We update this section as and when we find articles/blogs/videos related to the content discussed in this book.
Amazon | Manning | YouTube | Slack
- [Video] Securing service-to-service interactions over HTTP, gRPC and Kafka by Nuwan Dias and Kasun Indrasiri
- [Video] Securing service-to-service interactions over HTTP, gRPC and Kafka by Nuwan Dias and Kasun Indrasiri
- [Book] Container Security: Fundamental Technology Concepts that Protect Containerized Applications
- [Documentation] Seccomp security profiles for Docker, and if you are new to seccomp please check this video: Using Seccomp to Limit the Kernel Attack Surface
- This chapter mostly focuses on securing microservices in a Kubernetes deployment, and does not delve deep into a securing a Kubernetes deployment, which is in fact a book on it's own. The book Learn Kubernetes Security, published in July, 2020 carries a wealth of information with respet to securing a Kubernetes deployment.
- Each layer of the Cloud Native security model builds upon the next outermost layer. The Code layer benefits from strong base (Cloud, Cluster, Container) security layers: Overview of Cloud Native Security
- [Video] RBAC tooling
- [Video] Role based access control (RBAC) policies in Kubernetes
- [Video] How Kubernetes Components Communicate Securely in Your Cluster
- [Video] Kubernetes Auth and Access Control
- Kubernetes Auth Special Interest Group
- [Tool] Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition: Krane
- Threat matrix for Kubernetes
- [Video] TGI Kubernetes 132: Sealed Secrets
- [Video] Controlling Access to Your Microservices with Istio Service Mesh by Prabath Siriwardena
- [Video] Securing gRPC Microservices with Istio Service Mesh by Prabath Siriwardena
- [Video] If you'd like to understand what's happening at the Envoy level, please check this one: Overview of Authentication and Authorization Features in Envoy
- All You Need To Know About GitOps
- [Video] TGI Kubernetes 127: GitOps with Steve Wade
- Tekton is a powerful and flexible open-source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems Tekton
- [Video] OAuth 2.0 Internals and Applications by Prabath Siriwardena
- [Video] OpenID Connect Authentication Flows by Prabath Siriwardena
- [Video] OAuth 2 0 Threat Landscape by Prabath Siriwardena
- [Video] OAuth 2.0 with cURL by Prabath Siriwardena
- [Video] OAuth 2.0 Token Introspection by Prabath Siriwardena
- [Video] OAuth 2.0 Token Revocation by Prabath Siriwardena
- [Video] OAuth 2.0 Response Type vs. Grant Type by Prabath Siriwardena
- [Video] Proof Key for Code Exchange by Prabath Siriwardena
- [Book] OAuth 2.0 in Action
- [Video] JSON Web Token Internals and Applications by Prabath Siriwardena
- [Book] The chapters 7 & 8 of the book Advanced API Security: OAuth 2.0 and Beyond by Prabath Siriwardena takes you through the details of JWT.
- [Book] Docker Deep Dive
- [Video] If you are new to containers, these videos will be helpful: What is a Container? and The Benefits of Containers
- [Video] Understanding and Working with the Cgroups Interface
- [Video] Understanding user namespaces
- [Video] Containers unplugged: Linux namespaces
- [Book] The Docker Handbook
- [Video][Tutorial] OPA Policy Authoring
- [Section I.3] Introduction to HTTP/2
- [Section J.2.3] Kubernetes uses itables to route traffic destined to a given service IP address to the corresponding pod. iptables is a user-space program providing a table-based system for defining rules for manipulating and transforming packets using the netfilter framework. This tutorial provides a very good intro to iptables and netfilter architecture: A Deep Dive into Iptables and Netfilter Architecture
- [Section J.4] This provides a comparision between different managed Kubernetes services offered by Google, Amazon, Microsoft, IBM, Digitalocean, Alibaba and so on: Comparison of Kubernetes managed services
- [Section J.18] Here is an excellent article that explains what happens during the creation and deletion of a Pod: Graceful shutdown and zero downtime deployments in Kubernetes
- [Section J.18] kube-proxy operates in three modes to define routes to pods (userspace, iptables and IPVS), This artciles gives a very good caomparision between those three modes: Comparing kube-proxy modes: iptables or IPVS?
- Minimum Viable Kubernetes
- This is an excellent article written by Kevin Sookocheff on the Kubernetes network model: A Guide to the Kubernetes Networking Model
- There is no easy way to see network namespaces, as Kubernetes and Docker don’t register them (“ip netns” won’t work with Kubernetes and Docker). But we can use a few tricks discuss in this article to see, debug, manage and configure POD networking from the host: A Hacker’s Guide to Kubernetes Networking
- Deconstructing Kubernetes Networking
- [Book] This is an execellent resource, which explains fundamental ingredients that help building Kubernetes. The book is not yet released, but you have access to the MEAP edition: Core Kubernetes
- [Video] Intro + Deep Dive: Kubernetes (Network) SIG
- [Video] A Deep Dive into Pod Readiness Gates for Service Health
- [Documentation] Pod Lifecycle
- [Documentation] Sometimes it's necessary to inspect the state of an existing Pod, however, for example to troubleshoot a hard-to-reproduce bug. In these cases you can run an ephemeral container in an existing Pod to inspect its state and run arbitrary commands: Ephemeral Containers
- [Video] The recordings of TGI Kubernetes: Grokking Kubernetes
- [Book] The Kubernetes Handbook
- Kubernetes Podcasts
- Design Considerations at the Edge of the ServiceMesh
- [Video] Talks in depth about the Istio architecture prior to Istio 1.5 (1hr version): Life of a Packet through Istio
- [Video] Talks in depth about the Istio architecture prior to Istio 1.5 (2hr version): Life of a Packet through Istio
- [Book] The current edition of the book Istio Up & Running is mostlly applicable to < Istio 1.5: Istio Up & Running
- [Book] This book is only half-way completed by now. You have access to the MEAP edition: Istio in Action. This video is based out of chapter 04 of the book: Istio Ingress Gateway
- [Video] Practical Istio
- [Video] Envoy is at the heart of the Istio service mesh. Envoy has a L3/L4 and L7 filter architecture. This talks you through the Envoy architecture: Envoy Internals Deep Dive, and here is a very good intro to Envoy: Intro: Envoy