In this article you will learn how to secure Containers with Cosign and Distroless images
Read on: https://infracloud.io/blogs/secure-containers-cosign-distroless-images
Read on: https://infracloud.io/blogs/secure-containers-cosign-distroless-images
Kubernetes Network Policies: a practitioner's guide
More: https://loft.sh/blog/kubernetes-network-policies-a-practitioners-guide
More: https://loft.sh/blog/kubernetes-network-policies-a-practitioners-guide
www.loft.sh
Kubernetes Network Policies: A Practitioner's Guide
Kubernetes Network Policies Best Practices - this article will talk about security in Kubernetes clusters, traffic incoming and outgoing to/from the cluster, and the traffic within the cluster.
[PDF] Kubernetes Hardening Guidance
👉 https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
👉 https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
A container Security CTF
Read more https://medium.com/@pookiebear/cant-contain-poop-container-security-ctf-e0c2be4b106e
Read more https://medium.com/@pookiebear/cant-contain-poop-container-security-ctf-e0c2be4b106e
Encrypt your Kubernetes Secrets with Mozilla SOPS
More: https://thorsten-hans.com/encrypt-your-kubernetes-secrets-with-mozilla-sops
More: https://thorsten-hans.com/encrypt-your-kubernetes-secrets-with-mozilla-sops
Thorsten-Hans
Encrypt your Kubernetes Secrets with Mozilla SOPS
Do you want to store your Kubernetes secrets in git? Learn how to encrypt and decrypt your secrets with Mozilla SOPS and Azure Key Vault.
Cross-Account container takeover in Azure Container Instances
👉 https://unit42.paloaltonetworks.com/azure-container-instances
👉 https://unit42.paloaltonetworks.com/azure-container-instances
In this post you’ll integrate Kubernetes with Keycloak.
No more sharing KUBECONFIG files and forgetting to export different KUBECONFIG paths!
Read more http://talkingquickly.co.uk/setting-up-oidc-login-kubernetes-kubectl-with-keycloak
No more sharing KUBECONFIG files and forgetting to export different KUBECONFIG paths!
Read more http://talkingquickly.co.uk/setting-up-oidc-login-kubernetes-kubectl-with-keycloak
www.talkingquickly.co.uk
OIDC Login to Kubernetes and Kubectl with Keycloak - talkingquickly
Blog by Ben Dixon, Co-founder of Sona, about startups, elixir, AI, climbing and photography
Kubernetes security & vulnerability scanning tools: checkov, kube-hunter, kube-bench & Starboard
Read more https://aninditabasak.medium.com/a-lap-around-kubernetes-security-vulnerability-scanning-tools-checkov-kube-hunter-kube-bench-4ffda92c4cf1
Read more https://aninditabasak.medium.com/a-lap-around-kubernetes-security-vulnerability-scanning-tools-checkov-kube-hunter-kube-bench-4ffda92c4cf1
Comparing popular Kubernetes security and compliance frameworks, how they differ, when to use, common goals, and suggested tools
Read more https://armosec.io/blog/kubernetes-security-frameworks-and-guidance
Read more https://armosec.io/blog/kubernetes-security-frameworks-and-guidance
Explore how Kubernetes dashboard can be exploited to gain access to a Kubernetes cluster
Read more https://blog.aquasec.com/kubernetes-ui-tools-security-threat
Read more https://blog.aquasec.com/kubernetes-ui-tools-security-threat
Database security best practices on Kubernetes
Read more https://blog.crunchydata.com/blog/multifactor-sso-authentication-for-postgres-on-kubernetes
Read more https://blog.crunchydata.com/blog/multifactor-sso-authentication-for-postgres-on-kubernetes
Crunchy Data
Multifactor SSO Authentication for Postgres on Kubernetes
A how-to guide to create a multi-factor (MFA) single-sign on (SSO) authentication system for PostgreSQL on Kubernetes using certificates and passwords.
This article explains how to deploy Keycloak with Infinispan, the in-memory data store for caching user metadata, on a Kubernetes cluster
Read more https://blog.flant.com/ha-keycloak-infinispan-kubernetes
Read more https://blog.flant.com/ha-keycloak-infinispan-kubernetes
Guidelines for hardening your kubernetes cluster
Read more https://blog.gitguardian.com/hardening-your-k8s-pt-2
Read more https://blog.gitguardian.com/hardening-your-k8s-pt-2
GitGuardian Blog - Take Control of Your Secrets Security
Hardening Your Kubernetes Cluster - Guidelines - GitGuardian blog
In this second episode, we will go through the NSA/CISA security recommendations and explain every piece of the guidelines.
