mirror of
https://github.com/nubenetes/awesome-kubernetes.git
synced 2026-05-22 09:03:23 +00:00
34 KiB
34 KiB
Kubernetes Security
!!! info "Architectural Context" Detailed reference for Kubernetes Security in the context of Hardened Infrastructure.
Table of Contents
- containerjournal.com: How to Secure Your Kubernetes Cluster 🌟 [COMMUNITY-TOOL]
- tldrsec.com: Risk8s Business: Risk Analysis of Kubernetes Clusters 🌟 [COMMUNITY-TOOL]
- labs.bishopfox.com: Bad Pods: Kubernetes Pod Privilege Escalation 🌟 [COMMUNITY-TOOL]
- sysdig.com: Getting started with Kubernetes audit logs and Falco 🌟 [COMMUNITY-TOOL]
- cyberark.com: Attacking Kubernetes Clusters Through Your Network Plumbing: Part 1 [COMMUNITY-TOOL]
- cloud.redhat.com: Top Open Source Kubernetes Security Tools of 2021 🌟🌟 [COMMUNITY-TOOL]
- kubernetes.io: Overview of Cloud Native Security 🌟🌟 [COMMUNITY-TOOL]
- learn.hashicorp.com: Integrate a Kubernetes Cluster with an External Vault 🌟 [COMMUNITY-TOOL]
- talkingquickly.co.uk: Kubernetes Single Sign On - A detailed guide 🌟 [COMMUNITY-TOOL]
- infoworld.com: The race to secure Kubernetes at run time [COMMUNITY-TOOL]
- infoworld.com: Securing the Kubernetes software supply chain with Microsoft's Ratify [COMMUNITY-TOOL]
- infoworld.com: 10 steps to automating security in Kubernetes pipelines [COMMUNITY-TOOL]
- sysdig.com: How attackers use exposed Prometheus server to exploit Kubernetes clusters | Miguel Hernández [COMMUNITY-TOOL]
- copado.com: Applying a Zero Trust Infrastructure in Kubernetes [COMMUNITY-TOOL]
- blog.flant.com: Kubernetes cluster security assessment with kube-bench and kube-hunter [COMMUNITY-TOOL]
- sysdig.com: OWASP Kubernetes Top 10 🌟 [COMMUNITY-TOOL]
- blog.cyble.com: Exposed Kubernetes Clusters [COMMUNITY-TOOL]
- ibm.com: CIS Benchmarks [COMMUNITY-TOOL]
- Four Methods to Access Azure Key Vault from Azure Kubernetes Service (AKS) [COMMUNITY-TOOL]
- learnk8s.io/authentication-kubernetes: User and workload identities in Kubernetes 🌟🌟🌟 [COMMUNITY-TOOL]
- linkerd.io: Using Kubernetes's new Bound Service Account Tokens for secure workload identity [COMMUNITY-TOOL]
- "Kubernetes base64 encodes secrets because that makes arbitrary data play nice with JSON. It had nothing to do with the security model (or lack thereof). It did not occur to us at the time that people could mistake base64 for some form of encryption" [COMMUNITY-TOOL]
- millionvisit.blogspot.com: Kubernetes for Developers #19: Manage app credentials using Kubernetes Secrets 🌟 [COMMUNITY-TOOL]
- cloud.redhat.com: A Guide to Secrets Management with GitOps and Kubernetes 🌟 [COMMUNITY-TOOL]
- rejupillai.com: Let’s Encrypt the Web (for free) [COMMUNITY-TOOL]
- getbetterdevops.io: How to Secure K8S Nginx Ingress With Let’s Encrypt and Cert Manager [COMMUNITY-TOOL]
- github.com/cert-manager: Policy Approver [COMMUNITY-TOOL]
