mirror of
https://github.com/nubenetes/awesome-kubernetes.git
synced 2026-07-12 09:51:00 +00:00
3233 lines
106 KiB
HTML
3233 lines
106 KiB
HTML
|
||
<!doctype html>
|
||
<html lang="en" class="no-js">
|
||
<head>
|
||
|
||
<meta charset="utf-8">
|
||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||
|
||
<meta name="description" content="Enterprise-grade curated portal for the modern Cloud Native ecosystem. High-density, AI-driven selection of top-tier resources.">
|
||
|
||
|
||
<meta name="author" content="Nubenetes">
|
||
|
||
|
||
<link rel="canonical" href="https://nubenetes.com/securityascode/">
|
||
|
||
|
||
<link rel="prev" href="../pulumi/">
|
||
|
||
|
||
<link rel="next" href="../terraform/">
|
||
|
||
|
||
|
||
|
||
|
||
<link rel="icon" href="../images/favicon-ultra.png">
|
||
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.6">
|
||
|
||
|
||
|
||
<title>Securityascode - Nubenetes V2 | The AI's Cut</title>
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../assets/stylesheets/main.484c7ddc.min.css">
|
||
|
||
|
||
<link rel="stylesheet" href="../assets/stylesheets/palette.ab4e12ef.min.css">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
||
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
|
||
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap">
|
||
|
||
<link rel="stylesheet" href="../static/extra.css">
|
||
|
||
<link rel="stylesheet" href="../static/v2_elite.css?v=2.3.44">
|
||
|
||
<script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
|
||
|
||
|
||
|
||
|
||
|
||
</head>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<body dir="ltr" data-md-color-scheme="slate" data-md-color-primary="custom" data-md-color-accent="custom">
|
||
|
||
|
||
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
|
||
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
|
||
<label class="md-overlay" for="__drawer"></label>
|
||
<div data-md-component="skip">
|
||
|
||
|
||
<a href="#security-policy-as-code" class="md-skip">
|
||
Skip to content
|
||
</a>
|
||
|
||
</div>
|
||
<div data-md-component="announce">
|
||
|
||
</div>
|
||
|
||
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
|
||
|
||
</div>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<header class="md-header md-header--shadow md-header--lifted" data-md-component="header">
|
||
<nav class="md-header__inner md-grid" aria-label="Header">
|
||
<a href=".." title="Nubenetes V2 | The AI's Cut" class="md-header__button md-logo" aria-label="Nubenetes V2 | The AI's Cut" data-md-component="logo">
|
||
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
|
||
|
||
</a>
|
||
<label class="md-header__button md-icon" for="__drawer">
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
|
||
</label>
|
||
<div class="md-header__title" data-md-component="header-title">
|
||
<div class="md-header__ellipsis">
|
||
<div class="md-header__topic">
|
||
<span class="md-ellipsis">
|
||
Nubenetes V2 | The AI's Cut
|
||
</span>
|
||
</div>
|
||
<div class="md-header__topic" data-md-component="header-topic">
|
||
<span class="md-ellipsis">
|
||
|
||
Securityascode
|
||
|
||
</span>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
|
||
|
||
<form class="md-header__option" data-md-component="palette">
|
||
|
||
|
||
|
||
|
||
<input class="md-option" data-md-color-media="" data-md-color-scheme="slate" data-md-color-primary="custom" data-md-color-accent="custom" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_0">
|
||
|
||
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_1" hidden>
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 1 3 5v6c0 5.55 3.84 10.74 9 12 5.16-1.26 9-6.45 9-12V5z"/></svg>
|
||
</label>
|
||
|
||
|
||
|
||
|
||
|
||
<input class="md-option" data-md-color-media="" data-md-color-scheme="default" data-md-color-primary="custom" data-md-color-accent="custom" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_1">
|
||
|
||
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_0" hidden>
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 11c0 5.55-3.84 10.74-9 12-5.16-1.26-9-6.45-9-12V5l9-4 9 4zm-9 10c3.75-1 7-5.46 7-9.78V6.3l-7-3.12L5 6.3v4.92C5 15.54 8.25 20 12 21m-3-6.67c1.76 2.17 5.13 2.24 6.97.07.23-.27.08-.68-.26-.74a4.5 4.5 0 0 1-3.18-2.2 4.5 4.5 0 0 1-.32-3.86.453.453 0 0 0-.51-.6c-3.34.62-4.89 4.61-2.7 7.33"/></svg>
|
||
</label>
|
||
|
||
|
||
</form>
|
||
|
||
|
||
|
||
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
|
||
|
||
|
||
|
||
|
||
|
||
<label class="md-header__button md-icon" for="__search">
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
|
||
</label>
|
||
<div class="md-search" data-md-component="search" role="dialog">
|
||
<label class="md-search__overlay" for="__search"></label>
|
||
<div class="md-search__inner" role="search">
|
||
<form class="md-search__form" name="search">
|
||
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
|
||
<label class="md-search__icon md-icon" for="__search">
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
|
||
</label>
|
||
<nav class="md-search__options" aria-label="Search">
|
||
|
||
<a href="javascript:void(0)" class="md-search__icon md-icon" title="Share" aria-label="Share" data-clipboard data-clipboard-text="" data-md-component="search-share" tabindex="-1">
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M18 16.08c-.76 0-1.44.3-1.96.77L8.91 12.7c.05-.23.09-.46.09-.7s-.04-.47-.09-.7l7.05-4.11c.54.5 1.25.81 2.04.81a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3c0 .24.04.47.09.7L8.04 9.81C7.5 9.31 6.79 9 6 9a3 3 0 0 0-3 3 3 3 0 0 0 3 3c.79 0 1.5-.31 2.04-.81l7.12 4.15c-.05.21-.08.43-.08.66 0 1.61 1.31 2.91 2.92 2.91s2.92-1.3 2.92-2.91A2.92 2.92 0 0 0 18 16.08"/></svg>
|
||
</a>
|
||
|
||
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
|
||
</button>
|
||
</nav>
|
||
|
||
<div class="md-search__suggest" data-md-component="search-suggest"></div>
|
||
|
||
</form>
|
||
<div class="md-search__output">
|
||
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
|
||
<div class="md-search-result" data-md-component="search-result">
|
||
<div class="md-search-result__meta">
|
||
Initializing search
|
||
</div>
|
||
<ol class="md-search-result__list" role="presentation"></ol>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
|
||
|
||
|
||
<div class="md-header__source">
|
||
<a href="https://github.com/nubenetes/awesome-kubernetes" title="Go to repository" class="md-source" data-md-component="source">
|
||
<div class="md-source__icon md-icon">
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
|
||
</div>
|
||
<div class="md-source__repository">
|
||
nubenetes/awesome-kubernetes
|
||
</div>
|
||
</a>
|
||
</div>
|
||
|
||
</nav>
|
||
|
||
|
||
|
||
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
|
||
<div class="md-grid">
|
||
<ul class="md-tabs__list">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="https://nubenetes.com/v1/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
🔙 Back to V1 (Exhaustive)
