In a live evocation of the recent O'Reilly title Hacking Kubernetes (Martin, Hausenblas, 2021), this ultimate guide to threat-driven Kubernetes defence threat models and details how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to attack and defend against a range of historical and current CVEs, misconfigurations, and advanced threats: See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation. Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers. Delve into workload identity and advanced runtime hardening. Consider the trust boundaries in soft- and hard-multitenant systems to appraise and limit the effects of compromise. Learn to navigate the choppy waters of advanced Kubernetes security.