- loft.sh: Kubernetes RBAC: Basics and Advanced Patterns [COMMUNITY-TOOL]
- learnk8s.io: Limiting access to Kubernetes resources with RBAC 🌟🌟🌟 [COMMUNITY-TOOL]
- loft.sh: Kubernetes and LDAP: Enterprise Authentication for Kubernetes [COMMUNITY-TOOL]
- Kubernetes Security 101: Risks and 29 Best Practices 🌟 [COMMUNITY-TOOL]
- semaphoreci.com: Secure Your Kubernetes Deployments [COMMUNITY-TOOL]
- engineering.dynatrace.com: Kubernetes Security Best Practices -Part 1: Role Based Access Control (RBAC) [COMMUNITY-TOOL]
- learnk8s.io: Authentication between microservices using Kubernetes identities 🌟 [COMMUNITY-TOOL]
- gravitational.com: How to Set Up Kubernetes SSO with SAML [COMMUNITY-TOOL]
- Implementing a custom Kubernetes authentication method [COMMUNITY-TOOL]
- Pod Security Policy (SCC in OpenShift) 🌟 [COMMUNITY-TOOL]
- rancher.com: Enhancing Kubernetes Security with Pod Security Policies, Part 1 [COMMUNITY-TOOL]
- Calico in EKS [COMMUNITY-TOOL]
- cilium.io [COMMUNITY-TOOL]
- Kubernetes Security Best Practices 🌟 [COMMUNITY-TOOL]
- jeffgeerling.com: Everyone might be a cluster-admin in your Kubernetes cluster [COMMUNITY-TOOL]
- Microsoft.com: Attack matrix for Kubernetes 🌟 [COMMUNITY-TOOL]
- codeburst.io: 7 Kubernetes Security Best Practices You Must Follow [COMMUNITY-TOOL]
- thenewstack.io: Laying the Groundwork for Kubernetes Security, Across Workloads, Pods and Users [COMMUNITY-TOOL]
- horovits.wordpress.com: Kubernetes Security Best Practices [COMMUNITY-TOOL]
- kubernetes.io: Cloud native security for your clusters [COMMUNITY-TOOL]
- resources.whitesourcesoftware.com: Kubernetes Security Best Practices 🌟 [COMMUNITY-TOOL]
- thenewstack.io: Best Practices for Securely Setting up a Kubernetes Cluster [COMMUNITY-TOOL]
- thenewstack.io: A Security Comparison of Docker, CRI-O and Containerd 🌟 [COMMUNITY-TOOL]
- github.com/stackrox: Certified Kubernetes Security Specialist Study Guide 🌟 [COMMUNITY-TOOL]
- youtube: Kubernetes Security: Attacking and Defending K8s Clusters - by Magno Logan [COMMUNITY-TOOL]
- microsoft.com: Secure containerized environments with updated threat matrix for Kubernetes [COMMUNITY-TOOL]
- Kyverno 🌟 [COMMUNITY-TOOL]
- Tetragon (Cilium) [COMMUNITY-TOOL]
- kyverno.io: 56 sample policies 🌟 [COMMUNITY-TOOL]
- thenewstack.io: Defend the Core: Kubernetes Security at Every Layer [COMMUNITY-TOOL]
- Analyze Kubernetes Audit logs using Falco 🌟 [COMMUNITY-TOOL]
- helpnetsecurity.com: Kubestriker: A security auditing tool for Kubernetes clusters 🌟 [COMMUNITY-TOOL]
- Kubernetes Goat 🌟 [COMMUNITY-TOOL]
- itnext.io: How-To: Kubernetes Cluster Network Security 🌟 [COMMUNITY-TOOL]
- gist.github.com: How to protect your ~/.kube/ configuration [COMMUNITY-TOOL]
- snyk.io: 10 Kubernetes Security Context settings you should understand [COMMUNITY-TOOL]
- redhat.com: The State of Kubernetes Security [COMMUNITY-TOOL]
