Kubesploit

Lockbox is a secure way to store Kubernetes Secrets offline. Secrets are asymmetrically encrypted, and can only be decrypted by the Lockbox Kubernetes controller Read on: https://github.com/cloudflare/lockbox

In this tutorial, you'll learn how to run Linkerd and Cilium together and how to use Cilium to apply L3 and L4 network policies to a cluster running Linkerd 👉 https://buoyant.io/2020/12/23/kubernetes-network-policies-with-cilium-and-linkerd

In this tutorial you'll learn how to how to integrate Kubernetes with Dex + LDAP More https://brightzheng100.medium.com/kubernetes-dex-ldap-integration-f305292a16b9

This post describes how to improve cert-manager self-check speed, by pointing the cluster to Google nameservers, and disabling DNS caching → https://usepine.com/blog/en/improving-cert-manager-self-check-speed-when-issuing-certificates

Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno Read on: https://neonmirrors.net/post/2021-02/kubernetes-policy-comparison-opa-gatekeeper-vs-kyverno

Attacking Kubernetes clusters using the Kubelet API Read on: https://medium.com/faun/attacking-kubernetes-clusters-using-the-kubelet-api-abafc36126ca

Kubolt is simple utility for scanning public unauthinticated kubernetes clusters and run commands inside containers Read more https://github.com/averonesis/kubolt

In this article you'll break the cluster, delete certificates and rejoin the nodes without causing any downtime. More: https://itnext.io/breaking-down-and-fixing-kubernetes-4df2f22f87c3

In this guide, we are going to demonstrate what OPA Gatekeeper and Kyverno are, what are the differences between them and how we can set up and use them in the Kubernetes cluster by doing hands-on demo Read on: https://github.com/developer-guy/policy-as-code-war

Analysing Kubernetes audit logs using Falco Read on: https://github.com/developer-guy/falco-analyze-audit-log-from-k3s-cluster

NetworkPolicy Editor: Create, Visualize, and Share Kubernetes NetworkPolicies More: https://editor.cilium.io/

The right way to authenticate to your clusters from your CI/CD pipelines More: https://tremolosecurity.com/post/pipelines-and-kubernetes-authentication

secrets-manager reads the secrets from Vault and compares them to Kubernetes secrets creating and updating them as needed More https://github.com/tuenti/secrets-manager

Kubernetes External Secrets allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes. Read on: https://github.com/external-secrets/kubernetes-external-secrets

Suspicious pods is a very simple tool, which does a very simple task: print a list of pods in your Kubernetes cluster that might not be working correctly, along with a reason on why that pod is considered suspicious Read more: https://github.com/edrevo/suspicious-pods

Azure Key Vault to Kubernetes (akv2k8s for short) makes it simple and secure to use Azure Key Vault secrets, keys and certificates in Kubernetes → https://github.com/SparebankenVest/azure-key-vault-to-kubernetes

helm-sudo plugin is a helm plugin that uses impersonating to execute helm-commands on clusters within the admin context. More https://github.com/cloudogu/helm-sudo

Privileged Docker containers—do you really need them? → https://snyk.io/blog/privileged-docker-containers