// Comparison

Kubernetes Security vs Kubernetes Security and Observability: Which Should You Read?

Two cybersecurity books on Cloud, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

4/52018

Liz Rice, Michael Hausenblas

Liz Rice and Michael Hausenblas's freely-available O'Reilly short on the Kubernetes-specific security model: API server, RBAC, network policy, secrets, and the typical hardening steps that move a cluster from default to defensible.

Advanced

3/52021

Kubernetes Security and Observability

A Holistic Approach to Securing Containers and Cloud-Native Applications

Brendan Creane, Amit Gupta

Brendan Creane and Amit Gupta's combined treatment of Kubernetes security and observability — RBAC, network policy, runtime detection, and the telemetry needed to make any of it operationally real.

Read this if

Engineers spinning up their first production cluster who need the 99-page distillation of what to do before the first incident. The freely available PDF makes it the obvious 'send to the team' reference for Kubernetes hardening basics.

Platform engineers and SRE-security hybrids running production Kubernetes who want a single reference for the security-and-observability boundary. Strongest on the network-policy and runtime-detection sections, where most teams are weakest in practice.

Skip this if

Readers needing depth on runtime detection, supply-chain integrity, multi-cluster identity, or service-mesh security; the book is deliberately a primer, not a comprehensive reference. By 2026 Pod Security Admission, Gateway API, and signed-image standards have moved past the book's coverage.

Readers wanting depth on Kubernetes architecture itself, multi-tenancy patterns, or supply-chain (SLSA, signed images) detail. Also somewhat Calico-flavored — the authors are from Tigera — which is fine if you know to read past the marketing.

Key takeaways

The Kubernetes security model is API-server-centric — most attacks are RBAC and network-policy failures, and the book makes this its spine.
Default-deny network policy is the highest-leverage hardening step in any cluster, and the book's framing of why is the most quotable in print.
Treat it as the on-ramp — once you have the basics, graduate to Kubernetes Security and Observability (Creane / Gupta) and current CNCF guidance.

Security without observability is unfalsifiable; the book's central argument is that they are one workstream, not two.
Network policy is operationally hard, not conceptually hard — the chapters on rolling out default-deny in production are the most useful.
Runtime detection is necessary because admission controllers cannot catch everything; the book treats the trade-off honestly.

How they compare

We rate Kubernetes Security higher (4/5 against 3/5 for Kubernetes Security and Observability). For most readers, that means Kubernetes Security is the primary pick and Kubernetes Security and Observability is a useful follow-up.

Kubernetes Security is pitched at intermediate level. Kubernetes Security and Observability is pitched at advanced level. Read the easier one first if you're not yet comfortable with the topic.

Kubernetes Security and Kubernetes Security and Observability both cover Cloud, Containers, so reading them in sequence reinforces the same material from different angles.

Keep reading

Kubernetes Security

→ Alternatives to Kubernetes Security → What to read after Kubernetes Security