Hacking Kubernetes

Hacking Kubernetes is the definitive guide to Kubernetes security, providing both offensive and defensive perspectives on securing cloud-native environments. Authored by ControlPlane CEO Andrew Martin and Michael Hausenblas (AWS), this O’Reilly publication has become the industry standard reference for Kubernetes security professionals.

Drawing on years of experience securing Kubernetes environments for Fortune 500 companies, government agencies, and technology leaders, Hacking Kubernetes provides comprehensive coverage of both offensive and defensive security techniques for Kubernetes environments, combining threat-driven analysis with practical implementation guidance: from comprehensive threat modeling and real-world attack scenarios to Kubernetes-specific penetration testing methodologies, container escape techniques, and cluster privilege escalation attacks.

The book covers critical security domains across the entire Kubernetes stack, from cluster security (API server configuration, RBAC implementation, network policies, and pod security standards) to container security (image vulnerability management, runtime monitoring, isolation techniques, and secure development practices). Readers learn defensive strategies including cluster hardening, defense-in-depth implementation, security monitoring, and incident response for container environments.