Category: Blog

Open Policy Agent is a project that uses rego files to enforce policies on your kubernetes cluster while v1.26 is starting to roll out some features in beta that are more native to kubernetes. You have many pluggable options to use such as gate-keeper/kyverno are most notable in this space again this will serve as…

Kubernetes Security Posture Management shouldn’t be thought of as your CSPM but is typically a part of the scoring system depending on what type of security solutions you have in place. Kubernetes Security Posture Management focus on your clusters deployed either in a on-prem scenario or cloud along with management of the nodes and containerized…

Today I felt like we should take a more tailored approach to some security features in general that also tie into kubernetes security specialist exam. Verifying platform binaries So for today I wanted to take a dive into the tool Kube-Score this will be running on my local microk8s cluster and I had to actually…

Container runtimes what are they and what are the risk of choosing them on our nodes we want our workloads to run? How are we able to have choices that can still run in a desired format? For starters it’s likely you’ll explore this concept if your going under the surface of what runs in…

Certified Kubernetes Administrator is the premier certification in my opinion if your in DevOps its likely you’ll come across this technology and cross the linux foundation in your OSS studies. Given that this exam was a pain in the rear so to speak taking multiple times I felt like I could at least write a…

It’s no secret the pluggable nature of Kubernetes unlocks limitless potential for instance, the Container Network Interface is changeable and depends on the CSP you’re running this if its PaaS. What does all that mean? Essentially if your needs can’t be met with out of the box kubenet (traditional) you’ll like start shopping around of…

Containers are a portable lightweight way to package your application with the underlying OS being a tiny image, but like anything with new innovation is also a external attack surface. Using documentation from docker as reference in a Dockerfile listed below with annotations So how do we look at containers for security? Container image scanning…

Many customers that I’ve been advising constantly are challenged with how much access should be restricted without disruption to business operations. Typically, when we’re approaching Zero-Trust a backbone of Azure is Azure AD that sits as the IdP. In this I’m going to show some features that I find many customers unaware of in Conditional…

From a graphical standpoint its easy to see the control plane as being multiple components the idea of microservices is splitting these services up to be infrastructure independent and for the most part it is important to understand this as you’re organization is considering moving to kubernetes. Multiple approaches to adoption can be determined by…