Kubesploit

Chappaai is an OAuth management layer for Kubernetes. It allows you, through Custom Resource Definitions, to describe OAuth APIs you wish to be able to integrate with. More: https://github.com/rawkode/chappaai

In this article, you will review 15 of the most useful kubectl plugins for giving security teams better visibility for incident response and forensics in Kubernetes. More: https://sysdig.com/blog/top-15-kubectl-plugins-for-security-engineers

Pinniped is the easy, secure way to log in to your Kubernetes clusters. More: https://github.com/vmware-tanzu/pinniped

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The course starts next week and you can sign up here: https://learnk8s.io/online-advanced-june-2023

In this (controversial) article, Tim argues that Kubernetes security should have clearly assigned responsibility and that it should be Product Security's scope. More: https://timwilcoxson.com/dear-product-security-team-kubernetes-is-your-problem-acebffc2d788

This week on the Learn Kubernetes Weekly: 📈 Scalability test for CNIs 📊 Cgroups — deep dive 🖥 Deploying microVMs on top of Kubernetes 💥 Non-graceful node shutdown 👻 Ephemeral environments with Helm Read it now: https://learnk8s.io/learn-kubernetes-weekly

Paranoia is a tool to analyse and export trust bundles (e.g., "ca-certificates") from container images. These certificates identify the certificate authorities that your container trusts when establishing TLS connections. More: https://github.com/jetstack/paranoia

The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store and mount them into Kubernetes pods. More: https://github.com/aws/secrets-store-csi-driver-provider-aws

Sealed Secrets is a great solution to secure secrets in Git. For larger teams and projects, the External Secrets Operator or the Secrets Store CSI Driver is a better solution to manage secrets securely. Learn the pros and cons in this article. More: https://auth0.com/blog/kubernetes-secrets-management

In EKS, by default, public access is enabled, which means the Kubernetes API server is accessible from the internet. In this article, you'll learn how to access the EKS API server through the AWS client VPN. More: https://medium.com/@Aleroawani/connect-to-an-eks-private-endpoint-with-aws-clientvpn-72b5000f558a

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The course is in 2 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023

This week on the Learn Kubernetes Weekly: 🗻 Isolating pods for debugging 🔒 Vault auto-unseal ⎈ Helm security and best practices ❽ Kubernetes, Java & fabric8 💥 Manifest complexity 📝 Pod presets Read it now: https://learnk8s.io/learn-kubernetes-weekly

This guide explains how to use IRSA, IAM Roles for Service Accounts, with Terraform and Kubernetes to provide secure and granular access to AWS services for EKS-hosted apps. More: https://blog.mariano.cloud/irsa-in-eks-a-kubernetes-aws-bridge

In this tutorial, you'll learn how to install the Trivy-Operator and continuously scan containers for security issues and misconfiguration. You'll also export the metrics to Prometheus, visualize them in Grafana and receive alerts with AlertManager. More: https://thomasroot.com/2023/01/16/trivy-operator-improve-container-runtime-security

Helm is a useful tool for managing the Kubernetes applications lifecycle. This article covers some best practices and helm security recommendations. More: https://sysdig.com/blog/how-to-secure-helm

Bridgekeeper helps you to enforce policies in your kubernetes cluster by providing a simple declarative way to define policies using the python programming language. More: https://github.com/MaibornWolff/bridgekeeper

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next course is in 3 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023

In this article, you will learn how you can combine manual and automatic unsealing of secrets in Kubernetes using multiple Vaults and Kubernetes. More: https://dev.to/luafanti/vault-auto-unseal-using-transit-secret-engine-on-kubernetes-13k8

This week on the Learn Kubernetes Weekly: 📈 Scale from 100 to 10,000 pods 🕷 Attacks through public container images ⏳ Back from disaster in (under) 15 mins 😈 Kubernetes vulnerabilities 2022 ✅ Production ready EKS CoreDNS Read it now: https://learnk8s.io/learn-kubernetes-weekly

Datree is a cloud-native solution to prevent Kubernetes misconfigurations by blocking resources that do not meet your policies. More: https://github.com/datreeio/datree