Hacking Kubernetes
Threat-Driven Analysis and Defense
A threat-modeling tour of a Kubernetes cluster, component by component, that teaches you to harden defaults by first showing you how each one gets broken.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Andrew Martin,Michael Hausenblas
- Published
- 2021
- Publisher
- O'Reilly Media
- Pages
- 311
- Language
- English
Prerequisites
You need to already run Kubernetes. The book assumes you know pods, deployments, RBAC, and kubectl, and spends none of its pages teaching them.
Read this if
Platform and security engineers who own clusters in production and want an attacker's map of where the soft spots are.
Skip this if
Skip this if you are new to Kubernetes or want a step-by-step hardening checklist; it explains why more than it hands you copy-paste configs.
Key takeaways
- Default Kubernetes is built for convenience, not safety, and every chapter shows a default that an attacker is grateful for.
- Container breakout, lateral movement, and supply-chain compromise are the threats that actually matter, not the ones the dashboards highlight.
- Defense is layered: a single misconfigured RBAC binding or hostPath mount undoes everything else.
Notes
The threat-driven framing is what makes this worth the shelf space: instead of a wall of YAML to apply, it walks the attack first and lets the mitigation fall out of it, which is how the lessons actually stick. The trade-off is shelf life, since some specifics already lag fast-moving Kubernetes releases, but the mental model it builds outlasts the version numbers.
What to read before
What to read before Hacking Kubernetes →Intermediate · 2020
Container Security
Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.
Intermediate · 2018
Kubernetes Security
Liz Rice and Michael Hausenblas's freely-available O'Reilly short on the Kubernetes-specific security model: API server, RBAC, network policy, secrets, and the typical hardening steps that move a cluster from default to defensible.
Intermediate · 2018
Pentesting Azure Applications
Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.
What to read next
What to read after Hacking Kubernetes →Advanced · 2021
Kubernetes Security and Observability
Brendan Creane and Amit Gupta's combined treatment of Kubernetes security and observability — RBAC, network policy, runtime detection, and the telemetry needed to make any of it operationally real.
Intermediate · 2020
Container Security
Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.
Intermediate · 2018
Kubernetes Security
Liz Rice and Michael Hausenblas's freely-available O'Reilly short on the Kubernetes-specific security model: API server, RBAC, network policy, secrets, and the typical hardening steps that move a cluster from default to defensible.
Explore similar books
Alternatives to Hacking Kubernetes →Intermediate · 2020
Container Security
Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.
Intermediate · 2018
Kubernetes Security
Liz Rice and Michael Hausenblas's freely-available O'Reilly short on the Kubernetes-specific security model: API server, RBAC, network policy, secrets, and the typical hardening steps that move a cluster from default to defensible.
Intermediate · 2018
Pentesting Azure Applications
Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.