Privileged Docker containers—do you really need them?
→ https://snyk.io/blog/privileged-docker-containers
→ https://snyk.io/blog/privileged-docker-containers
Snyk
Privileged Docker containers—do you really need them? | Snyk
I dropped down a rabbit hole doing some testing with Podman around why running a certain container in a rootless configuration required the --privileged flag.
helm-sudo plugin is a helm plugin that uses impersonating to execute helm-commands on clusters within the admin context.
More https://github.com/cloudogu/helm-sudo
More https://github.com/cloudogu/helm-sudo
GitHub
GitHub - cloudogu/helm-sudo: A Helm plugin for running commands with the security privileges of another user
A Helm plugin for running commands with the security privileges of another user - GitHub - cloudogu/helm-sudo: A Helm plugin for running commands with the security privileges of another user
Azure Key Vault to Kubernetes (akv2k8s for short) makes it simple and secure to use Azure Key Vault secrets, keys and certificates in Kubernetes
→ https://github.com/SparebankenVest/azure-key-vault-to-kubernetes
→ https://github.com/SparebankenVest/azure-key-vault-to-kubernetes
GitHub
GitHub - SparebankenVest/azure-key-vault-to-kubernetes: Azure Key Vault to Kubernetes (akv2k8s for short) makes it simple and secure…
Azure Key Vault to Kubernetes (akv2k8s for short) makes it simple and secure to use Azure Key Vault secrets, keys and certificates in Kubernetes. - SparebankenVest/azure-key-vault-to-kubernetes
Suspicious pods is a very simple tool, which does a very simple task: print a list of pods in your Kubernetes cluster that might not be working correctly, along with a reason on why that pod is considered suspicious
Read more: https://github.com/edrevo/suspicious-pods
Read more: https://github.com/edrevo/suspicious-pods
GitHub
GitHub - edrevo/suspicious-pods: Prints a list of k8s pods that might not be working correctly
Prints a list of k8s pods that might not be working correctly - edrevo/suspicious-pods
Kubernetes External Secrets allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes.
Read on: https://github.com/external-secrets/kubernetes-external-secrets
Read on: https://github.com/external-secrets/kubernetes-external-secrets
secrets-manager reads the secrets from Vault and compares them to Kubernetes secrets creating and updating them as needed
More https://github.com/tuenti/secrets-manager
More https://github.com/tuenti/secrets-manager
GitHub
GitHub - tuenti/secrets-manager: A daemon to sync Vault secrets to Kubernetes secrets
A daemon to sync Vault secrets to Kubernetes secrets - tuenti/secrets-manager
The right way to authenticate to your clusters from your CI/CD pipelines
More: https://tremolosecurity.com/post/pipelines-and-kubernetes-authentication
More: https://tremolosecurity.com/post/pipelines-and-kubernetes-authentication
NetworkPolicy Editor: Create, Visualize, and Share Kubernetes NetworkPolicies
More: https://editor.cilium.io/
More: https://editor.cilium.io/
editor.networkpolicy.io
Network Policy Editor for Kubernetes
editor.networkpolicy.io makes it easy to build, visualize, and make sense of Network Policies, which can then be downloaded as YAML and run in any Kubernetes cluster with a Network Policy-aware CNI.
Analysing Kubernetes audit logs using Falco
Read on: https://github.com/developer-guy/falco-analyze-audit-log-from-k3s-cluster
Read on: https://github.com/developer-guy/falco-analyze-audit-log-from-k3s-cluster
In this guide, we are going to demonstrate what OPA Gatekeeper and Kyverno are, what are the differences between them and how we can set up and use them in the Kubernetes cluster by doing hands-on demo
Read on: https://github.com/developer-guy/policy-as-code-war
Read on: https://github.com/developer-guy/policy-as-code-war
In this article you'll break the cluster, delete certificates and rejoin the nodes without causing any downtime.
More: https://itnext.io/breaking-down-and-fixing-kubernetes-4df2f22f87c3
More: https://itnext.io/breaking-down-and-fixing-kubernetes-4df2f22f87c3
Kubolt is simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers
Read more https://github.com/averonesis/kubolt
Read more https://github.com/averonesis/kubolt
GitHub
GitHub - averonesis/kubolt: Kubolt utility for scanning public kubernetes clusters
Kubolt utility for scanning public kubernetes clusters - averonesis/kubolt
Attacking Kubernetes clusters using the Kubelet API
Read on: https://medium.com/faun/attacking-kubernetes-clusters-using-the-kubelet-api-abafc36126ca
Read on: https://medium.com/faun/attacking-kubernetes-clusters-using-the-kubelet-api-abafc36126ca
Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno
Read on: https://neonmirrors.net/post/2021-02/kubernetes-policy-comparison-opa-gatekeeper-vs-kyverno
Read on: https://neonmirrors.net/post/2021-02/kubernetes-policy-comparison-opa-gatekeeper-vs-kyverno
This post describes how to improve cert-manager self-check speed, by pointing the cluster to Google nameservers, and disabling DNS caching
→ https://usepine.com/blog/en/improving-cert-manager-self-check-speed-when-issuing-certificates
→ https://usepine.com/blog/en/improving-cert-manager-self-check-speed-when-issuing-certificates