- fairwinds.com: Discover the Top 5 Kubernetes Security Mistakes You're (Probably) Making [COMMUNITY-TOOL]
- tigera.io: Kubernetes security policy design: 10 critical best practices 🌟 [COMMUNITY-TOOL]
- empresas.blogthinkbig.com: Descubierta una vulnerabilidad en Kubernetes que permite acceso a redes restringidas (CVE-2020-8562) [COMMUNITY-TOOL]
- thenewstack.io: Kubernetes: An Examination of Major Attacks 🌟 [COMMUNITY-TOOL]
- redhat.com: State of Kubernetes Security Report - Spring 2021 (PDF) 🌟 [COMMUNITY-TOOL]
- armosec.io: Kubernetes Security Compliance Frameworks 🌟 [COMMUNITY-TOOL]
- thenewstack.io: How to Secure Kubernetes, the OS of the Cloud [COMMUNITY-TOOL]
- goteleport.com: Kubernetes API Access Security Hardening [COMMUNITY-TOOL]
- blog.gitguardian.com: Hardening Your Kubernetes Cluster - Guidelines (Pt. 2) 🌟 [COMMUNITY-TOOL]
- blog.gitguardian.com: Kubernetes Hardening Tutorial Part 1: Pods [COMMUNITY-TOOL]
- blog.gitguardian.com: Kubernetes Hardening Tutorial Part 2: Network [COMMUNITY-TOOL]
- isovalent.com: Detecting a Container Escape with Cilium and eBPF [COMMUNITY-TOOL]
- mattermost.com: The Top 7 Open Source Tools for Securing Your Kubernetes Cluster [COMMUNITY-TOOL]
- developers.redhat.com: Secure your Kubernetes deployments with eBPF [COMMUNITY-TOOL]
- xenitab.github.io: Kubernetes Ephemeral Container Security 🌟 [COMMUNITY-TOOL]
- armosec.io: How to Secure Deployments in Kubernetes? 🌟 [COMMUNITY-TOOL]
- cast.ai: Kubernetes Security: 10 Best Practices from the Industry and Community 🌟 [COMMUNITY-TOOL]
- thenewstack.io: Basic Principles Key to Securing Kubernetes’ Future [COMMUNITY-TOOL]
- dev.to/pavanbelagatti: Kubernetes Security Best Practices For Developers [COMMUNITY-TOOL]
- itnext.io: Journey Of A Microservice Application In The Kubernetes World 🌟 [COMMUNITY-TOOL]
- tutorialboy24.blogspot.com: A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2) 🌟 [COMMUNITY-TOOL]
- itnext.io: Performing Security Checks for Deployed Kubernetes Manifests [COMMUNITY-TOOL]
- securitycafe.ro: A COMPLETE KUBERNETES CONFIG REVIEW METHODOLOGY [COMMUNITY-TOOL]
- itnext.io: Introduction to Kubernetes Security for Security Professionals [COMMUNITY-TOOL]
- dev.to/mattiasfjellstrom: Kubernetes-101: Security concepts [COMMUNITY-TOOL]
- blog.alexellis.io: What if your Pods need to trust self-signed certificates? [COMMUNITY-TOOL]
- thenewstack.io: Securing Kubernetes in a Cloud Native World [COMMUNITY-TOOL]
- collabnix.com: Applying DevSecOps Practices to Kubernetes [COMMUNITY-TOOL]
- dev.to/thenjdevopsguy: Securing Kubernetes Pods For Production Workloads [COMMUNITY-TOOL]
- dev.to/thenjdevopsguy: The 4 C’s Of Kubernetes Security [COMMUNITY-TOOL]
- thenewstack.io: Cloud Native Identity and Access Management in Kubernetes [COMMUNITY-TOOL]
- curity.io: OAuth 2.0 Overview [COMMUNITY-TOOL]
- curity.io: OpenID Connect Overview [COMMUNITY-TOOL]