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href=".." class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
The 2026 Vision
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../tags/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Technical Tags
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../videos/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Agentic Video Hub
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../ai-agents-mcp/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
AI
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../about/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Architectural Foundations
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../chaos-engineering/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Platform & Site Reliability
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item md-tabs__item--active">
|
||
<a href="../ansible/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Hardened Infrastructure
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../GoogleCloudPlatform/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Cloud Providers (Hyperscalers)
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../caching/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Networking & Service Mesh
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../container-managers/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
The Container Stack
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../crunchydata/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Data & Advanced Analytics
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../argo/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Engineering Pipeline
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../ChromeDevTools/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Developer Ecosystem
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-tabs__item">
|
||
<a href="../appointment-scheduling/" class="md-tabs__link">
|
||
|
||
|
||
|
||
|
||
|
||
Career & Industry
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
</ul>
|
||
</div>
|
||
</nav>
|
||
|
||
|
||
</header>
|
||
|
||
<div class="md-container" data-md-component="container">
|
||
|
||
|
||
|
||
|
||
<main class="md-main" data-md-component="main">
|
||
<div class="md-main__inner md-grid">
|
||
|
||
|
||
|
||
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
|
||
<div class="md-sidebar__scrollwrap">
|
||
<div class="md-sidebar__inner">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<nav class="md-nav md-nav--primary md-nav--lifted md-nav--integrated" aria-label="Navigation" data-md-level="0">
|
||
<label class="md-nav__title" for="__drawer">
|
||
<a href=".." title="Nubenetes V2 | The AI's Cut" class="md-nav__button md-logo" aria-label="Nubenetes V2 | The AI's Cut" data-md-component="logo">
|
||
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
|
||
|
||
</a>
|
||
Nubenetes V2 | The AI's Cut
|
||
</label>
|
||
|
||
<div class="md-nav__source">
|
||
<a href="https://github.com/nubenetes/awesome-kubernetes" title="Go to repository" class="md-source" data-md-component="source">
|
||
<div class="md-source__icon md-icon">
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
|
||
</div>
|
||
<div class="md-source__repository">
|
||
nubenetes/awesome-kubernetes
|
||
</div>
|
||
</a>
|
||
</div>
|
||
|
||
<ul class="md-nav__list" data-md-scrollfix>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="https://nubenetes.com/v1/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
🔙 Back to V1 (Exhaustive)
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href=".." class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
The 2026 Vision
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../tags/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Technical Tags
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../videos/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Agentic Video Hub
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../ai-agents-mcp/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
AI
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../about/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Architectural Foundations
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../chaos-engineering/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Platform & Site Reliability
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
|
||
|
||
|
||
|
||
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" checked>
|
||
|
||
|
||
<label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Hardened Infrastructure
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
</label>
|
||
|
||
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="true">
|
||
<label class="md-nav__title" for="__nav_8">
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
|
||
Hardened Infrastructure
|
||
|
||
|
||
</label>
|
||
<ul class="md-nav__list" data-md-scrollfix>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../ansible/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Ansible
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../chef/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Chef
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../crossplane/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Crossplane
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../devsecops/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Devsecops
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../iac/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
IaC
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../kubernetes-security/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Kubernetes Security
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../kustomize/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Kustomize
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../liquibase/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Liquibase
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../oauth/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Oauth
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../pulumi/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Pulumi
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--active">
|
||
|
||
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
|
||
|
||
|
||
|
||
|
||
|
||
<label class="md-nav__link md-nav__link--active" for="__toc">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Securityascode
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
</label>
|
||
|
||
<a href="./" class="md-nav__link md-nav__link--active">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Securityascode
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<label class="md-nav__title" for="__toc">
|
||
<span class="md-nav__icon md-icon"></span>
|
||
Table of contents
|
||
</label>
|
||
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#table-of-contents" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Table of Contents
