Author: rodrigtech
-
KubeArmor Explored
KubeArmor is a cloud-native runtime security enforcement system that works with restricting behavior (this resides with execution, file access, and network operations) of pods, containers, and nodes (VM’s) at the system level. The way this tool works is by using Linux Security Modules which to no surprise are enamored in the Certified Kubernetes Security Specialist…
-
AKS Isitio Bring Your Own Certificate
Azure Kubernetes Service added the Istio-add-on to provide native function to the user without having to install an additional helm chart while this is managed by Microsoft a request for some of the areas from customers encompass areas that have more control over data protections. Natively the use of self-signed root certificates are generated and…
-
Azure ML on AKS with Trusted Access
Trusted Access which is in preview provides secure access to the Kubernetes API Server while granting services that are needed for operations without requiring a traditional (private-endpoint). This feature uses the system0assigned managed identity as a authentication mechanism as intermediary to access your AKS clusters. As always in any feature that is rolled out prior…
-
Navigating Federal Information Processing Standards in Azure Kubernetes Service
Organizations that operate in highly sensitive data domains have to often validate the use of FIPS(Federal Information Processing Standards) Level 2 compliant concerns throughout adoption of multiple technologies. This blog is intended to show the use of Azure Kubernetes Service FIPS Enablement along with the brief understanding of FIPS and uses. FIPS Levels are represented…
-
Lula Compliance Validator
Project Lula is a tool written in Go by Defense Unicorns a organization that works in the cloud native space supporting the public sector that is to assist with auditing configuration to provide context if a expected input is not compliant at the command line you aware of it. Along with the findings will details…
-
Otterize Intent Based Access Control in Kubernetes
Introduction Otterize is a organization that provides open-source CLI tool and a cloud-managed platform for managing kubernetes policies in a client-centric manner. In a nutshell, instead of mapping network policies depending on the CNI that you’re utilizing either Cilium, Calico, or Flannel this will alter the normal syntax you can put Intent-based for the workloads…
-
Capsule – Multi-tenant in Kubernetes
Introduction Multi-tenancy in Kubernetes refers to the ability to isolate and manage multiple user groups or ‘tenants’ within a single Kubernetes cluster. This approach is essential for organizations that want to maximize resource utilization while maintaining isolation and security between different user groups. Typically this can be achieved by either logical isolation mapping namespaces as…
-
Tetragon Cloud Native Security
Cilium has become a prominent player in the Container Network Interface space and notably has been in acquisition of Cisco announced this week of Isovalent. It’s no surprise the leverage of eBPF for Runtime Enforcement and Security Observability also has enhanced visibility of the kernel system calls and activity that can deviate from known behavior,…
-
Kubernetes 1.29.0 Security Enhancements
Introduction Kubernetes 1.29.0 is now released this marks a significant milestone in the evolution of container orchestration, introducing robust security enhancements that cater to the ever-evolving demands of modern infrastructure management. This latest release encapsulates Kubernetes’ commitment to providing a secure, scalable, and highly efficient platform for deploying and managing containerized applications. With a focus…
-
Conftest and authoring custom checks in Policy as Code
Introduction In the rapidly evolving world of Infrastructure as Code (IaC), ensuring compliance and security is paramount. How can we use tools that agnostically enforce guard rails uninformedly? One way to do this without incurring extravagant costs is using Conftest a wrapper of OPA. In this latest blog I’m going to cover how Conftest seamlessly…