Kubelogin is a kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login)
Read more https://github.com/int128/kubelogin

Cloud Secret Resolvers is a set of tools to help your applications (on Kubernetes) to retrieve any credentials from cloud managed vaults without the needed to write additional boilerplate code in your applications
Read more https://github.com/kubeopsskills/cloud-secret-resolvers

aws-auth-manager is a kuberneres controller to manage the aws-auth configmap in EKS using a new AWSAuthItem CRD.
Read more https://github.com/maruina/aws-auth-manager

This operator allows you to define "Dynamic" RBAC rules that change based on the state of your cluster, so you can spend your time writing the RBAC patterns that you'd like to deploy, rather than traditional, fully enumerated RBAC rules
Read more https://github.com/redhat-cop/dynamic-rbac-operator

In this article you’ll learn how an attacker with access to a Kubernetes cluster can escape from a container and:
1. run a pod to gain root privileges
2. escape to the host
3. persist the attack with invisible pods and fileless executions
Read more https://isovalent.com/blog/post/2021-11-container-escape

Getting rid of passwords (or connection strings) while accessing Azure services and instead making use of Managed Identities is a way to increase the security of your workloads.
Learn how to use Managed Identities in this article.
Read more https://itnext.io/secure-azure-cosmos-db-access-by-using-azure-managed-identities-55f9fdf48fda

Learnk8s and NGINX are launching a month-long, free educational program on Kubernetes networking.

The course is divided into four parts:

- Unit 1: Architecting Kubernetes clusters for high-traffic websites (the 7th of March)
- Unit 2: Exposing APIs in Kubernetes (the 14th of March)
- Unit 3: Microservices Security Patterns (the 21st of March)
- Unit 4: Advanced Kubernetes Deployment Strategies (the 28th of March)

Each part has:

- A live webinar (Chris, Salman & Andrea will present those). The event is recorded, and you can catch up later too.
- A self-paced lab for experimenting with Kubernetes technologies. Nginx will provide interactive labs via Instruqt.
- A step-by-step tutorial where you can try everything on your computer too (and maybe copy and reuse the code).
- Extra links and resources to help you understand and dig deeper into the subjects.

You can read the full agenda here: https://www.nginx.com/c/microservices-march-2022-kubernetes-networking-agenda/

Why am I able to bind a privileged port in my container without the NET_BIND_SERVICE capability?
Read more https://medium.com/@olivier.gaumond/why-am-i-able-to-bind-a-privileged-port-in-my-container-without-the-net-bind-service-capability-60972a4d5496

In this article you will learn how to detect anomalies in your cluster using Kubernetes Audit logs and Anomalies Detection Engineering
Read more https://research.nccgroup.com/2021/11/10/detection-engineering-for-kubernetes-clusters

In this tutorial, we present three tools to validate and secure your Kubernetes deployments:
1. Kubeval
2. Kubeconform
3. Kubescore
Read more https://semaphoreci.com/blog/kubernetes-deployments

Container security best practices a comprehensive guide
Read more https://sysdig.com/blog/container-security-best-practices

ElastAlert 2 is a standalone software tool for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch and OpenSearch.

ElastAlert 2 is backwards compatible with the original ElastAlert rules.
Read more https://github.com/jertel/elastalert2

How do you restrict network traffic between namespaces in a Kubernetes cluster? In this guide, you'll learn how to prevent traffic between namespaces using Linkerd's traffic policies.
Read more https://buoyant.io/2021/12/14/locking-down-network-traffic-between-kubernetes-namespaces

NCC Group has found many attack paths through different security assessments that could have led to a compromised CI/CD pipeline in enterprises large and small.
In this post they will share 10 real-world stories.
Read more https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines

Netshoot is a Docker + Kubernetes network troubleshooting swiss-army container.
Read more https://github.com/nicolaka/netshoot

Pinniped is the easy, secure way to log in to your Kubernetes clusters.

Pinniped provides identity services to Kubernetes.
Read more https://github.com/vmware-tanzu/pinniped

In this article, you will learn how to enable IAM users and roles access on Amazon EKS.



Read more https://medium.com/@radha.sable25/enabling-iam-users-roles-access-on-amazon-eks-cluster-f69b485c674f

After reading this article, you will learn:

- How not to run pods as root.
- How to use immutable root fs (lock the root filesystem).
- How to do Docker image scan locally and with your CI pipelines.
- How to use PSP.

Read more https://blog.gitguardian.com/kubernetes-tutorial-part-1-pods

In this repository, you will find a curated list of awesome Kubernetes security resources.

Read more https://github.com/ksoclabs/awesome-kubernetes-security

This article discusses two Open Source tools for auditing cluster security: kube-bench and kube-hunter.

Read more https://blog.flant.com/kubernetes-security-with-kube-bench-and-kube-hunter

Kubernetes 1.23 includes security features to enhance cluster security:

- Support for ephemeral containers
- HostProcess containers for Windows
- PodSecurity admission controller

And more.

Read more https://blog.aquasec.com/kubernetes-version-1.23-security-features