In this tutorial, you will learn how to integrate tools such as kube-bench and Kubespace to identify potential vulnerabilities in a CI/CD pipeline before they reach the cluster.
More: https://medium.com/@sdevsecops/how-to-implement-devsecops-in-a-kubernetes-cluster-environment-github-actions-and-azure-devops-522bdd121e34
More: https://medium.com/@sdevsecops/how-to-implement-devsecops-in-a-kubernetes-cluster-environment-github-actions-and-azure-devops-522bdd121e34
Forwarded from Kube Architect
In this article, you will find a curated (but not exhaustive) list of FOSS projects addressing multi-tenancy challenges in Kuberntes.
More: https://divya-mohan0209.medium.com/mo-tenancy-mo-problems-f031f75374f7
More: https://divya-mohan0209.medium.com/mo-tenancy-mo-problems-f031f75374f7
Forwarded from LearnKube news
The purpose of The Kubernetes networking guide is to provide an overview of various Kubernetes networking components with a specific focus on exactly how they implement the required functionality.
More: https://tkng.io
More: https://tkng.io
With Kyverno:
- Invalid resources can be blocked with helpful errors.
- Misconfigured resources can be corrected on the fly.
- New resources can be dynamically generated.
Learn how to use Kyverno to govern multi-tenant clusters in this article.
More: https://medium.com/compass-true-north/governing-multi-tenant-kubernetes-clusters-with-kyverno-3e11ba4a64ad
- Invalid resources can be blocked with helpful errors.
- Misconfigured resources can be corrected on the fly.
- New resources can be dynamically generated.
Learn how to use Kyverno to govern multi-tenant clusters in this article.
More: https://medium.com/compass-true-north/governing-multi-tenant-kubernetes-clusters-with-kyverno-3e11ba4a64ad
In Kubernetes, external traffic (e.g. north-south) is a major source of security risk.
In this article, you'll have a look at **tools to mitigate such risks. **
More: https://medium.com/slalom-build/managing-ingress-traffic-on-kubernetes-platforms-ebd537cdfb46
In this article, you'll have a look at **tools to mitigate such risks. **
More: https://medium.com/slalom-build/managing-ingress-traffic-on-kubernetes-platforms-ebd537cdfb46
Forwarded from LearnKube news
Kubescape is a tool that provides risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.
More: https://github.com/kubescape/kubescape
More: https://github.com/kubescape/kubescape
This tutorial will provide you with all the steps and commands to set up SOPS in your shell, Kubernetes, Helm and Visual Studio Code.
More: https://itnext.io/goodbye-sealed-secrets-hello-sops-3ee6a92662bb
More: https://itnext.io/goodbye-sealed-secrets-hello-sops-3ee6a92662bb
In this tutorial, you'll learn how to inject secrets in your Pods directly from AWS Secret Manager using the AWS Secrets Manager CSI Driver.
More: https://faun.pub/lets-do-devops-k8s-fetching-aws-secrets-manager-secrets-on-pod-launch-securely-be447fe2c0ff
More: https://faun.pub/lets-do-devops-k8s-fetching-aws-secrets-manager-secrets-on-pod-launch-securely-be447fe2c0ff
In this article, you will expose the differences between Layer 7 security in Cilium vs Istio.
More: https://solo.io/blog/exploring-cilium-layer-7-capabilities-compared-to-istio
More: https://solo.io/blog/exploring-cilium-layer-7-capabilities-compared-to-istio
In this article, you will learn how to configure RBAC in Kubernetes.
You will configure RBAC both with kubectl and yaml definitions.
More: https://dev.to/mstryoda/configure-rbac-in-kubernetes-like-a-boss-h67
You will configure RBAC both with kubectl and yaml definitions.
More: https://dev.to/mstryoda/configure-rbac-in-kubernetes-like-a-boss-h67
Forwarded from Kube Events
🗓 Kubernetes events starting in the next 24 hours:
28 Nov 2:00 pm GMT - CKS bootcamp | Cloud Technology Experts Inc - 📍 Online workshop
→ See all Kubernetes events
28 Nov 2:00 pm GMT - CKS bootcamp | Cloud Technology Experts Inc - 📍 Online workshop
→ See all Kubernetes events
This repo contains two kubectl plugins:
1.
2.
More: https://github.com/jordanwilson230/kubectl-plugins/tree/krew#kubectl-exec-as
1.
kubectl exec-as — Like kubectl exec, but offers a --user flag to exec as root (or any other user).2.
kubectl prompt — Displays a warning prompt when issuing commands in a flagged cluster or namespace.More: https://github.com/jordanwilson230/kubectl-plugins/tree/krew#kubectl-exec-as
Kube No Trouble (kubent) is a tool to check whether you're using any deprecated APIs in your cluster and therefore should upgrade your workloads first, before upgrading your Kubernetes cluster.
More: https://github.com/doitintl/kube-no-trouble
More: https://github.com/doitintl/kube-no-trouble
This article contains a list of useful risks and mitigations for securing workloads in Kubernetes.
More: https://medium.com/@mkbadeniyi/how-to-secure-cloud-native-applications-38f59d99785e
More: https://medium.com/@mkbadeniyi/how-to-secure-cloud-native-applications-38f59d99785e
This article covers:
- What is a JWT, and why should you care?
- Dissecting Istio's JWT edge authentication & authorization.
- How to build an external authz service for Istio.
More: https://medium.com/globant/istio-jwt-authentication-authorization-at-the-edge-b35b612acd97
- What is a JWT, and why should you care?
- Dissecting Istio's JWT edge authentication & authorization.
- How to build an external authz service for Istio.
More: https://medium.com/globant/istio-jwt-authentication-authorization-at-the-edge-b35b612acd97
Forwarded from LearnKube news
In this article, you will discover the ins and outs of eBPF and why it is particularly exciting when it comes to observing your containers and Kubernetes clusters.
More: https://groundcover.com/blog/what-is-ebpf
More: https://groundcover.com/blog/what-is-ebpf
sKan is a tailor-made Kubernetes configuration files and resources scanner that enables developers and DevOps team members to check whether their work complies with security & ops best practices.
More: https://github.com/alcideio/skan
More: https://github.com/alcideio/skan
In this article, you will learn how to use the IAM Authenticator to authenticate to an EKS cluster.
More: https://betterprogramming.pub/kubernetes-authentication-in-aws-eks-using-iam-authenticator-de3a586e885c
More: https://betterprogramming.pub/kubernetes-authentication-in-aws-eks-using-iam-authenticator-de3a586e885c
This article focuses on configuring Kubernetes Audit Logs so you can have records of events happening in your cluster.
More: https://signoz.io/blog/kubernetes-audit-logs
More: https://signoz.io/blog/kubernetes-audit-logs
Forwarded from LearnKube news
Kubernetes doesn't load balance long-lived connections, and some pods might receive more requests than others.
If you're using gRPC, AMQP or any other long-lived connection (e.g. database), you might want to consider client-side load balancing.
More: https://learnk8s.io/kubernetes-long-lived-connections
If you're using gRPC, AMQP or any other long-lived connection (e.g. database), you might want to consider client-side load balancing.
More: https://learnk8s.io/kubernetes-long-lived-connections
KubePi allows administrators to import multiple Kubernetes clusters and assign permissions to different clusters and namespaces.
More: https://github.com/KubeOperator/KubePi
More: https://github.com/KubeOperator/KubePi