Amazon EKS Pod Identity Webhook is a webhook for mutating pods that will require AWS IAM access

Read on: https://github.com/aws/amazon-eks-pod-identity-webhook

This repository contains an implementation of a RBAC model for a multi project and multi tenant Kubernetes cluster

→ https://github.com/clvx/k8s-rbac-model

Kubernetes External Secrets allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes

👉 https://github.com/external-secrets/kubernetes-external-secrets

RBAC Manager is designed to simplify authorization in Kubernetes. This is an operator that supports declarative configuration for RBAC with new custom resources

Read on: https://github.com/FairwindsOps/rbac-manager

Teleport is a certificate authority and access plane for SSH, Kubernetes, web applications, and databases

More https://github.com/gravitational/teleport

kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication

More: https://github.com/int128/kubelogin

kube-oidc-proxy is a reverse proxy server to authenticate users using OIDC to Kubernetes API servers where OIDC authentication is not available

More: https://github.com/jetstack/kube-oidc-proxy

The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

More https://github.com/madhuakula/kubernetes-goat

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from secret manager to pod, secret, and configmap

👉 https://github.com/OT-CONTAINER-KIT/k8s-vault-webhook

Connaisseur is an admission controller for Kubernetes that integrates Image Signature Verification and Trust Pinning into a cluster, as a means to ensure that only valid images are being deployed

→ https://github.com/sse-secure-systems/connaisseur

rback is a simple "RBAC in Kubernetes" visualizer. It queries all RBAC info and generates a graph of service accounts, (cluster) roles, and the respective access rules in dot format

Read on: https://github.com/team-soteria/rback

Learn how to use CSI to expose secrets on a volume within a Kubernetes pod and retrieve them using our beta Vault Provider for the Kubernetes Secrets Store CSI Driver

More https://hashicorp.com/blog/retrieve-hashicorp-vault-secrets-with-kubernetes-csi

In this blog post, you'll learn the lifecycle of Kubernetes Network Policies (e.g. creation, editing, governance, debugging)

More https://itnext.io/lifecycle-of-kubernetes-network-policies-749b5218f684?source=friends_link

Architecting network isolation in AKS

Read on https://itnext.io/network-isolated-aks-part-1-controlling-network-traffic-2cd0e045352d?source=friends_link

Controlling outbound traffic from Kubernetes

→ https://monzo.com/blog/controlling-outbound-traffic-from-kubernetes

Exploring Kyverno: create and update existing resources

→ https://neonmirrors.net/post/2020-12/exploring-kyverno-part3

Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM

More https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM

[PDF] State of Kubernetes Security Report

→ https://redhat.com/rhdc/managed-files/cl-state-kubernetes-security-report-ebook-f29117-202106-en.pdf

State of Cloud Native Application Security: how cloud native adoption transforms the way organizations defend against security threats

More: https://snyk.io/state-of-cloud-native-application-security

Top 9 open source DevSecOps Tools for Kubernetes:
1. Anchore
2. Checkov
3. Clair
4. Falco
…

More: https://stackrox.io/blog/top-9-open-source-devsecops-tools-for-kubernetes

Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault secrets, certificates and keys available in Kubernetes and/or your application - in a simple and secure way

Read more https://akv2k8s.io/