60. Geburtstag. 2 Bänder
دانلود کتاب Euphrates and Tigris, Mesopotamian Ecology and Destiny
دانلود کتاب Materie: Erde, Wasser, Luft und Feuer
