Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM
More https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM
More https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM
Nextlinklabs
Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM | NextLink Labs
Deploying a shiny new EKS cluster running the latest version of Kubernetes isn’t the hardest task in the world. On the other hand, setting up the authentic
[PDF] State of Kubernetes Security Report
→ https://redhat.com/rhdc/managed-files/cl-state-kubernetes-security-report-ebook-f29117-202106-en.pdf
→ https://redhat.com/rhdc/managed-files/cl-state-kubernetes-security-report-ebook-f29117-202106-en.pdf
State of Cloud Native Application Security: how cloud native adoption transforms the way organizations defend against security threats
More: https://snyk.io/state-of-cloud-native-application-security
More: https://snyk.io/state-of-cloud-native-application-security
Snyk
Cloud Native Application Security Report | Snyk
New research reveals 60% of organizations have increased security concerns since adopting cloud native. Read the full State of Cloud Native Application Security report for all of the latest trends.
Top 9 open source DevSecOps Tools for Kubernetes:
1. Anchore
2. Checkov
3. Clair
4. Falco
…
More: https://stackrox.io/blog/top-9-open-source-devsecops-tools-for-kubernetes
1. Anchore
2. Checkov
3. Clair
4. Falco
…
More: https://stackrox.io/blog/top-9-open-source-devsecops-tools-for-kubernetes
www.stackrox.io
Top 9 Open Source DevSecOps Tools for Kubernetes | StackRox Community
Our top picks of open source tools to secure your workloads.
Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault secrets, certificates and keys available in Kubernetes and/or your application - in a simple and secure way
Read more https://akv2k8s.io/
Read more https://akv2k8s.io/
In this blog, you'll explore different container isolation techniques and whether their strengths and weaknesses make them a practical choice
👉 https://blog.aquasec.com/container-isolation-techniques
👉 https://blog.aquasec.com/container-isolation-techniques
How to inject secrets from AWS, GCP, or Vault into a Kubernetes Pod
More: https://blog.doit-intl.com/injecting-secrets-from-aws-gcp-or-vault-into-a-kubernetes-pod-d5a0e84ba892
More: https://blog.doit-intl.com/injecting-secrets-from-aws-gcp-or-vault-into-a-kubernetes-pod-d5a0e84ba892
DoiT International
How to Inject Secrets from AWS, GCP, or Vault Into a Kubernetes Pod | DoiT International
In the world of Kubernetes, we try to automate and minimize code duplication. Consuming secrets from a secret manager in Kubernetes should be the same way. Here’s how to do it.
Best practices for cluster isolation in Azure Kubernetes Service (AKS)
→ https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-isolation
→ https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-isolation
Can you jailbreak rootless Docker-in-Docker?
Read more https://gist.github.com/protosam/0d263bba98d45601df022b70ef308dbf
Read more https://gist.github.com/protosam/0d263bba98d45601df022b70ef308dbf
Gist
audit - dind rootless.md
GitHub Gist: instantly share code, notes, and snippets.
Google Secret Manager Provider for Secret Store CSI Driver allows you to access secrets stored in Secret Manager as files mounted in Kubernetes pods.
More https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp
More https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp
GitHub
GitHub - GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp: Google Secret Manager provider for the Secret Store CSI Driver.
Google Secret Manager provider for the Secret Store CSI Driver. - GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp
HashiCorp Vault provider for the Secrets Store CSI driver allows you to get secrets stored in Vault and use the Secrets Store CSI driver interface to mount them into Kubernetes pods
Read more https://github.com/hashicorp/vault-csi-provider
Read more https://github.com/hashicorp/vault-csi-provider
GitHub
GitHub - hashicorp/vault-csi-provider: HashiCorp Vault Provider for Secret Store CSI Driver
HashiCorp Vault Provider for Secret Store CSI Driver - hashicorp/vault-csi-provider
gsm-controller is a Kubernetes controller that copies secrets from Google Secrets Manager into Kubernetes secrets. The controller watches Kubernetes secrets looking for an annotation, if the annotation is not found on the secret nothing more is done
More https://github.com/jenkins-x/gsm-controller
More https://github.com/jenkins-x/gsm-controller
GitHub
GitHub - jenkins-x/gsm-controller
Contribute to jenkins-x/gsm-controller development by creating an account on GitHub.
Connaisseur is a Kubernetes admission controller to integrate container image signature verification and trust pinning into a cluster
More https://github.com/sse-secure-systems/connaisseur
More https://github.com/sse-secure-systems/connaisseur
Kubestriker is a platform-agnostic tool designed to tackle Kuberenetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation
More https://github.com/vchinnipilli/kubestriker
More https://github.com/vchinnipilli/kubestriker
The ClusterSecret operator makes sure that all the matching namespaces have a secret available. New namespaces, if they match a pattern, will also have the secret. Any change on the ClusterSecret will update all related secrets
Read more https://github.com/zakkg3/ClusterSecret
Read more https://github.com/zakkg3/ClusterSecret
Enforcing image trust on Docker containers using Notary
More https://infracloud.io/blogs/enforcing-image-trust-docker-containers-notary
More https://infracloud.io/blogs/enforcing-image-trust-docker-containers-notary
InfraCloud
Enforcing Image Trust on Docker Containers using Notary
In this blog post we talk about the importance of supply chain security and how we can implement container image trust in Docker and Kubernetes using Notary.
Top 10 container security best practices
Read more: https://infracloud.io/blogs/top-10-things-for-container-security?amp%3Butm_campaign=promoting_blog&%3Butm_content=kubernetes&%3Butm_medium=social
Read more: https://infracloud.io/blogs/top-10-things-for-container-security?amp%3Butm_campaign=promoting_blog&%3Butm_content=kubernetes&%3Butm_medium=social
InfraCloud
Top 10 Container Security Best Practices
The top 10 best practices you can follow and implement today to reduce security risks in the containerized workloads and secure the application containers.
Attacking Kubernetes via misconfigured Argo Workflows
Read on: https://intezer.com/blog/container-security/new-attacks-on-kubernetes-via-misconfigured-argo-workflows
Read on: https://intezer.com/blog/container-security/new-attacks-on-kubernetes-via-misconfigured-argo-workflows
2 Widespread attacks (Man-in-the-Middle, Cryptojacking attack) on your containerized wnvironment and 7 rules to prevent it
Read more: https://itnext.io/2-widespread-attacks-on-your-containerized-environment-and-7-rules-to-prevent-it-957aa7dfa5e0
Read more: https://itnext.io/2-widespread-attacks-on-your-containerized-environment-and-7-rules-to-prevent-it-957aa7dfa5e0
Kubernetes Network Policies for isolating Namespaces
Read on https://loft.sh/blog/kubernetes-network-policies-for-isolating-namespaces
Read on https://loft.sh/blog/kubernetes-network-policies-for-isolating-namespaces
www.loft.sh
Kubernetes Network Policies for Isolating Namespaces
Learn how to secure pod to pod communication using Kubernetes network policies to secure your cluster and applications.
Verifying Container image signatures in Kubernetes using Notary or Cosign or both
More https://medium.com/sse-blog/verify-container-image-signatures-in-kubernetes-using-notary-or-cosign-or-both-c25d9e79ec45
More https://medium.com/sse-blog/verify-container-image-signatures-in-kubernetes-using-notary-or-cosign-or-both-c25d9e79ec45