Kubesploit

kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication More: https://github.com/int128/kubelogin

Teleport is a certificate authority and access plane for SSH, Kubernetes, web applications, and databases More https://github.com/gravitational/teleport

RBAC Manager is designed to simplify authorization in Kubernetes. This is an operator that supports declarative configuration for RBAC with new custom resources Read on: https://github.com/FairwindsOps/rbac-manager

Kubernetes External Secrets allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes 👉 https://github.com/external-secrets/kubernetes-external-secrets

This repository contains an implementation of a RBAC model for a multi project and multi tenant Kubernetes cluster → https://github.com/clvx/k8s-rbac-model

Amazon EKS Pod Identity Webhook is a webhook for mutating pods that will require AWS IAM access Read on: https://github.com/aws/amazon-eks-pod-identity-webhook

Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them 👉 https://github.com/appvia/krane

[PDF] Architecting Amazon EKS for PCI DSS Compliance 👉 https://d1.awsstatic.com/whitepapers/architecting-amazon-eks-for-pci-dss-compliance.pdf

Learn how to use x509 certificates to authenticate users in your cluster Read on https://cloudhero.io/creating-users-for-your-kubernetes-cluster

Helm-scanner is a tool designed to automate discovering, templating, security scanning, then recording and providing easy access to the results for publicly available Helm charts Read on https://github.com/bridgecrewio/helm-scanner/

The Top 5 Kubernetes Admission Control Policies: - Trusted Repo - Label Safety - Privileged Mode - Ingress - Egress More: https://blog.styra.com/blog/open-policy-agent-the-top-5-kubernetes-admission-control-policies

The right way to authenticate to your clusters from your CI/CD pipelines Read more: https://tremolosecurity.com/post/pipelines-and-kubernetes-authentication

Learn how to use the nginx-ingress controller to restrict access by IP (ip whitelisting) for a service deployed to a Kubernetes (AKS) cluster More: https://medium.com/@maninder.bindra/using-nginx-ingress-controller-to-restrict-access-by-ip-ip-whitelisting-for-a-service-deployed-to-bd5c86dc66d6

Reverse Engineering a Docker Image More: https://theartofmachinery.com/2021/03/18/reverse_engineering_a_docker_image.html

The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container engines pull an injected image from a registry. → https://sysdig.com/blog/cve-2021-20291-cri-o-podman

10 Kubernetes Security Context settings you should understand Read more https://snyk.io/blog/10-kubernetes-security-context-settings-you-should-understand

A detailed guide to help you to ensure that only signed images can get deployed on the cluster (with OPA and Notary) Read on https://siegert-maximilian.medium.com/ensure-content-trust-on-kubernetes-using-notary-and-open-policy-agent-485ab3a9423c

The worst so-called “best practice” for Docker Read on: https://pythonspeed.com/articles/security-updates-in-docker

KubeEye is an open-source diagnostic tool for identifying various Kubernetes cluster issues automatically, such as misconfigurations, unhealthy components and node failures Read more https://github.com/kubesphere/kubeeye

Learn how to set up K0s in air-gapped environment More: https://itnext.io/k0s-cluster-without-internet-access-ac0dda08aa63?source=friends_link