...

CI/CD Pipeline

Learn how can we secure code in the application delivery process.

We'll cover the following...

Security in the software delivery pipeline

The previous chapter showed us how to threat-model Kubernetes using the STRIDE model. In this chapter, we’ll learn about security-related challenges we’re likely to encounter when implementing Kubernetes in the real world.

The chapter's goal is to show us things from the high-level view of a security architect. It does not provide cookbook-style solutions.

Security in the software delivery pipeline

Containers revolutionized the way we build, ship, and run applications. Unfortunately, this has also made it easier than ever to run dangerous code.

Let’s look at some ways to secure the supply chain that gets application code from a developer’s laptop to production servers.

Image repositories

We store images in public and private registries that we divide into repositories.

Public registries are on the internet and are the easiest way to push and pull images. However, we should be very careful when using them:

We need to adequately protect the images we store on public registries.
We should not trust the images we pull from public registries.

Some public registries have the concept of official images and community images. Generally, official images are safer than community images, ...

Kubernetes Primer

Kubernetes Principles of Operation

Getting Kubernetes

Working With Pods: Theory

Working with Pods: Hands-On

Virtual Clusters with Namespaces

Kubernetes Deployments

Deploying a Web Application over Kubernetes

Kubernetes Services: Theory

Kubernetes Services: Hands-On

Ingress

WebAssembly on Kubernetes

Service Discovery: Deep Dive

Kubernetes Storage

ConfigMaps

Deploy a Full Stack Web Application over Kubernetes

StatefulSets

API Security and RBAC

Kubernetes API

Threat Modeling Kubernetes

Real-World Kubernetes Security

Conclusion

CI/CD Pipeline

Security in the software delivery pipeline

Image repositories