ru
Feedback
Kubesploit

Kubesploit

Открыть в Telegram

News and links on Kubernetes security curated by the @Learnk8s team Website: https://kubesploit.io/

Больше
2 076
Подписчики
+124 часа
+97 дней
+1730 день
Архив постов
Repost from LearnKube news
In this article, you will learn the thought process, design decision and code that led to writing a custom controller to copy
In this article, you will learn the thought process, design decision and code that led to writing a custom controller to copy secrets from Hashicorp Vault to Kubernetes. More: https://medium.com/kts-digital-services-integrator/why-we-developed-own-kubernetes-controller-to-copy-secrets-e46368ae6db9

A researcher gained root access to the host and was able to execute commands on other pods in GCP. Mitigations include blocki
A researcher gained root access to the host and was able to execute commands on other pods in GCP. Mitigations include blocking network connections, removing unnecessary capabilities, and using a different IP address for the node. More: https://medium.com/@chenshiri/taking-over-google-cloud-shell-by-utilizing-capabilities-and-kubelet-fd5e2417f286

In this tutorial, you will learn how to use oauth2-proxy as a sidecar container to authorize requests to your Identity Provider of choice. More: https://dev.to/gabrielbiasi/automatic-sso-in-kubernetes-workloads-using-a-sidecar-container-3752

Securing Kubernetes with open-source tools has become increasingly prevalent. Read all you need to know about this shift in this detailed report. More: https://landing.armosec.io/state-of-kubernetes-open-source-security-2022

Repost from LearnKube news
This week on the Learn Kubernetes Weekly: 🚦 Service communication monitoring 🕵️‍♀️ The life of a DNS query 🗺 Network mappi
This week on the Learn Kubernetes Weekly: 🚦 Service communication monitoring 🕵️‍♀️ The life of a DNS query 🗺 Network mapping in Grafana ± Preview and diff Argo CD deployments ☁️ Istio multicluster deployment with Terraform Read it now: https://learnk8s.io/learn-kubernetes-weekly

Repost from LearnKube news
In this article, you will learn how to map all the pods in the cluster and correlate IP with workloads, facilitating the mana
In this article, you will learn how to map all the pods in the cluster and correlate IP with workloads, facilitating the management of cluster network status and speeding up debugging. More: https://betterprogramming.pub/improve-cluster-monitoring-with-network-mapping-in-grafana-fa8bb479fd47

Trivy is a comprehensive and versatile security scanner. What Trivy can scan: - Container Images. - Filesystem. - Git Repository (remote). - Virtual Machine Image. - Kubernetes. - AWS. More: https://github.com/aquasecurity/trivy

With Seccomp, you can restrict processes' calls from userspace into kernel space. In this article, you will learn how Kubernetes can automatically apply Seccomp profiles to Pods and containers. More: https://levelup.gitconnected.com/seccomp-secure-computing-mode-kubernetes-docker-97130516662c

Konstraint is a CLI tool to assist with the creation and management of templates and constraints when using Gatekeeper. More: https://github.com/plexsystems/konstraint

Repost from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design c
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next course is in June and you can sign up here: https://learnk8s.io/online-advanced-june-2023

This article has a few tips for hardening your GKE setup: 1. Network policies. 2. Custom service accounts. 3. Workload identities. 4. Pod Security admissions and admission controllers. 5. GKE sandbox. More: https://medium.com/@pbijjala/considerations-for-hardening-your-gke-a-workload-perceptive-943be26949d2

Repost from LearnKube news
This week on the Learn Kubernetes Weekly: 🙅‍♀️ Ingress controller in bash 🧐 Pods health checks mystery 8️⃣ Comparing 8 mana
This week on the Learn Kubernetes Weekly: 🙅‍♀️ Ingress controller in bash 🧐 Pods health checks mystery 8️⃣ Comparing 8 managed Kubernetes providers 🚦 Advancements in traffic engineering 🔗 The problem of state Read it now: https://learnk8s.io/learn-kubernetes-weekly

The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store, and mount them into Kubernetes pods. More: https://github.com/aws/secrets-store-csi-driver-provider-aws

open-appsec provides preemptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It can be deployed as an add-on to Kubernetes Ingress, NGINX, Envoy and API Gateways. More: https://github.com/openappsec/openappsec

authentik is an open-source Identity Provider focused on flexibility and versatility. More: https://github.com/goauthentik/authentik

This blog post describes an attempt to assess the security posture of Kubernetes clusters scattered across the internet, deta
This blog post describes an attempt to assess the security posture of Kubernetes clusters scattered across the internet, detailing our research methodology, findings and analysis. More: https://redhuntlabs.com/blog/unsecured-kubernetes-clusters-exposed.html

Repost from Kube Architect
In this article, you will learn how to manage secrets securely on Kubernetes in the GitOps approach using Sealed Secrets, ArgoCD, and Terraform. More: https://piotrminkowski.com/2022/12/14/sealed-secrets-on-kubernetes-with-argocd-and-terraform

In this tutorial, you will deploy a vulnerable app to SQL and XSS injections in Kubernetes and learn how to protect it using
In this tutorial, you will deploy a vulnerable app to SQL and XSS injections in Kubernetes and learn how to protect it using Pipy and sidecar containers. More: https://dev.to/flomesh/pipy-protecting-kubernetes-apps-from-sql-injection-xss-attacks-dol

This post discusses using SSO authentication and authorization to secure apps in Kubernetes. The tutorial uses Dex and Traefik Forward Auth (or Oauth2-Proxy) to add additional security to ingresses or apps that do not support built-in OIDC. More: https://allanjohn909.medium.com/sso-authentication-for-applications-in-kubernetes-aedc3c189d89

In this article, you will learn how to prevent a Denial-of-Service (DoS) attack in Kubernetes, and how to use cloud-native tools such as Calico and Falco to detect it. More: https://sysdig.com/blog/denial-of-service-kubernetes-calico-falco