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#architectural-foundations" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Architectural Foundations
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Architectural Foundations">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#kubernetes-tools" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Kubernetes Tools
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Kubernetes Tools">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#general-reference" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
General Reference
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#cloud-native-security" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Cloud Native Security
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Cloud Native Security">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#infrastructure-security" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Infrastructure Security
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Infrastructure Security">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#iac-scanning" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
IaC Scanning
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#mergers-and-acquisitions" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Mergers and Acquisitions
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#runtime-analysis" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Runtime Analysis
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#policy-as-code" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Policy-as-Code
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Policy-as-Code">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#educational-video" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Educational Video
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#governance" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Governance
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#kyverno" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Kyverno
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#kyverno-training" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Kyverno Training
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#opa" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
OPA
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#opa-wasm" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
OPA Wasm
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#rego" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Rego
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#cloud-native-platforms" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Cloud-Native Platforms
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Cloud-Native Platforms">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#infrastructure-as-code" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Infrastructure-as-Code
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Infrastructure-as-Code">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#tagging-and-auditing" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Tagging and Auditing
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#kubernetes-reliability" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Kubernetes Reliability
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Kubernetes Reliability">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#high-availability" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
High Availability
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#kubernetes-security" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Kubernetes Security
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Kubernetes Security">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#eks" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
EKS
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#gitops" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
GitOps
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#governance-1" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Governance (1)
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#kyverno-1" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Kyverno (1)
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#kyverno-policies" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Kyverno Policies
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#kyverno-releases" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Kyverno Releases
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#policy-as-code-1" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Policy-as-Code (1)
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#upgrade-paths" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Upgrade Paths
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#kubernetes-storage" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Kubernetes Storage
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Kubernetes Storage">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#policy-as-code-2" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Policy-as-Code (2)
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#multi-cloud-governance" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Multi-Cloud Governance
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Multi-Cloud Governance">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#compliance-engine" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Compliance Engine
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#multi-cluster-management" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Multi-Cluster Management
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Multi-Cluster Management">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#policy-as-code-3" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Policy-as-Code (3)
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#security-and-compliance" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Security and Compliance
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Security and Compliance">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#cloud-security" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Cloud Security
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#developer-tooling" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Developer Tooling
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#iac-security" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
IaC Security
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#policy-library" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Policy Library
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#policy-as-code-4" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Policy-as-Code (4)
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#security-reporting" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Security Reporting
