reading_list.md

Reading List

This is a list of more in-depth articles than can be worth reading to get a better understanding of some of the underlying technologies used by Containers and how things like Kubernetes work.

Container History

• Brief Container History
• Series of posts from 2013 on the history of container engines leading up to Docker
  • part one
  • part two
  • part three

Docker Networking

• Post on Linux Bridging
• Posts on Docker MACVLAN
  • part one
  • part two

Container Storage and Volumes

• Post detailing how Docker union Filesystems and storage drivers work
• Post on union file systems
• Post with some opinions on the available Docker storage graphdrivers

Container Fundamentals

• Understanding and Hardening Linux Containers - Whitepaper that goes into detail about container fundamental security.

• Series of posts from Ian Lewis on Container runtimes

  • part one
  • part two
  • part three
  • part four

• Start of a good series of posts on LWN about Namespaces

• Good Series of Articles on Namespaces

  • part one
  • part two
  • part three
  • part four

• Post specifically focusing on the PID namespace and it's relation to containers

• Post from Jessie Frazelle about non-namespaces resources in Linux

• Good series of posts on capabilities from siphos

  • part one
  • part two
  • part three
  • part four
  • part five

• This post goes into the slightly obscure topic of "ambient capabilities"

• Post from spender of grsecurity. Talks about privesc possibilities from certain capabilities

• Post which isn't just on capabilities. It goes into the idea of building your own containers, and as part of that, covers capabilities

• Post about LXC and capabilities

• Post detailing how Docker uses cgroups

• Abusing Privileged and Unprivileged Linux Containers whitepaper on container breakout techniques, including focus on NET_RAW.

Docker Security

• Post on Docker Authorization plugins

Docker Swarm

• Docker Swarm Certificate management

runc

• Post on how to use runc directly

Kubernetes - General

• Post that goes into a lot of detail of how Kubernetes works to create a deployment
• Post on What a Kubernetes Pod is
• Post on the pause container

Kubernetes Networking

• Good set of posts on Container networking setup

  • part one
  • part two

• Post on implementing your own CNI plugin in Bash

• Post on how to implement a replacement for kube-proxy

• Post on how Kubernetes service traffic direction is done

Kubernetes Security

• Playlist of Kubernetes pentesting/security videos
• Post on creating reverse shells from Docker and Kubernetes
• Post on getting reverse shells on every node in a cluster

Books

• Free Container Security book from Aqua
• Free Kubernetes Security book from Aqua
• Free Kubernetes Up and Running from VMWare
• Docker in Practice
• Kubernetes in Action