From 09941f04b70eb379976491cfa5928c7bc4174dbc Mon Sep 17 00:00:00 2001 From: Inaki Fernandez Date: Mon, 22 Nov 2021 15:53:09 +0100 Subject: [PATCH] Nov 22nd --- docs/devsecops.md | 6 ++++-- docs/helm.md | 2 -- docs/kubernetes-security.md | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/devsecops.md b/docs/devsecops.md index e5fd642d..47c4de63 100644 --- a/docs/devsecops.md +++ b/docs/devsecops.md @@ -44,7 +44,7 @@ - [Kubernetes Network Policies](#kubernetes-network-policies) - [Static Analysis SAST](#static-analysis-sast) - [Kubernetes Security Tools](#kubernetes-security-tools) -- [Helm Charts Security](#helm-charts-security) +- [Helm Charts Security. Helm Secrets](#helm-charts-security-helm-secrets) - [Password Recovery](#password-recovery) - [Attacks on Kubernetes via Misconfigured Argo Workflows](#attacks-on-kubernetes-via-misconfigured-argo-workflows) - [Books](#books) @@ -398,8 +398,10 @@ - [fluentbit.io](https://fluentbit.io) Fluent Bit is an open source Log Processor and Forwarder which allows you to collect any data like metrics and logs from different sources, enrich them with filters and send them to multiple destinations. It's the preferred choice for containerized environments like Kubernetes. - [falco.org: Detect Malicious Behaviour on Kubernetes API Server through gathering Audit Logs by using FluentBit - Part 2](https://falco.org/blog/detect-malicious-behaviour-on-kubernetes-api-server-through-gathering-audit-logs-by-using-fluentbit-part-2/) -## Helm Charts Security +## Helm Charts Security. Helm Secrets - [medium: Who’s at the Helm?](https://dlorenc.medium.com/whos-at-the-helm-1101c37bf0f1) Or, how to deploy 25+ CVEs to prod in one command! +* [itnext.io: Helm 3 β€” Secrets management, an alternative approach 🌟](https://itnext.io/helm-3-secrets-management-4f23041f05c3) +* [==itnext.io: Manage Auto-generated Secrets In Your Helm Charts== 🌟](https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918) ## Password Recovery - [hashcat](https://hashcat.net/hashcat/) diff --git a/docs/helm.md b/docs/helm.md index 85b6e5f1..200c7383 100644 --- a/docs/helm.md +++ b/docs/helm.md @@ -59,7 +59,6 @@ * [bridgecrew.io: Part 2: Top trends from analyzing the security posture of open-source Helm charts](https://bridgecrew.io/blog/open-source-helm-security-research-part-2/) * [bridgecrew.io: Part 3: Top trends from analyzing the security posture of open-source Helm charts](https://bridgecrew.io/blog/open-source-helm-security-research-part-3/) * [redhat.com: Red Hat OpenShift Certification extends support for Kubernetes-native technologies with Helm 🌟](https://www.redhat.com/en/blog/red-hat-openshift-certification-extends-support-kubernetes-native-technologies-helm) **Helm or Operators: how to choose** -* [itnext.io: Helm 3 β€” Secrets management, an alternative approach 🌟](https://itnext.io/helm-3-secrets-management-4f23041f05c3) * [jasiek-petryk.medium.com: Setting up a private Helm chart repository on GitHub](https://jasiek-petryk.medium.com/setting-up-a-private-helm-chart-repository-on-github-4a767703cec8) * [betterprogramming.pub: How To Continuously Test and Deploy Your Helm Charts on Kubernetes Clusters Using Kind](https://betterprogramming.pub/how-to-continuously-test-and-deploy-your-helm-charts-on-kubernetes-clusters-using-kind-d71e3585d2dc) Set up your CI/CD tools to easily test and publish charts on ephemeral Kubernetes clusters * [blog.flant.com: Making the most out of Helm templates 🌟](https://blog.flant.com/advanced-helm-templating/) The standard Helm library and traditional approaches to creating Helm charts are generally okay to automate non-complex tasks. But the growing complexity and number of Helm charts rapidly make the minimalistic Helm templates and controversial standard Helm library insufficient. In this article, we will show you how to make your Helm templates much more flexible and dynamic by implementing your own Helm β€œfunctions” and exploiting the capabilities of the tpl function. @@ -75,7 +74,6 @@ * [codersociety.com: 13 Best Practices for using Helm](https://codersociety.com/blog/articles/helm-best-practices) Helm is an indispensable tool for deploying applications to Kubernetes clusters. But it is only by following best practices that you’ll truly reap the benefits of Helm. Here are 13 best practices to help you create, operate, and upgrade applications using Helm. * [bridgecrew.io: Applying Kubernetes security best practices to Helm charts](https://bridgecrew.io/blog/applying-kubernetes-security-best-practices-to-helm-charts/) * [dzone.com: Deploy a Java application using Helm, Part 1 (OpenShift) 🌟](https://dzone.com/articles/deploy-a-java-application-using-helm-part-1) -* [==itnext.io: Manage Auto-generated Secrets In Your Helm Charts== 🌟](https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918) ## Helm Plugins * [Helm Diff Plugin 🌟](https://github.com/databus23/helm-diff) A helm plugin that shows a diff explaining what a helm upgrade would change diff --git a/docs/kubernetes-security.md b/docs/kubernetes-security.md index 00008eef..7a79e193 100644 --- a/docs/kubernetes-security.md +++ b/docs/kubernetes-security.md @@ -151,6 +151,7 @@ ## Admission Control - [blog.styra.com: Why RBAC is not enough for kubernetes security 🌟🌟](https://blog.styra.com/blog/why-rbac-is-not-enough-for-kubernetes-api-security) - [medium: Single Sign-On in Kubernetes 🌟](https://medium.com/@andriisumko/single-sign-on-in-kubernetes-1ad9528350ed) +- [trstringer.com: Create a Basic Kubernetes Validating Webhook](https://trstringer.com/kubernetes-validating-webhook/) ## Security Best Practices Across Build, Deploy, and Runtime Phases - [Kubernetes Security 101: Risks and 29 Best Practices 🌟](https://www.stackrox.com/post/2020/05/kubernetes-security-101/)