Container and Kubernetes Security
Section focus: Container and Kubernetes Security.
Best use: start with the section map below, then move into the deeper pages that match your role or stack.
Design note: this index was refreshed to act as a cleaner GitBook landing page instead of a plain directory listing.
Start with these pages
| Page | Why open it first |
|---|---|
| ๐ณ Dockerfile Security Best Practices | High-value page inside Container and Kubernetes Security. |
| ๐ณ Docker Top 10 Misconfigurations | High-value page inside Container and Kubernetes Security. |
| โธ๏ธ Kubernetes Security Baseline | High-value page inside Container and Kubernetes Security. |
| โธ๏ธ Kubernetes Top 10 Misconfigurations | High-value page inside Container and Kubernetes Security. |
| Network Policy Patterns | High-value page inside Container and Kubernetes Security. |
| ๐ฅ Kubernetes RBAC and ABAC | High-value page inside Container and Kubernetes Security. |
| ๐ Kubernetes API Access Hardening | High-value page inside Container and Kubernetes Security. |
| โธ๏ธ Kubernetes Review Map โ CKS Domains and Modern Attack Paths | Best next step when you want a curated review structure and modern attack-path shortlist. |
| ๐ OPA and Policy Enforcement | High-value page inside Container and Kubernetes Security. |
| โธ๏ธ Container / Kubernetes / Platform Security โ Images, Admission, RBAC, Pod Hardening, Isolation, and GitOps / Deployment Plane | High-value page inside Container and Kubernetes Security. |
| ๐งฑ Container Isolation โ seccomp, SELinux, AppArmor, Capabilities, gVisor, and Namespaces | High-value page inside Container and Kubernetes Security. |
| โธ๏ธ Istio / Linkerd mTLS Operations and Certificate Rotation | High-value page for mesh certificate ownership, rotation, and production pitfalls. |
| ๐ Kubernetes Security Glossary and Term Map | Best when the main glossary feels too broad and you need cloud-native terms in one place. |
Related sections
Intro: This section stays centered on the control surfaces that repeatedly shape cloud-native risk: Dockerfile design, pod security, RBAC, network segmentation, policy enforcement, and runtime investigation.
What this page includes
- Docker and Kubernetes baselines
- top misconfigurations
- a CKS-aligned review map translated into real platform control ownership and modern attack paths;
- RBAC / ABAC
- cross-links into new runtime, identity, and attack-chain expansions
โธ๏ธ Core pages in this section
- ๐ณ Dockerfile Security Best Practices
- ๐ณ Docker Top 10 Misconfigurations
- โธ๏ธ Kubernetes Security Baseline
- โธ๏ธ Kubernetes Top 10 Misconfigurations
- Network Policy Patterns
- ๐ฅ Kubernetes RBAC and ABAC
- ๐ Kubernetes API Access Hardening
- ๐ OPA and Policy Enforcement
- ๐ค OPA / Gatekeeper Mock Interview Pack
- ๐งฉ Kyverno Deep Pages
- ๐งญ Runtime Investigation Playbook for Kubernetes and Containers
- ๐ก๏ธ Trusted Images, Harbor, and Signing
- ๐งฑ Kubernetes Hardening
- ๐งฐ Kubernetes Security Tooling Map and Standards
- ๐งฑ StackRox Kubernetes Security Platform Guide
- ๐ณโธ๏ธ Implementing DevSecOps with Docker and Kubernetes โ Modernization Map
- ๐ณ AppArmor and Seccomp for Docker
- ๐๏ธ Kubernetes Risks and Measures Catalog
- โธ๏ธ Kubernetes Review Map โ CKS Domains and Modern Attack Paths
Cross-links
- ๐ก๏ธ Security as Policy for Terraform and Infrastructure as Code
- Runner Isolation and Trust Boundaries
- ๐จ Detection and Response
- ๐ชช Identity and Platform Access
Snippets
- Runtime Investigation Command Pack
- Namespace PSS labels and Kyverno starter
- StackRox install and CI snippets
- Advanced pod hardening starter
Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.