Author: rodrigtech
-
Static Analysis and Integrating this in DevSecOps strategy
Static analysis of user workloads, such as Kubernetes resources and Dockerfiles, is a key aspect of DevSecOps. By analyzing these resources before they are deployed, organizations can identify potential security vulnerabilities and issues that could compromise the integrity of their systems. One way to perform static analysis is through the use of static analysis tools.…
-
Azure Kubernetes Fleet Manager (First Look)
Azure Kubernetes Fleet Manager is a product that makes it easier to manage and scale a fleet of Azure Kubernetes Service (AKS) clusters. It allows users to deploy and manage multiple AKS clusters across various environments and regions, all from a single pane of glass. This simplifies the process of managing and maintaining large-scale container-based…
-
OPA in Kubernetes and Policies Playground
Open Policy Agent is a project that uses rego files to enforce policies on your kubernetes cluster while v1.26 is starting to roll out some features in beta that are more native to kubernetes. You have many pluggable options to use such as gate-keeper/kyverno are most notable in this space again this will serve as…
-
Kubescape (KSPM) Open Source
Kubernetes Security Posture Management shouldn’t be thought of as your CSPM but is typically a part of the scoring system depending on what type of security solutions you have in place. Kubernetes Security Posture Management focus on your clusters deployed either in a on-prem scenario or cloud along with management of the nodes and containerized…
-
CKS Verifying platform binaries/K8s Security
Today I felt like we should take a more tailored approach to some security features in general that also tie into kubernetes security specialist exam. Verifying platform binaries So for today I wanted to take a dive into the tool Kube-Score this will be running on my local microk8s cluster and I had to actually…
-
Container Runtimes
Container runtimes what are they and what are the risk of choosing them on our nodes we want our workloads to run? How are we able to have choices that can still run in a desired format? For starters it’s likely you’ll explore this concept if your going under the surface of what runs in…
-
Certified Kubernetes Administrator Tips and Tricks
Certified Kubernetes Administrator is the premier certification in my opinion if your in DevOps its likely you’ll come across this technology and cross the linux foundation in your OSS studies. Given that this exam was a pain in the rear so to speak taking multiple times I felt like I could at least write a…
-
Deciphering Network Policies in K8s
It’s no secret the pluggable nature of Kubernetes unlocks limitless potential for instance, the Container Network Interface is changeable and depends on the CSP you’re running this if its PaaS. What does all that mean? Essentially if your needs can’t be met with out of the box kubenet (traditional) you’ll like start shopping around of…
-
Kubesec by Control Plane for Kubernetes Static Analysis
Kubesec is a tool that is used to scan your static workloads to give you improvements that can be made to harden your existing workloads and make you aware of the findings are one step in increasing your security posture. So for this example we will be consuming this resource through the HTTPS method had…
-
Container Scanning with Trivvy
Containers are a portable lightweight way to package your application with the underlying OS being a tiny image, but like anything with new innovation is also a external attack surface. Using documentation from docker as reference in a Dockerfile listed below with annotations So how do we look at containers for security? Container image scanning…