How to secure your Kubernetes control plane and node components
Read more: https://cncf.io/blog/2021/08/20/how-to-secure-your-kubernetes-control-plane-and-node-components
Read more: https://cncf.io/blog/2021/08/20/how-to-secure-your-kubernetes-control-plane-and-node-components
Detect Malicious Behaviour on Kubernetes API Server through gathering Audit Logs by using FluentBit
→ https://falco.org/blog/detect-malicious-behaviour-on-kubernetes-api-server-through-gathering-audit-logs-by-using-fluentbit-part-2
→ https://falco.org/blog/detect-malicious-behaviour-on-kubernetes-api-server-through-gathering-audit-logs-by-using-fluentbit-part-2
This repository contains various use cases of Kubernetes Network Policies and sample YAML files to leverage in your setup. If you ever wondered how to drop/restrict traffic to applications running on Kubernetes, this is for you
Read on: https://github.com/ahmetb/kubernetes-network-policy-recipes
Read on: https://github.com/ahmetb/kubernetes-network-policy-recipes
Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by NSA and CISA
More: https://github.com/armosec/kubescape
More: https://github.com/armosec/kubescape
GitHub
GitHub - kubescape/kubescape: Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters.…
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernet...
Curiefense extends Envoy proxy to defend against a variety of threats, including SQL and command injection, cross site noscripting (XSS), account takeovers (ATOs) and more
Read on https://github.com/curiefense/curiefense
Read on https://github.com/curiefense/curiefense
Vault-CRD is a custom resource definition for holding secrets that are stored in HashiCorp Vault and kept up to date with Kubernetes secrets
Read more: https://github.com/DaspawnW/vault-crd
Read more: https://github.com/DaspawnW/vault-crd
GitHub
GitHub - DaspawnW/vault-crd: Vault CRD for sharing Vault Secrets with Kubernetes
Vault CRD for sharing Vault Secrets with Kubernetes - DaspawnW/vault-crd
“Another LDAP” provides Authentication and Authorization for your applications running on Kubernetes
👉 https://github.com/dignajar/another-ldap
👉 https://github.com/dignajar/another-ldap
Peirates, a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster
Read on https://github.com/inguardians/peirates
Read on https://github.com/inguardians/peirates
Forwarded from Daniele Polencic
Quick update!
We’ve updated the Kubernetes troubleshooting flowchart to include translations in Spanish, Mandarin, Korean and Portuguese. Many thanks to @elnemesisdivina @yorchveintemil @usernametoken Marcelo & Hoon Jo! 👏👏👏
You can download the poster here: https://learnk8s.io/troubleshooting-deployments
We’ve updated the Kubernetes troubleshooting flowchart to include translations in Spanish, Mandarin, Korean and Portuguese. Many thanks to @elnemesisdivina @yorchveintemil @usernametoken Marcelo & Hoon Jo! 👏👏👏
You can download the poster here: https://learnk8s.io/troubleshooting-deployments
Kubestriker is a platform-agnostic tool designed to tackle Kubernetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation
→ https://github.com/vchinnipilli/kubestriker
→ https://github.com/vchinnipilli/kubestriker
GitHub
GitHub - vchinnipilli/kubestriker: A Blazing fast Security Auditing tool for Kubernetes
A Blazing fast Security Auditing tool for Kubernetes - vchinnipilli/kubestriker
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam
Read on https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist
Read on https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist
GitHub
GitHub - walidshaari/Certified-Kubernetes-Security-Specialist: Curated resources help you prepare for the CNCF/Linux Foundation…
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by ra...
Kubernetes API Access Security Hardening
👉 https://goteleport.com/blog/kubernetes-api-access-security
👉 https://goteleport.com/blog/kubernetes-api-access-security
Scheduled backup of Vault secrets with Jenkins on Kubernetes
Read more https://igorzhivilo.com/vault/scheduled-backup-vault-secrets
Read more https://igorzhivilo.com/vault/scheduled-backup-vault-secrets
In this article you will learn how to secure Containers with Cosign and Distroless images
Read on: https://infracloud.io/blogs/secure-containers-cosign-distroless-images
Read on: https://infracloud.io/blogs/secure-containers-cosign-distroless-images
Kubernetes Network Policies: a practitioner's guide
More: https://loft.sh/blog/kubernetes-network-policies-a-practitioners-guide
More: https://loft.sh/blog/kubernetes-network-policies-a-practitioners-guide
www.loft.sh
Kubernetes Network Policies: A Practitioner's Guide
Kubernetes Network Policies Best Practices - this article will talk about security in Kubernetes clusters, traffic incoming and outgoing to/from the cluster, and the traffic within the cluster.
[PDF] Kubernetes Hardening Guidance
👉 https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
👉 https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
A container Security CTF
Read more https://medium.com/@pookiebear/cant-contain-poop-container-security-ctf-e0c2be4b106e
Read more https://medium.com/@pookiebear/cant-contain-poop-container-security-ctf-e0c2be4b106e
Encrypt your Kubernetes Secrets with Mozilla SOPS
More: https://thorsten-hans.com/encrypt-your-kubernetes-secrets-with-mozilla-sops
More: https://thorsten-hans.com/encrypt-your-kubernetes-secrets-with-mozilla-sops
Thorsten-Hans
Encrypt your Kubernetes Secrets with Mozilla SOPS
Do you want to store your Kubernetes secrets in git? Learn how to encrypt and decrypt your secrets with Mozilla SOPS and Azure Key Vault.
Cross-Account container takeover in Azure Container Instances
👉 https://unit42.paloaltonetworks.com/azure-container-instances
👉 https://unit42.paloaltonetworks.com/azure-container-instances
In this post you’ll integrate Kubernetes with Keycloak.
No more sharing KUBECONFIG files and forgetting to export different KUBECONFIG paths!
Read more http://talkingquickly.co.uk/setting-up-oidc-login-kubernetes-kubectl-with-keycloak
No more sharing KUBECONFIG files and forgetting to export different KUBECONFIG paths!
Read more http://talkingquickly.co.uk/setting-up-oidc-login-kubernetes-kubectl-with-keycloak
www.talkingquickly.co.uk
OIDC Login to Kubernetes and Kubectl with Keycloak - talkingquickly
Blog by Ben Dixon, Co-founder of Sona, about startups, elixir, AI, climbing and photography
Kubernetes security & vulnerability scanning tools: checkov, kube-hunter, kube-bench & Starboard
Read more https://aninditabasak.medium.com/a-lap-around-kubernetes-security-vulnerability-scanning-tools-checkov-kube-hunter-kube-bench-4ffda92c4cf1
Read more https://aninditabasak.medium.com/a-lap-around-kubernetes-security-vulnerability-scanning-tools-checkov-kube-hunter-kube-bench-4ffda92c4cf1