- curity.io: Client Security [COMMUNITY-TOOL]
- dev.to/gabrielbiasi: Automatic SSO in Kubernetes workloads using a sidecar container [COMMUNITY-TOOL]
- dev.to/aws-builders: Best Practices for Securing Kubernetes Deployments 🌟 [COMMUNITY-TOOL]
- thenewstack.io: Jetstack Secure Promises to Ease Kubernetes TLS Security [COMMUNITY-TOOL]
- GitHub Code Security Risk Assessment: Free Vulnerability Scanning [COMMUNITY-TOOL]
- raesene.github.io: Let's talk about Kubernetes on the Internet [COMMUNITY-TOOL]
- github.com/Shopify/kubeaudit 🌟🌟 [COMMUNITY-TOOL]
- kubernetes.io: Security Checklist 🌟🌟 [COMMUNITY-TOOL]
- itnext.io: Kubernetes OWASP Top 10: Centralised Policy Enforcement [COMMUNITY-TOOL]
- owasp.org: OWASP Kubernetes Top Ten [COMMUNITY-TOOL]
- itnext.io: Kubernetes OWASP Top 10: Secrets Management [COMMUNITY-TOOL]
- thenewstack.io: The NSA Can Help Secure Your Kubernetes Clusters [COMMUNITY-TOOL]
- therecord.media: NSA, CISA publish Kubernetes hardening guide 🌟🌟 [COMMUNITY-TOOL]
- kubescape [COMMUNITY-TOOL]
- infoq.com: Armo Releases Kubescape K8s Security Testing Tool: Q&A with VP Jonathan Kaftzan [COMMUNITY-TOOL]
- infoq.com [COMMUNITY-TOOL]
- thenewstack.io: NSA on How to Harden Kubernetes [COMMUNITY-TOOL]
- blog.gitguardian.com: Hardening Your Kubernetes Cluster - Threat Model (Pt. 1) 🌟🌟 [COMMUNITY-TOOL]
- blog.gitguardian.com: Kubernetes Hardening Tutorial Part 3: Authn, Authz, Logging & Auditing [COMMUNITY-TOOL]
- armosec.io: NSA & CISA Kubernetes Hardening Guide – what is new with version 1.1 [COMMUNITY-TOOL]
- rancher/cis-operator [COMMUNITY-TOOL]
- devopscube.com: How To Create Kubernetes Service Account For API Access [COMMUNITY-TOOL]
- github.com/dvob/k8s-s2s-auth: Kubernetes Service Accounts 🌟 [COMMUNITY-TOOL]
- mjarosie.github.io: IAM roles for Kubernetes service accounts - deep dive [COMMUNITY-TOOL]
- dev.to: Store your Kubernetes Secrets in Git thanks to Kubeseal. Hello SealedSecret! 🌟 [COMMUNITY-TOOL]
- itnext.io: Effective Secrets with Vault and Kubernetes [COMMUNITY-TOOL]
- kubernetes.io: Encrypting Secret Data at Rest 🌟 [COMMUNITY-TOOL]
- enterprisersproject.com: How to explain Kubernetes Secrets in plain English 🌟 [COMMUNITY-TOOL]
- kubermatic.com: Keeping the State of Apps Part 2: Introduction to Secrets [COMMUNITY-TOOL]
- macchaffee.com: Plain Kubernetes Secrets are fine 🌟 [COMMUNITY-TOOL]
- youtube: Manage Kubernetes Secrets With External Secrets Operator (ESO) 🌟 [COMMUNITY-TOOL]
- itnext.io: Vault cluster with auto unseal on Kubernetes [COMMUNITY-TOOL]
- piotrminkowski.com: Sealed Secrets on Kubernetes with ArgoCD and Terraform [COMMUNITY-TOOL]
- dev.to: A Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1) [COMMUNITY-TOOL]
- cert-manager.io 🌟 [COMMUNITY-TOOL]
- itnext.io: Upgrade Cert-Manager for Your Production Deployment Without Downtime [COMMUNITY-TOOL]
