Suspicious pods is a very simple tool, which does a very simple task: print a list of pods in your Kubernetes cluster that might not be working correctly, along with a reason on why that pod is considered suspicious
Read more: https://github.com/edrevo/suspicious-pods
Read more: https://github.com/edrevo/suspicious-pods
GitHub
GitHub - edrevo/suspicious-pods: Prints a list of k8s pods that might not be working correctly
Prints a list of k8s pods that might not be working correctly - edrevo/suspicious-pods
Kubernetes External Secrets allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes.
Read on: https://github.com/external-secrets/kubernetes-external-secrets
Read on: https://github.com/external-secrets/kubernetes-external-secrets
secrets-manager reads the secrets from Vault and compares them to Kubernetes secrets creating and updating them as needed
More https://github.com/tuenti/secrets-manager
More https://github.com/tuenti/secrets-manager
GitHub
GitHub - tuenti/secrets-manager: A daemon to sync Vault secrets to Kubernetes secrets
A daemon to sync Vault secrets to Kubernetes secrets - tuenti/secrets-manager
The right way to authenticate to your clusters from your CI/CD pipelines
More: https://tremolosecurity.com/post/pipelines-and-kubernetes-authentication
More: https://tremolosecurity.com/post/pipelines-and-kubernetes-authentication
NetworkPolicy Editor: Create, Visualize, and Share Kubernetes NetworkPolicies
More: https://editor.cilium.io/
More: https://editor.cilium.io/
editor.networkpolicy.io
Network Policy Editor for Kubernetes
editor.networkpolicy.io makes it easy to build, visualize, and make sense of Network Policies, which can then be downloaded as YAML and run in any Kubernetes cluster with a Network Policy-aware CNI.
Analysing Kubernetes audit logs using Falco
Read on: https://github.com/developer-guy/falco-analyze-audit-log-from-k3s-cluster
Read on: https://github.com/developer-guy/falco-analyze-audit-log-from-k3s-cluster
In this guide, we are going to demonstrate what OPA Gatekeeper and Kyverno are, what are the differences between them and how we can set up and use them in the Kubernetes cluster by doing hands-on demo
Read on: https://github.com/developer-guy/policy-as-code-war
Read on: https://github.com/developer-guy/policy-as-code-war
In this article you'll break the cluster, delete certificates and rejoin the nodes without causing any downtime.
More: https://itnext.io/breaking-down-and-fixing-kubernetes-4df2f22f87c3
More: https://itnext.io/breaking-down-and-fixing-kubernetes-4df2f22f87c3
Kubolt is simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers
Read more https://github.com/averonesis/kubolt
Read more https://github.com/averonesis/kubolt
GitHub
GitHub - averonesis/kubolt: Kubolt utility for scanning public kubernetes clusters
Kubolt utility for scanning public kubernetes clusters - averonesis/kubolt
Attacking Kubernetes clusters using the Kubelet API
Read on: https://medium.com/faun/attacking-kubernetes-clusters-using-the-kubelet-api-abafc36126ca
Read on: https://medium.com/faun/attacking-kubernetes-clusters-using-the-kubelet-api-abafc36126ca
Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno
Read on: https://neonmirrors.net/post/2021-02/kubernetes-policy-comparison-opa-gatekeeper-vs-kyverno
Read on: https://neonmirrors.net/post/2021-02/kubernetes-policy-comparison-opa-gatekeeper-vs-kyverno
This post describes how to improve cert-manager self-check speed, by pointing the cluster to Google nameservers, and disabling DNS caching
→ https://usepine.com/blog/en/improving-cert-manager-self-check-speed-when-issuing-certificates
→ https://usepine.com/blog/en/improving-cert-manager-self-check-speed-when-issuing-certificates
In this tutorial you'll learn how to how to integrate Kubernetes with Dex + LDAP
More https://brightzheng100.medium.com/kubernetes-dex-ldap-integration-f305292a16b9
More https://brightzheng100.medium.com/kubernetes-dex-ldap-integration-f305292a16b9
In this tutorial, you'll learn how to run Linkerd and Cilium together and how to use Cilium to apply L3 and L4 network policies to a cluster running Linkerd
👉 https://buoyant.io/2020/12/23/kubernetes-network-policies-with-cilium-and-linkerd
👉 https://buoyant.io/2020/12/23/kubernetes-network-policies-with-cilium-and-linkerd
buoyant.io
Kubernetes network policies with Cilium and Linkerd
Applying L4 network policies with a service mesh. In this tutorial, you’ll learn how to run Linkerd and Cilium together and how to use Cilium to apply L3 and L4 network policies to a cluster running Linkerd. Linkerd is an ultralight, open source service mesh.…
Lockbox is a secure way to store Kubernetes Secrets offline. Secrets are asymmetrically encrypted, and can only be decrypted by the Lockbox Kubernetes controller
Read on: https://github.com/cloudflare/lockbox
Read on: https://github.com/cloudflare/lockbox
GitHub
GitHub - cloudflare/lockbox: Offline encryption of Kubernetes Secrets
Offline encryption of Kubernetes Secrets. Contribute to cloudflare/lockbox development by creating an account on GitHub.
Secrets injection at runtime from external Vault into Kubernetes
More https://itnext.io/secrets-injection-from-external-vault-into-kubernetes-poc-83a52c8cf5cb?source=friends_link
More https://itnext.io/secrets-injection-from-external-vault-into-kubernetes-poc-83a52c8cf5cb?source=friends_link
Medium
Secrets injection at runtime from external Vault into Kubernetes — POC
When you work in a multi cloud environment, you can't always use AWS secrets manager for storing all your secrets. Hashicorp Vault is an…
Kubernetes Single Sign On - A detailed guide in 9 parts
Read more: http://talkingquickly.co.uk/kubernetes-sso-a-detailed-guide
Read more: http://talkingquickly.co.uk/kubernetes-sso-a-detailed-guide
www.talkingquickly.co.uk
Kubernetes Single Sign On - A detailed guide
Blog by Ben Dixon, Ruby on Rails Developer, about rails, kubernetes, docker, climbing and startups
Choosing the right policy-as-code solution for your Kubernetes cluster:
- OPA
- Gatekeeper
- Kyverno
- k-rail
- MagTape
More: https://aws.amazon.com/blogs/containers/policy-based-countermeasures-for-kubernetes-part-1
- OPA
- Gatekeeper
- Kyverno
- k-rail
- MagTape
More: https://aws.amazon.com/blogs/containers/policy-based-countermeasures-for-kubernetes-part-1
How monero miners target and exploit cloud native dev environments
Read more: https://blog.aquasec.com/monero-miners-target-bitbucket-dockerhub
Read more: https://blog.aquasec.com/monero-miners-target-bitbucket-dockerhub
In this article you will learn how to protect Secrets in your Kubernetes cluster
More https://cncf.io/blog/2021/04/22/revealing-the-secrets-of-kubernetes-secrets
More https://cncf.io/blog/2021/04/22/revealing-the-secrets-of-kubernetes-secrets
CNCF
Revealing the secrets of Kubernetes secrets
Guest post by Ben Hirschberg, VP R&D and Co-Founder of ARMO Can you keep a secret? Hope so, because in this blog, I reveal the secrets of Kubernetes secrets. First, I dive into the mechanics of…