kube-oidc-proxy is a reverse proxy server to authenticate users using OIDC to Kubernetes API servers where OIDC authentication is not available

More: https://github.com/jetstack/kube-oidc-proxy

The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

More https://github.com/madhuakula/kubernetes-goat

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from secret manager to pod, secret, and configmap

👉 https://github.com/OT-CONTAINER-KIT/k8s-vault-webhook

Connaisseur is an admission controller for Kubernetes that integrates Image Signature Verification and Trust Pinning into a cluster, as a means to ensure that only valid images are being deployed

→ https://github.com/sse-secure-systems/connaisseur

rback is a simple "RBAC in Kubernetes" visualizer. It queries all RBAC info and generates a graph of service accounts, (cluster) roles, and the respective access rules in dot format

Read on: https://github.com/team-soteria/rback

Learn how to use CSI to expose secrets on a volume within a Kubernetes pod and retrieve them using our beta Vault Provider for the Kubernetes Secrets Store CSI Driver

More https://hashicorp.com/blog/retrieve-hashicorp-vault-secrets-with-kubernetes-csi

In this blog post, you'll learn the lifecycle of Kubernetes Network Policies (e.g. creation, editing, governance, debugging)

More https://itnext.io/lifecycle-of-kubernetes-network-policies-749b5218f684?source=friends_link

Architecting network isolation in AKS

Read on https://itnext.io/network-isolated-aks-part-1-controlling-network-traffic-2cd0e045352d?source=friends_link

Controlling outbound traffic from Kubernetes

→ https://monzo.com/blog/controlling-outbound-traffic-from-kubernetes

Exploring Kyverno: create and update existing resources

→ https://neonmirrors.net/post/2020-12/exploring-kyverno-part3

Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM

More https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM

[PDF] State of Kubernetes Security Report

→ https://redhat.com/rhdc/managed-files/cl-state-kubernetes-security-report-ebook-f29117-202106-en.pdf

State of Cloud Native Application Security: how cloud native adoption transforms the way organizations defend against security threats

More: https://snyk.io/state-of-cloud-native-application-security

Top 9 open source DevSecOps Tools for Kubernetes:
1. Anchore
2. Checkov
3. Clair
4. Falco
…

More: https://stackrox.io/blog/top-9-open-source-devsecops-tools-for-kubernetes

Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault secrets, certificates and keys available in Kubernetes and/or your application - in a simple and secure way

Read more https://akv2k8s.io/

In this blog, you'll explore different container isolation techniques and whether their strengths and weaknesses make them a practical choice

👉 https://blog.aquasec.com/container-isolation-techniques

How to inject secrets from AWS, GCP, or Vault into a Kubernetes Pod

More: https://blog.doit-intl.com/injecting-secrets-from-aws-gcp-or-vault-into-a-kubernetes-pod-d5a0e84ba892

Best practices for cluster isolation in Azure Kubernetes Service (AKS)

→ https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-isolation

Can you jailbreak rootless Docker-in-Docker?

Read more https://gist.github.com/protosam/0d263bba98d45601df022b70ef308dbf

Google Secret Manager Provider for Secret Store CSI Driver allows you to access secrets stored in Secret Manager as files mounted in Kubernetes pods.

More https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp

HashiCorp Vault provider for the Secrets Store CSI driver allows you to get secrets stored in Vault and use the Secrets Store CSI driver interface to mount them into Kubernetes pods

Read more https://github.com/hashicorp/vault-csi-provider