- dev.to: Kubernetes TLS, Demystified 🌟 [COMMUNITY-TOOL]
- gini/dexter [COMMUNITY-TOOL]
- geek-cookbook.funkypenguin.co.nz: Using OAuth2 proxy for Kubernetes Dashboard [COMMUNITY-TOOL]
- infracloud.io: How to setup Role based access (RBAC) to Kubernetes Cluster 🌟 [COMMUNITY-TOOL]
- Krane 🌟 [COMMUNITY-TOOL]
- rbac.dev 🌟🌟🌟 [COMMUNITY-TOOL]
- github.com/clvx/k8s-rbac-model: Kubernetes RBAC Model [COMMUNITY-TOOL]
- marcusnoble.co.uk: Restricting cluster-admin Permissions [COMMUNITY-TOOL]
- anaisurl.com: RBAC Explained with Examples 🌟 [COMMUNITY-TOOL]
- thenewstack.io: Securing Access to Kubernetes Environments with Zero Trust [COMMUNITY-TOOL]
- dev.to: Binding AWS IAM roles to Kubernetes Service Account for on-prem clusters | Daniele Polencic 🌟 [COMMUNITY-TOOL]
- dev.to: Configure RBAC in Kubernetes Like a Boss [COMMUNITY-TOOL]
- raesene.github.io: Auditing RBAC - Redux [COMMUNITY-TOOL]
- goteleport.com: A Simple Overview of Authentication Methods for Kubernetes Clusters [COMMUNITY-TOOL]
- youtube: Kubernetes RBAC Explained | Anton Putra 🌟 [COMMUNITY-TOOL]
- paralus.io 🌟 [COMMUNITY-TOOL]
- github.com/ondat/trousseau [COMMUNITY-TOOL]
- trstringer.com: Create a Basic Kubernetes Validating Webhook [COMMUNITY-TOOL]
- box/kube-exec-controller [COMMUNITY-TOOL]
- Building a DDoS Response Plan with Azure DDoS Protection [COMMUNITY-TOOL]
- thenewstack.io: 6 Kubernetes Security Best Practices 🌟 [COMMUNITY-TOOL]
- armosec.io: Kubernetes Security Best Practices: Definitive Guide [COMMUNITY-TOOL]
- blog.frankel.ch: Learning by auditing Kubernetes manifests [COMMUNITY-TOOL]
- spectrocloud.com: Kubernetes security best practices: 5 easy ways to cut risk [COMMUNITY-TOOL]
- From Zero to Hero with Identity and Access Control in Azure Kubernetes Service [COMMUNITY-TOOL]
- Configure Microsoft Entra for Increased Security [COMMUNITY-TOOL]
- kubernetes.io: Authenticating [COMMUNITY-TOOL]
- kubernetes.io: Access Clusters Using the Kubernetes API [COMMUNITY-TOOL]
- kubernetes.io: Accesing Clusters [COMMUNITY-TOOL]
- kubernetes login [COMMUNITY-TOOL]
- OpenID Connect [COMMUNITY-TOOL]
- developer.squareup.com: Kubernetes Pod Security Policies (PSP) [COMMUNITY-TOOL]
- itnext.io: Implementing a Secure-First Pod Security Policy Architecture [COMMUNITY-TOOL]
- Neon Mirrors: Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno [COMMUNITY-TOOL]
- kubernetes-sigs/security-profiles-operator [COMMUNITY-TOOL]
- kubernetes.io: What's new in Security Profiles Operator v0.4.0 [COMMUNITY-TOOL]
- Security Group Rules EKS [COMMUNITY-TOOL]
- EC2 ENI and IP Limit [COMMUNITY-TOOL]
- external-secrets.io 🌟 [COMMUNITY-TOOL]
- hackerone.com: Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces [COMMUNITY-TOOL]
- kubernetes.io: Official CVE Feed 🌟 [COMMUNITY-TOOL]
- kubernetes.io: Announcing the Auto-refreshing Official Kubernetes CVE Feed [COMMUNITY-TOOL]