k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from secret manager to pod, secret, and configmap
👉 https://github.com/OT-CONTAINER-KIT/k8s-vault-webhook
👉 https://github.com/OT-CONTAINER-KIT/k8s-vault-webhook
Connaisseur is an admission controller for Kubernetes that integrates Image Signature Verification and Trust Pinning into a cluster, as a means to ensure that only valid images are being deployed
→ https://github.com/sse-secure-systems/connaisseur
→ https://github.com/sse-secure-systems/connaisseur
rback is a simple "RBAC in Kubernetes" visualizer. It queries all RBAC info and generates a graph of service accounts, (cluster) roles, and the respective access rules in dot format
Read on: https://github.com/team-soteria/rback
Read on: https://github.com/team-soteria/rback
Learn how to use CSI to expose secrets on a volume within a Kubernetes pod and retrieve them using our beta Vault Provider for the Kubernetes Secrets Store CSI Driver
More https://hashicorp.com/blog/retrieve-hashicorp-vault-secrets-with-kubernetes-csi
More https://hashicorp.com/blog/retrieve-hashicorp-vault-secrets-with-kubernetes-csi
In this blog post, you'll learn the lifecycle of Kubernetes Network Policies (e.g. creation, editing, governance, debugging)
More https://itnext.io/lifecycle-of-kubernetes-network-policies-749b5218f684?source=friends_link
More https://itnext.io/lifecycle-of-kubernetes-network-policies-749b5218f684?source=friends_link
Architecting network isolation in AKS
Read on https://itnext.io/network-isolated-aks-part-1-controlling-network-traffic-2cd0e045352d?source=friends_link
Read on https://itnext.io/network-isolated-aks-part-1-controlling-network-traffic-2cd0e045352d?source=friends_link
Controlling outbound traffic from Kubernetes
→ https://monzo.com/blog/controlling-outbound-traffic-from-kubernetes
→ https://monzo.com/blog/controlling-outbound-traffic-from-kubernetes
Exploring Kyverno: create and update existing resources
→ https://neonmirrors.net/post/2020-12/exploring-kyverno-part3
→ https://neonmirrors.net/post/2020-12/exploring-kyverno-part3
neonmirrors.net
Exploring Kyverno: Part 3, Generation
Multi-part series exploring Kyverno, a Kubernetes-native policy engine.
Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM
More https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM
More https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM
Nextlinklabs
Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM | NextLink Labs
Deploying a shiny new EKS cluster running the latest version of Kubernetes isn’t the hardest task in the world. On the other hand, setting up the authentic
[PDF] State of Kubernetes Security Report
→ https://redhat.com/rhdc/managed-files/cl-state-kubernetes-security-report-ebook-f29117-202106-en.pdf
→ https://redhat.com/rhdc/managed-files/cl-state-kubernetes-security-report-ebook-f29117-202106-en.pdf
State of Cloud Native Application Security: how cloud native adoption transforms the way organizations defend against security threats
More: https://snyk.io/state-of-cloud-native-application-security
More: https://snyk.io/state-of-cloud-native-application-security
Snyk
Cloud Native Application Security Report | Snyk
New research reveals 60% of organizations have increased security concerns since adopting cloud native. Read the full State of Cloud Native Application Security report for all of the latest trends.
Top 9 open source DevSecOps Tools for Kubernetes:
1. Anchore
2. Checkov
3. Clair
4. Falco
…
More: https://stackrox.io/blog/top-9-open-source-devsecops-tools-for-kubernetes
1. Anchore
2. Checkov
3. Clair
4. Falco
…
More: https://stackrox.io/blog/top-9-open-source-devsecops-tools-for-kubernetes
www.stackrox.io
Top 9 Open Source DevSecOps Tools for Kubernetes | StackRox Community
Our top picks of open source tools to secure your workloads.
Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault secrets, certificates and keys available in Kubernetes and/or your application - in a simple and secure way
Read more https://akv2k8s.io/
Read more https://akv2k8s.io/
In this blog, you'll explore different container isolation techniques and whether their strengths and weaknesses make them a practical choice
👉 https://blog.aquasec.com/container-isolation-techniques
👉 https://blog.aquasec.com/container-isolation-techniques
How to inject secrets from AWS, GCP, or Vault into a Kubernetes Pod
More: https://blog.doit-intl.com/injecting-secrets-from-aws-gcp-or-vault-into-a-kubernetes-pod-d5a0e84ba892
More: https://blog.doit-intl.com/injecting-secrets-from-aws-gcp-or-vault-into-a-kubernetes-pod-d5a0e84ba892
DoiT International
How to Inject Secrets from AWS, GCP, or Vault Into a Kubernetes Pod | DoiT International
In the world of Kubernetes, we try to automate and minimize code duplication. Consuming secrets from a secret manager in Kubernetes should be the same way. Here’s how to do it.
Best practices for cluster isolation in Azure Kubernetes Service (AKS)
→ https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-isolation
→ https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-isolation
Can you jailbreak rootless Docker-in-Docker?
Read more https://gist.github.com/protosam/0d263bba98d45601df022b70ef308dbf
Read more https://gist.github.com/protosam/0d263bba98d45601df022b70ef308dbf
Gist
audit - dind rootless.md
GitHub Gist: instantly share code, notes, and snippets.
Google Secret Manager Provider for Secret Store CSI Driver allows you to access secrets stored in Secret Manager as files mounted in Kubernetes pods.
More https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp
More https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp
GitHub
GitHub - GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp: Google Secret Manager provider for the Secret Store CSI Driver.
Google Secret Manager provider for the Secret Store CSI Driver. - GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp
HashiCorp Vault provider for the Secrets Store CSI driver allows you to get secrets stored in Vault and use the Secrets Store CSI driver interface to mount them into Kubernetes pods
Read more https://github.com/hashicorp/vault-csi-provider
Read more https://github.com/hashicorp/vault-csi-provider
GitHub
GitHub - hashicorp/vault-csi-provider: HashiCorp Vault Provider for Secret Store CSI Driver
HashiCorp Vault Provider for Secret Store CSI Driver - hashicorp/vault-csi-provider
gsm-controller is a Kubernetes controller that copies secrets from Google Secrets Manager into Kubernetes secrets. The controller watches Kubernetes secrets looking for an annotation, if the annotation is not found on the secret nothing more is done
More https://github.com/jenkins-x/gsm-controller
More https://github.com/jenkins-x/gsm-controller
GitHub
GitHub - jenkins-x/gsm-controller
Contribute to jenkins-x/gsm-controller development by creating an account on GitHub.
Connaisseur is a Kubernetes admission controller to integrate container image signature verification and trust pinning into a cluster
More https://github.com/sse-secure-systems/connaisseur
More https://github.com/sse-secure-systems/connaisseur