kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication

More: https://github.com/int128/kubelogin

kube-oidc-proxy is a reverse proxy server to authenticate users using OIDC to Kubernetes API servers where OIDC authentication is not available

More: https://github.com/jetstack/kube-oidc-proxy

The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

More https://github.com/madhuakula/kubernetes-goat

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from secret manager to pod, secret, and configmap

👉 https://github.com/OT-CONTAINER-KIT/k8s-vault-webhook

Connaisseur is an admission controller for Kubernetes that integrates Image Signature Verification and Trust Pinning into a cluster, as a means to ensure that only valid images are being deployed

→ https://github.com/sse-secure-systems/connaisseur

rback is a simple "RBAC in Kubernetes" visualizer. It queries all RBAC info and generates a graph of service accounts, (cluster) roles, and the respective access rules in dot format

Read on: https://github.com/team-soteria/rback

Learn how to use CSI to expose secrets on a volume within a Kubernetes pod and retrieve them using our beta Vault Provider for the Kubernetes Secrets Store CSI Driver

More https://hashicorp.com/blog/retrieve-hashicorp-vault-secrets-with-kubernetes-csi

In this blog post, you'll learn the lifecycle of Kubernetes Network Policies (e.g. creation, editing, governance, debugging)

More https://itnext.io/lifecycle-of-kubernetes-network-policies-749b5218f684?source=friends_link

Architecting network isolation in AKS

Read on https://itnext.io/network-isolated-aks-part-1-controlling-network-traffic-2cd0e045352d?source=friends_link

Controlling outbound traffic from Kubernetes

→ https://monzo.com/blog/controlling-outbound-traffic-from-kubernetes

Exploring Kyverno: create and update existing resources

→ https://neonmirrors.net/post/2020-12/exploring-kyverno-part3

Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM

More https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM

[PDF] State of Kubernetes Security Report

→ https://redhat.com/rhdc/managed-files/cl-state-kubernetes-security-report-ebook-f29117-202106-en.pdf

State of Cloud Native Application Security: how cloud native adoption transforms the way organizations defend against security threats

More: https://snyk.io/state-of-cloud-native-application-security

Top 9 open source DevSecOps Tools for Kubernetes:
1. Anchore
2. Checkov
3. Clair
4. Falco
…

More: https://stackrox.io/blog/top-9-open-source-devsecops-tools-for-kubernetes

Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault secrets, certificates and keys available in Kubernetes and/or your application - in a simple and secure way

Read more https://akv2k8s.io/

In this blog, you'll explore different container isolation techniques and whether their strengths and weaknesses make them a practical choice

👉 https://blog.aquasec.com/container-isolation-techniques

How to inject secrets from AWS, GCP, or Vault into a Kubernetes Pod

More: https://blog.doit-intl.com/injecting-secrets-from-aws-gcp-or-vault-into-a-kubernetes-pod-d5a0e84ba892

Best practices for cluster isolation in Azure Kubernetes Service (AKS)

→ https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-isolation

Can you jailbreak rootless Docker-in-Docker?

Read more https://gist.github.com/protosam/0d263bba98d45601df022b70ef308dbf

Google Secret Manager Provider for Secret Store CSI Driver allows you to access secrets stored in Secret Manager as files mounted in Kubernetes pods.

More https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp