NetworkPolicy Editor: Create, Visualize, and Share Kubernetes NetworkPolicies
More: https://editor.cilium.io/
More: https://editor.cilium.io/
editor.networkpolicy.io
Network Policy Editor for Kubernetes
editor.networkpolicy.io makes it easy to build, visualize, and make sense of Network Policies, which can then be downloaded as YAML and run in any Kubernetes cluster with a Network Policy-aware CNI.
Analysing Kubernetes audit logs using Falco
Read on: https://github.com/developer-guy/falco-analyze-audit-log-from-k3s-cluster
Read on: https://github.com/developer-guy/falco-analyze-audit-log-from-k3s-cluster
In this guide, we are going to demonstrate what OPA Gatekeeper and Kyverno are, what are the differences between them and how we can set up and use them in the Kubernetes cluster by doing hands-on demo
Read on: https://github.com/developer-guy/policy-as-code-war
Read on: https://github.com/developer-guy/policy-as-code-war
In this article you'll break the cluster, delete certificates and rejoin the nodes without causing any downtime.
More: https://itnext.io/breaking-down-and-fixing-kubernetes-4df2f22f87c3
More: https://itnext.io/breaking-down-and-fixing-kubernetes-4df2f22f87c3
Kubolt is simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers
Read more https://github.com/averonesis/kubolt
Read more https://github.com/averonesis/kubolt
GitHub
GitHub - averonesis/kubolt: Kubolt utility for scanning public kubernetes clusters
Kubolt utility for scanning public kubernetes clusters - averonesis/kubolt
Attacking Kubernetes clusters using the Kubelet API
Read on: https://medium.com/faun/attacking-kubernetes-clusters-using-the-kubelet-api-abafc36126ca
Read on: https://medium.com/faun/attacking-kubernetes-clusters-using-the-kubelet-api-abafc36126ca
Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno
Read on: https://neonmirrors.net/post/2021-02/kubernetes-policy-comparison-opa-gatekeeper-vs-kyverno
Read on: https://neonmirrors.net/post/2021-02/kubernetes-policy-comparison-opa-gatekeeper-vs-kyverno
This post describes how to improve cert-manager self-check speed, by pointing the cluster to Google nameservers, and disabling DNS caching
→ https://usepine.com/blog/en/improving-cert-manager-self-check-speed-when-issuing-certificates
→ https://usepine.com/blog/en/improving-cert-manager-self-check-speed-when-issuing-certificates
In this tutorial you'll learn how to how to integrate Kubernetes with Dex + LDAP
More https://brightzheng100.medium.com/kubernetes-dex-ldap-integration-f305292a16b9
More https://brightzheng100.medium.com/kubernetes-dex-ldap-integration-f305292a16b9
In this tutorial, you'll learn how to run Linkerd and Cilium together and how to use Cilium to apply L3 and L4 network policies to a cluster running Linkerd
👉 https://buoyant.io/2020/12/23/kubernetes-network-policies-with-cilium-and-linkerd
👉 https://buoyant.io/2020/12/23/kubernetes-network-policies-with-cilium-and-linkerd
buoyant.io
Kubernetes network policies with Cilium and Linkerd
Applying L4 network policies with a service mesh. In this tutorial, you’ll learn how to run Linkerd and Cilium together and how to use Cilium to apply L3 and L4 network policies to a cluster running Linkerd. Linkerd is an ultralight, open source service mesh.…
Lockbox is a secure way to store Kubernetes Secrets offline. Secrets are asymmetrically encrypted, and can only be decrypted by the Lockbox Kubernetes controller
Read on: https://github.com/cloudflare/lockbox
Read on: https://github.com/cloudflare/lockbox
GitHub
GitHub - cloudflare/lockbox: Offline encryption of Kubernetes Secrets
Offline encryption of Kubernetes Secrets. Contribute to cloudflare/lockbox development by creating an account on GitHub.
Secrets injection at runtime from external Vault into Kubernetes
More https://itnext.io/secrets-injection-from-external-vault-into-kubernetes-poc-83a52c8cf5cb?source=friends_link
More https://itnext.io/secrets-injection-from-external-vault-into-kubernetes-poc-83a52c8cf5cb?source=friends_link
Medium
Secrets injection at runtime from external Vault into Kubernetes — POC
When you work in a multi cloud environment, you can't always use AWS secrets manager for storing all your secrets. Hashicorp Vault is an…
Kubernetes Single Sign On - A detailed guide in 9 parts
Read more: http://talkingquickly.co.uk/kubernetes-sso-a-detailed-guide
Read more: http://talkingquickly.co.uk/kubernetes-sso-a-detailed-guide
www.talkingquickly.co.uk
Kubernetes Single Sign On - A detailed guide
Blog by Ben Dixon, Ruby on Rails Developer, about rails, kubernetes, docker, climbing and startups
Choosing the right policy-as-code solution for your Kubernetes cluster:
- OPA
- Gatekeeper
- Kyverno
- k-rail
- MagTape
More: https://aws.amazon.com/blogs/containers/policy-based-countermeasures-for-kubernetes-part-1
- OPA
- Gatekeeper
- Kyverno
- k-rail
- MagTape
More: https://aws.amazon.com/blogs/containers/policy-based-countermeasures-for-kubernetes-part-1
How monero miners target and exploit cloud native dev environments
Read more: https://blog.aquasec.com/monero-miners-target-bitbucket-dockerhub
Read more: https://blog.aquasec.com/monero-miners-target-bitbucket-dockerhub
In this article you will learn how to protect Secrets in your Kubernetes cluster
More https://cncf.io/blog/2021/04/22/revealing-the-secrets-of-kubernetes-secrets
More https://cncf.io/blog/2021/04/22/revealing-the-secrets-of-kubernetes-secrets
CNCF
Revealing the secrets of Kubernetes secrets
Guest post by Ben Hirschberg, VP R&D and Co-Founder of ARMO Can you keep a secret? Hope so, because in this blog, I reveal the secrets of Kubernetes secrets. First, I dive into the mechanics of…
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project
More: https://github.com/cyberark/kubesploit
More: https://github.com/cyberark/kubesploit
GitHub
GitHub - cyberark/kubesploit: Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written…
Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments. - cyberark/kubesploit
In this article you will learn what can be done to make a Kubernetes-based environment comply with the PCI DSS
Read more https://elastisys.com/pci-dss-compliance-in-kubernetes-based-platforms
Read more https://elastisys.com/pci-dss-compliance-in-kubernetes-based-platforms
elastisys
PCI DSS compliance in Kubernetes-based platforms - elastisys
Kubernetes alone does not help achieve PCI DSS compliance. We cover the 12 requirements of how fintech businesses can make it more compliant.
An interesting way to protect your Kubernetes config file on your computer against accidental or malicious change or reading
Read on https://gist.github.com/PatrLind/e651d3cbc3bf68e4bd9fcc9568cbd3fb
Read on https://gist.github.com/PatrLind/e651d3cbc3bf68e4bd9fcc9568cbd3fb
Gist
How to protect your ~/.kube/ configuration
How to protect your ~/.kube/ configuration. GitHub Gist: instantly share code, notes, and snippets.
Trivy is a Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI
Read more https://github.com/aquasecurity/trivy
Read more https://github.com/aquasecurity/trivy