Kubesploit

Google Secret Manager Provider for Secret Store CSI Driver allows you to access secrets stored in Secret Manager as files mounted in Kubernetes pods. More https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp

Can you jailbreak rootless Docker-in-Docker? Read more https://gist.github.com/protosam/0d263bba98d45601df022b70ef308dbf

Best practices for cluster isolation in Azure Kubernetes Service (AKS) → https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-cluster-isolation

How to inject secrets from AWS, GCP, or Vault into a Kubernetes Pod More: https://blog.doit-intl.com/injecting-secrets-from-aws-gcp-or-vault-into-a-kubernetes-pod-d5a0e84ba892

In this blog, you'll explore different container isolation techniques and whether their strengths and weaknesses make them a practical choice 👉 https://blog.aquasec.com/container-isolation-techniques

Azure Key Vault to Kubernetes (akv2k8s) makes Azure Key Vault secrets, certificates and keys available in Kubernetes and/or your application - in a simple and secure way Read more https://akv2k8s.io/

Top 9 open source DevSecOps Tools for Kubernetes: 1. Anchore 2. Checkov 3. Clair 4. Falco … More: https://stackrox.io/blog/top-9-open-source-devsecops-tools-for-kubernetes

State of Cloud Native Application Security: how cloud native adoption transforms the way organizations defend against security threats More: https://snyk.io/state-of-cloud-native-application-security

[PDF] State of Kubernetes Security Report → https://redhat.com/rhdc/managed-files/cl-state-kubernetes-security-report-ebook-f29117-202106-en.pdf

Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM More https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM

Exploring Kyverno: create and update existing resources → https://neonmirrors.net/post/2020-12/exploring-kyverno-part3

Controlling outbound traffic from Kubernetes → https://monzo.com/blog/controlling-outbound-traffic-from-kubernetes

Architecting network isolation in AKS Read on https://itnext.io/network-isolated-aks-part-1-controlling-network-traffic-2cd0e045352d?source=friends_link

In this blog post, you'll learn the lifecycle of Kubernetes Network Policies (e.g. creation, editing, governance, debugging) More https://itnext.io/lifecycle-of-kubernetes-network-policies-749b5218f684?source=friends_link

Learn how to use CSI to expose secrets on a volume within a Kubernetes pod and retrieve them using our beta Vault Provider for the Kubernetes Secrets Store CSI Driver More https://hashicorp.com/blog/retrieve-hashicorp-vault-secrets-with-kubernetes-csi

rback is a simple "RBAC in Kubernetes" visualizer. It queries all RBAC info and generates a graph of service accounts, (cluster) roles, and the respective access rules in dot format Read on: https://github.com/team-soteria/rback

Connaisseur is an admission controller for Kubernetes that integrates Image Signature Verification and Trust Pinning into a cluster, as a means to ensure that only valid images are being deployed → https://github.com/sse-secure-systems/connaisseur

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from secret manager to pod, secret, and configmap 👉 https://github.com/OT-CONTAINER-KIT/k8s-vault-webhook

The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. More https://github.com/madhuakula/kubernetes-goat

kube-oidc-proxy is a reverse proxy server to authenticate users using OIDC to Kubernetes API servers where OIDC authentication is not available More: https://github.com/jetstack/kube-oidc-proxy