A Security Review of Docker Official Images: Which Do You Trust?

👉 https://blog.aquasec.com/docker-official-images

How to improve your Docker containers security

More: https://blog.gitguardian.com/how-to-improve-your-docker-containers-security-cheat-sheet

Creating Malicious Admission Controllers

👉 https://blog.rewanthtammana.com/creating-malicious-admission-controllers

👋 We’ve updated the Kubernetes instance calculator to include the recent change from the AWS-CNI. EC2 instances can have more pods than before, and that means running pods becomes cheaper.
You can find the calculator here: https://learnk8s.io/kubernetes-instance-calculator

Top Open Source Kubernetes security tools of 2021

Read on https://cloud.redhat.com/blog/top-open-source-kubernetes-security-tools-of-2021

How to secure your Kubernetes control plane and node components

Read more: https://cncf.io/blog/2021/08/20/how-to-secure-your-kubernetes-control-plane-and-node-components

Detect Malicious Behaviour on Kubernetes API Server through gathering Audit Logs by using FluentBit

→ https://falco.org/blog/detect-malicious-behaviour-on-kubernetes-api-server-through-gathering-audit-logs-by-using-fluentbit-part-2

This repository contains various use cases of Kubernetes Network Policies and sample YAML files to leverage in your setup. If you ever wondered how to drop/restrict traffic to applications running on Kubernetes, this is for you

Read on: https://github.com/ahmetb/kubernetes-network-policy-recipes

Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by NSA and CISA

More: https://github.com/armosec/kubescape

Curiefense extends Envoy proxy to defend against a variety of threats, including SQL and command injection, cross site noscripting (XSS), account takeovers (ATOs) and more

Read on https://github.com/curiefense/curiefense

Vault-CRD is a custom resource definition for holding secrets that are stored in HashiCorp Vault and kept up to date with Kubernetes secrets

Read more: https://github.com/DaspawnW/vault-crd

“Another LDAP” provides Authentication and Authorization for your applications running on Kubernetes

👉 https://github.com/dignajar/another-ldap

Peirates, a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster

Read on https://github.com/inguardians/peirates

Quick update!
We’ve updated the Kubernetes troubleshooting flowchart to include translations in Spanish, Mandarin, Korean and Portuguese. Many thanks to @elnemesisdivina @yorchveintemil @usernametoken Marcelo & Hoon Jo! 👏👏👏

You can download the poster here: https://learnk8s.io/troubleshooting-deployments

Kubestriker is a platform-agnostic tool designed to tackle Kubernetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation

→ https://github.com/vchinnipilli/kubestriker

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam

Read on https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist

Kubernetes API Access Security Hardening

👉 https://goteleport.com/blog/kubernetes-api-access-security

Scheduled backup of Vault secrets with Jenkins on Kubernetes

Read more https://igorzhivilo.com/vault/scheduled-backup-vault-secrets

In this article you will learn how to secure Containers with Cosign and Distroless images

Read on: https://infracloud.io/blogs/secure-containers-cosign-distroless-images

Kubernetes Network Policies: a practitioner's guide

More: https://loft.sh/blog/kubernetes-network-policies-a-practitioners-guide

[PDF] Kubernetes Hardening Guidance

👉 https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF