In Kubernetes, external traffic (e.g. north-south) is a major source of security risk.

In this article, you'll have a look at **tools to mitigate such risks. **

More: https://medium.com/slalom-build/managing-ingress-traffic-on-kubernetes-platforms-ebd537cdfb46

Kubescape is a tool that provides risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.

More: https://github.com/kubescape/kubescape

This tutorial will provide you with all the steps and commands to set up SOPS in your shell, Kubernetes, Helm and Visual Studio Code.

More: https://itnext.io/goodbye-sealed-secrets-hello-sops-3ee6a92662bb

In this tutorial, you'll learn how to inject secrets in your Pods directly from AWS Secret Manager using the AWS Secrets Manager CSI Driver.

More: https://faun.pub/lets-do-devops-k8s-fetching-aws-secrets-manager-secrets-on-pod-launch-securely-be447fe2c0ff

In this article, you will expose the differences between Layer 7 security in Cilium vs Istio.

More: https://solo.io/blog/exploring-cilium-layer-7-capabilities-compared-to-istio

In this article, you will learn how to configure RBAC in Kubernetes.

You will configure RBAC both with kubectl and yaml definitions.

More: https://dev.to/mstryoda/configure-rbac-in-kubernetes-like-a-boss-h67

🗓 Kubernetes events starting in the next 24 hours:

28 Nov 2:00 pm GMT - CKS bootcamp | Cloud Technology Experts Inc - 📍 Online workshop

→ See all Kubernetes events

This repo contains two kubectl plugins:

1. kubectl exec-as — Like kubectl exec, but offers a --user flag to exec as root (or any other user).
2. kubectl prompt — Displays a warning prompt when issuing commands in a flagged cluster or namespace.

More: https://github.com/jordanwilson230/kubectl-plugins/tree/krew#kubectl-exec-as

Kube No Trouble (kubent) is a tool to check whether you're using any deprecated APIs in your cluster and therefore should upgrade your workloads first, before upgrading your Kubernetes cluster.

More: https://github.com/doitintl/kube-no-trouble

This article contains a list of useful risks and mitigations for securing workloads in Kubernetes.

More: https://medium.com/@mkbadeniyi/how-to-secure-cloud-native-applications-38f59d99785e

This article covers:

- What is a JWT, and why should you care?
- Dissecting Istio's JWT edge authentication & authorization.
- How to build an external authz service for Istio.

More: https://medium.com/globant/istio-jwt-authentication-authorization-at-the-edge-b35b612acd97

In this article, you will discover the ins and outs of eBPF and why it is particularly exciting when it comes to observing your containers and Kubernetes clusters.

More: https://groundcover.com/blog/what-is-ebpf

sKan is a tailor-made Kubernetes configuration files and resources scanner that enables developers and DevOps team members to check whether their work complies with security & ops best practices.

More: https://github.com/alcideio/skan

In this article, you will learn how to use the IAM Authenticator to authenticate to an EKS cluster.

More: https://betterprogramming.pub/kubernetes-authentication-in-aws-eks-using-iam-authenticator-de3a586e885c

This article focuses on configuring Kubernetes Audit Logs so you can have records of events happening in your cluster.

More: https://signoz.io/blog/kubernetes-audit-logs

Kubernetes doesn't load balance long-lived connections, and some pods might receive more requests than others.

If you're using gRPC, AMQP or any other long-lived connection (e.g. database), you might want to consider client-side load balancing.

More: https://learnk8s.io/kubernetes-long-lived-connections

KubePi allows administrators to import multiple Kubernetes clusters and assign permissions to different clusters and namespaces.

More: https://github.com/KubeOperator/KubePi

awesome-containerized-security is a collection of tools to improve your containerized apps security posture.

More: https://github.com/koslib/awesome-containerized-security

K8s-gatekeeper is an admission webhook that uses Casbin to apply arbitrary user-defined access control rules to help prevent any operation the administrator doesn't allow.

More: https://github.com/casbin/k8s-gatekeeper

Role-based access control (RBAC) is a way of granting users granular access to Kubernetes API resources.

RBAC is a security design that limits access to Kubernetes resources based on the user's role.

Learn how to use RBAC in this tutorial.

More: https://faun.pub/give-users-and-groups-access-to-kubernetes-cluster-using-rbac-b614b6c0b383

In this article, you will learn how to scan and discover publicly accessible Kubernetes clusters and how you can protect against it.

More: https://raesene.github.io/blog/2022/07/03/lets-talk-about-kubernetes-on-the-internet