Forwarded from LearnKube news
Learn Kubernetes on the 20th of January!
Learnk8s is running the first 4-day Advanced Kubernetes course of 2022 next week.
If you're looking to get your hands dirty with Kubernetes, join us for a session packed with labs and demos!
Sign up here: https://learnk8s.io/training
Learnk8s is running the first 4-day Advanced Kubernetes course of 2022 next week.
If you're looking to get your hands dirty with Kubernetes, join us for a session packed with labs and demos!
Sign up here: https://learnk8s.io/training
An overview of Fulcio — a community-driven code signing Certificate Authority.
Read more https://chainguard.dev/posts/2021-11-12-fulcio-deep-dive
Read more https://chainguard.dev/posts/2021-11-12-fulcio-deep-dive
Forwarded from LearnKube news
How do packets flow inside and outside a Kubernetes cluster?
In this article, you will learn to trace the traffic in your cluster, starting from the initial web request and down to the container hosting the application.
You will learn:
1. How containers in the same pod behave as if they are on the same host.
2. How pods reach other pods in the cluster.
3. How pods reach Services and how Services load balance requests.
https://learnk8s.io/kubernetes-network-packets
In this article, you will learn to trace the traffic in your cluster, starting from the initial web request and down to the container hosting the application.
You will learn:
1. How containers in the same pod behave as if they are on the same host.
2. How pods reach other pods in the cluster.
3. How pods reach Services and how Services load balance requests.
https://learnk8s.io/kubernetes-network-packets
Securing LDAP with TLS certificates using ClusterIssuer in Tanzu Kubernetes Grid
Read more https://cormachogan.com/2021/11/24/securing-ldap-with-tls-certificates-in-tkg-v1-4
Read more https://cormachogan.com/2021/11/24/securing-ldap-with-tls-certificates-in-tkg-v1-4
CormacHogan.com
Securing LDAP with TLS certificates using ClusterIssuer in TKG v1.4 - CormacHogan.com
In this post, I will look at how to secure LDAP communication using TLS certificates with Dex and Pinniped.
How to Secure Your Kubernetes Cluster with OpenID Connect and RBAC
Read more https://dev.to/oktadev/how-to-secure-your-kubernetes-cluster-with-openid-connect-and-rbac-5hic
Read more https://dev.to/oktadev/how-to-secure-your-kubernetes-cluster-with-openid-connect-and-rbac-5hic
Forwarded from Kube Careers
What's the average salary for a Kubernetes engineer?
Do you need a Kubernetes certification to apply for a job?
What technologies and cloud providers are often used with Kubernetes?
We analyzed 276 Kubernetes jobs from 2021 and found that:
- If you know AWS and Python, the world is your oyster.
- CKA is the top Kubernetes certification. But only a few employers require one.
- Jenkins is more alive than ever. Gitlab CI/CD is a very distant second.
- Prometheus is synonymous with monitoring. No one comes close.
You can read the full report here: https://kube.careers/report-2021-q4
Do you need a Kubernetes certification to apply for a job?
What technologies and cloud providers are often used with Kubernetes?
We analyzed 276 Kubernetes jobs from 2021 and found that:
- If you know AWS and Python, the world is your oyster.
- CKA is the top Kubernetes certification. But only a few employers require one.
- Jenkins is more alive than ever. Gitlab CI/CD is a very distant second.
- Prometheus is synonymous with monitoring. No one comes close.
You can read the full report here: https://kube.careers/report-2021-q4
Kubeletmein is a simple penetration testing tool which takes advantage of public cloud provider approaches to providing kubelet credentials to nodes in order to gain privileged access to the k8s API
Read more https://github.com/4ARMED/kubeletmein
Read more https://github.com/4ARMED/kubeletmein
GitHub
GitHub - 4ARMED/kubeletmein: Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers.
Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers. - 4ARMED/kubeletmein
Cosign keyless Kubernetes admission webhook is a Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
Read more https://github.com/appvia/cosign-keyless-admission-webhook
Read more https://github.com/appvia/cosign-keyless-admission-webhook
GitHub
GitHub - appvia/cosign-keyless-admission-webhook: Kubernetes admission webhook that uses cosign verify to check the subject and…
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect - GitHub - appvia/cosign-keyless-admission-webhook: Kubernetes admission we...