mirror of
https://github.com/nubenetes/awesome-kubernetes.git
synced 2026-05-26 02:55:26 +00:00
19 KiB
19 KiB
Security Policy as Code
!!! info "Architectural Context" Detailed reference for Security Policy as Code in the context of Hardened Infrastructure.
Standard Reference
- searchitoperations.techtarget.com: Kubernetes policy project takes enterprise IT by storm [COMMUNITY-TOOL]
- fugue.co: 5 tips for using the Rego language for Open Policy Agent (OPA) [COMMUNITY-TOOL]
- blog.openshift.com: Fine-Grained Policy Enforcement in OpenShift with Open Policy Agent 🌟 [COMMUNITY-TOOL]
- compile OpenPolicyAgent policies into WebAssembly and run them on the edge ⭐ 345 [COMMUNITY-TOOL]
- Fugue: Container and Kubernetes. Runtime infrastructure security [COMMUNITY-TOOL]
- searchitoperations.techtarget.com: CNCF policy-as-code project bridges Kubernetes security gaps [COMMUNITY-TOOL]
- cloud.redhat.com: Automate Your Security Practices and Policies on OpenShift With Kyverno 🌟 [COMMUNITY-TOOL]
- youtube: The Rise of Kubernetes Policy Engine | Ep 57 [COMMUNITY-TOOL]
- appsecengineer.com: Kubernetes Policy Management with Kyverno [COMMUNITY-TOOL]
- Apolicy [COMMUNITY-TOOL]
- sysdig.com: Sysdig and Apolicy join forces to help customers secure Infrastructure As Code and automate remediation [COMMUNITY-TOOL]
- IBM Vault 2.0 UI Enhancements and Reporting Improvements [COMMUNITY-TOOL]
- Web-Check [COMMUNITY-TOOL]
- IBM IAM for AI Agents [COMMUNITY-TOOL]
- MagTape ⭐ 152 [COMMUNITY-TOOL]
- Azure Network Security Perimeter Concepts [COMMUNITY-TOOL]
- Docker Hardened Images for Every Developer [COMMUNITY-TOOL]
- amazon.com: Policy-based countermeasures for Kubernetes – Part 1 [COMMUNITY-TOOL]
- medium: Automate policies enforcement with Policy-as-Code 🌟 [COMMUNITY-TOOL]
- blog.gitguardian.com: What is Policy-as-Code? An Introduction to Open Policy' Agent [COMMUNITY-TOOL]
- OPA Open Policy Agent 🌟 [COMMUNITY-TOOL]
- magalix.com: Integrating Open Policy Agent (OPA) With Kubernetes 🌟 [COMMUNITY-TOOL]
- PolicyHub CLI, a CLI tool that makes Rego policies searchable 🌟 [COMMUNITY-TOOL]
- blog.styra.com: Integrating Identity: OAUTH2 and OPENID CONNECT in Open' Policy Agent [COMMUNITY-TOOL]
- blog.styra.com: Rego Unit Testing [COMMUNITY-TOOL]
- github.com/instrumenta/policies: A set of shared policies for use with Conftest' and other Open Policy Agent tools ⭐ 66 [COMMUNITY-TOOL]
- blog.styra.com: Dynamic Policy Composition for OPA [COMMUNITY-TOOL]
- blog.styra.com: 5 OPA Deployment Performance Models for Microservices [COMMUNITY-TOOL]
- blog.styra.com: Open Policy Agent: The Top 5 Kubernetes Admission Control' Policies [COMMUNITY-TOOL]
- thenewstack.io: Getting Open Policy Agent Up and Running [COMMUNITY-TOOL]
- siegert-maximilian.medium.com: Ensure Content Trust on Kubernetes using' Notary and Open Policy Agent [COMMUNITY-TOOL]
- blog.styra.com: Policy-based infrastructure guardrails with Terraform and' OPA 🌟 [COMMUNITY-TOOL]
- medium: Automated Manifest File Validation Using Open Policy Agent and GitHub' Actions | Ravindu Sandeepa Rathugama [COMMUNITY-TOOL]
- thenewstack.io: Weaveworks Adds Policy as Code to Secure Kubernetes Apps' (Magalix) [COMMUNITY-TOOL]
- dev.to: Load external data into OPA: The Good, The Bad, and The Ugly [COMMUNITY-TOOL]
- inspektor.cloud: Evaluating open policy agent in rust using wasm [COMMUNITY-TOOL]
- medium.com/4th-coffee: What is Policy-as-Code? An Introduction to Open Policy' Agent [COMMUNITY-TOOL]
- banzaicloud.com: Istio and Kubernetes ft. OPA policies [COMMUNITY-TOOL]
- medium: Ensure Content Trust on Kubernetes using Notary and Open Policy' Agent [COMMUNITY-TOOL]
- kubermatic.com: Using Open Policy Agent With Kubermatic Kubernetes Platform [COMMUNITY-TOOL]
- k8s-security-policies ⭐ 177 [COMMUNITY-TOOL]
- medium: Deploying Open Policy Agent (OPA) on a GKE cluster — Step by Step [COMMUNITY-TOOL]
- blog.styra.com: Using OPA with GitOps to speed Cloud-Native development [COMMUNITY-TOOL]
- medium.com/gitguardian: What is Policy-as-Code? An Introduction to Open' Policy Agent [COMMUNITY-TOOL]
- hashicorp.com: Securing Infrastructure In Application Pipelines [COMMUNITY-TOOL]
- thenewstack.io: Yor Automates Tagging for Infrastructure as Code [COMMUNITY-TOOL]
- yor.io [COMMUNITY-TOOL]
- checkov.io [COMMUNITY-TOOL]
- aws.amazon.com: Policy-based countermeasures for Kubernetes – Part 1 [COMMUNITY-TOOL]
- Selefra: Selefra is an open-source policy-as-code software that provides' analytics for multi-cloud and SaaS. ⭐ 545 [COMMUNITY-TOOL]
- venturebeat.com: How Nirmata plans to ‘conquer Kubernetes complexity’ with' open source Kyverno [COMMUNITY-TOOL]
- neonmirrors.net: Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno' 🌟 [COMMUNITY-TOOL]
- dev.to: Using Kyverno To Enforce EKS Best Practices [COMMUNITY-TOOL]
- kyverno.io: Mutating Resources [COMMUNITY-TOOL]
- squadcast.com: Kyverno - Policy Management in Kubernetes 🌟 [COMMUNITY-TOOL]
- neonmirrors.net: Exploring Kyverno: Part 3, Generation [COMMUNITY-TOOL]
- kyverno.io: Check deprecated APIs 🌟 [COMMUNITY-TOOL]
- kyverno.io: Generating resources into existing namespaces [COMMUNITY-TOOL]
- kyverno.io: Add Pod Proxies [COMMUNITY-TOOL]
- kyverno.io: Auto-Gen Rules for Pod Controllers [COMMUNITY-TOOL]
- kyverno.io: Require PodDisruptionBudget [COMMUNITY-TOOL]
- nirmata.com: Kubernetes Supply Chain Policy Management with Cosign and Kyverno [COMMUNITY-TOOL]
- neonmirrors.net: Exploring Kyverno: Introduction 🌟 [COMMUNITY-TOOL]
- nirmata.com: Introducing Kyverno 1.4.2: Trusted And More Efficient! [COMMUNITY-TOOL]
- Policy Reporter 🌟 ⭐ 368 [COMMUNITY-TOOL]
- sesin.at: Securing Kubernetes with Kyverno: How to Protect Your Users From' Themselves by Ritesh Patel [COMMUNITY-TOOL]
- movi.hashnode.dev: Simplify Kubernetes Cluster Management with Kyverno [COMMUNITY-TOOL]
- arun-sisodiya.medium.com: Kyverno — A Kubernetes native policy manager (Policy' as Code) [COMMUNITY-TOOL]
- dev.to: Default Kyverno Policies for OpenEBS [COMMUNITY-TOOL]
- kyverno.io: Restrict Image Registries [COMMUNITY-TOOL]
- dev.to: Using Kyverno Policies for Kubernetes Governance [COMMUNITY-TOOL]
- kyverno.io: Implementing your best practices is simple with kyverno [COMMUNITY-TOOL]
- medium.com/compass-true-north: Governing Multi-Tenant Kubernetes Clusters' with Kyverno [COMMUNITY-TOOL]
- medium.com/@haseebshaukat2: Kyverno — Policy Engine for Kubernetes | Muhammad' Haseeb Shaukat [COMMUNITY-TOOL]
- blog.sigstore.dev: How to verify container images with Kyverno using KMS,' Cosign, and Workload Identity [COMMUNITY-TOOL]
- medium.com/@glen.yu: Why I prefer Kyverno over Gatekeeper for native Kubernetes' policy management [COMMUNITY-TOOL]
- Cloud Custodian ⭐ 5988 [ENTERPRISE-STABLE]
Cloud Infrastructure
Kubernetes
Policy-as-Code
- Kyverno 🌟 [DE FACTO STANDARD] — A CNCF graduated Kubernetes-native policy engine.
- Allows policy definition as standard Kubernetes resources (YAML).
- Eliminates the need for complex DSLs like Rego.
- Simplifies admission control, generation, mutation, and validation of workloads.
- kyverno.io: 56 sample policies 🌟 [DOCUMENTATION] [ENTERPRISE-STABLE] — A rich library of ready-to-use Kyverno policy definitions. These templates address common cloud security standards (Pod Security Standards, multi-tenancy constraints, best practices, and resource optimization parameters) for instant cluster hardening.
Identity and Access Management
Cloud IAM
Microsoft Entra
- Configure Microsoft Entra for Increased Security [DOCUMENTATION] [ENTERPRISE-STABLE] — Official documentation outlines hardening parameters for Microsoft Entra ID. Features prescriptive blueprints for setting up conditional access, continuous access evaluation, Multi-Factor Authentication (MFA), and role-based identity management.
Public Cloud Platforms
AWS
EKS Security and Isolation
Policy Management
- aws.amazon.com: Easy as one-two-three policy management with Kyverno on' Amazon EKS 🌟 [ENTERPRISE-STABLE] [GUIDE] — Walkthrough detailing how to manage native policy rules on EKS clusters using Kyverno instead of raw Rego. Illustrates automated resource validation, generation, and mutation patterns to enforce corporate configuration compliance.
Security
DevSecOps
SAST
- GitHub Code Security Risk Assessment: Free Vulnerability Scanning [EN CONTENT] [COMMUNITY-TOOL] — An introduction to GitHub's native, free vulnerability scanning tools designed to locate security regressions, secrets, and supply chain threats directly within the code repository. It highlights automated security alerts and quick enablement configurations.
💡 Explore Related: Kubernetes Security | Devsecops | Kustomize