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Security Reporting">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#observability" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Observability
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#supply-chain-security" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Supply Chain Security
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Supply Chain Security">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#container-governance" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Container Governance
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#container-verifying" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Container Verifying
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#cryptographic-signatures" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Cryptographic Signatures
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#public-cloud" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Public Cloud
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Public Cloud">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#azure-integration" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Azure Integration
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Azure Integration">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#cloud-governance" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Cloud Governance
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#security" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Security
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Security">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#policy-enforcement" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Policy Enforcement
|
||
|
||
</span>
|
||
</a>
|
||
|
||
<nav class="md-nav" aria-label="Policy Enforcement">
|
||
<ul class="md-nav__list">
|
||
|
||
<li class="md-nav__item">
|
||
<a href="#admission-control" class="md-nav__link">
|
||
<span class="md-ellipsis">
|
||
|
||
Admission Control
|
||
|
||
</span>
|
||
</a>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
</ul>
|
||
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item">
|
||
<a href="../terraform/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Terraform
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
</ul>
|
||
</nav>
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../GoogleCloudPlatform/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Cloud Providers (Hyperscalers)
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../caching/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Networking & Service Mesh
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../container-managers/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
The Container Stack
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../crunchydata/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Data & Advanced Analytics
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../argo/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Engineering Pipeline
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../ChromeDevTools/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Developer Ecosystem
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<li class="md-nav__item md-nav__item--pruned md-nav__item--nested">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="../appointment-scheduling/" class="md-nav__link">
|
||
|
||
|
||
|
||
<span class="md-ellipsis">
|
||
|
||
|
||
Career & Industry
|
||
|
||
|
||
|
||
</span>
|
||
|
||
|
||
|
||
|
||
<span class="md-nav__icon md-icon"></span>
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
</ul>
|
||
</nav>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
|
||
|
||
|
||
|
||
<div class="md-content" data-md-component="content">
|
||
|
||
<article class="md-content__inner md-typeset">
|
||
|
||
|
||
|
||
|
||
|
||
<a href="https://github.com/nubenetes/awesome-kubernetes/edit/master/v2-docs/securityascode.md" title="Edit this page" class="md-content__button md-icon" rel="edit">
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg>
|
||
</a>
|
||
|
||
|
||
|
||
|
||
|
||
<a href="https://github.com/nubenetes/awesome-kubernetes/raw/master/v2-docs/securityascode.md" title="View source of this page" class="md-content__button md-icon">
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17 18c.56 0 1 .44 1 1s-.44 1-1 1-1-.44-1-1 .44-1 1-1m0-3c-2.73 0-5.06 1.66-6 4 .94 2.34 3.27 4 6 4s5.06-1.66 6-4c-.94-2.34-3.27-4-6-4m0 6.5a2.5 2.5 0 0 1-2.5-2.5 2.5 2.5 0 0 1 2.5-2.5 2.5 2.5 0 0 1 2.5 2.5 2.5 2.5 0 0 1-2.5 2.5M9.27 20H6V4h7v5h5v4.07c.7.08 1.36.25 2 .49V8l-6-6H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h4.5a8.2 8.2 0 0 1-1.23-2"/></svg>
|
||
</a>
|
||
|
||
|
||
|
||
<h1 id="security-policy-as-code">Security Policy as Code<a class="headerlink" href="#security-policy-as-code" title="Permanent link">¶</a></h1>
|
||
<div class="admonition tip">
|
||
<p class="admonition-title">Nubenetes V2 Elite Portal</p>
|
||
<p>You are browsing the AI-Curated V2 Elite Edition. Looking for the exhaustive list of references? Check out the <a href="/v1/securityascode/"><strong>V1 Historical Archive</strong></a>.</p>
|
||
</div>
|
||
<div class="admonition info">
|
||
<p class="admonition-title">Architectural Context</p>
|
||
<p>Detailed reference for Security Policy as Code in the context of Hardened Infrastructure.</p>
|
||
</div>
|
||
<h2 id="table-of-contents">Table of Contents<a class="headerlink" href="#table-of-contents" title="Permanent link">¶</a></h2>
|
||
<ol>
|
||
<li><a href="#architectural-foundations">Architectural Foundations</a></li>
|
||
<li><a href="#kubernetes-tools">Kubernetes Tools</a><ul>
|
||
<li><a href="#general-reference">General Reference</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#cloud-native-security">Cloud Native Security</a></li>
|
||
<li><a href="#infrastructure-security">Infrastructure Security</a><ul>
|
||
<li><a href="#iac-scanning">IaC Scanning</a></li>
|
||
<li><a href="#mergers-and-acquisitions">Mergers and Acquisitions</a></li>
|
||
<li><a href="#runtime-analysis">Runtime Analysis</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#policy-as-code">Policy-as-Code</a><ul>
|
||
<li><a href="#educational-video">Educational Video</a></li>
|
||
<li><a href="#governance">Governance</a></li>
|
||
<li><a href="#kyverno">Kyverno</a></li>
|
||
<li><a href="#kyverno-training">Kyverno Training</a></li>
|
||
<li><a href="#opa">OPA</a></li>
|
||
<li><a href="#opa-wasm">OPA Wasm</a></li>
|
||
<li><a href="#rego">Rego</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#cloud-native-platforms">Cloud-Native Platforms</a></li>
|
||
<li><a href="#infrastructure-as-code">Infrastructure-as-Code</a><ul>
|
||
<li><a href="#tagging-and-auditing">Tagging and Auditing</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#kubernetes-reliability">Kubernetes Reliability</a><ul>
|
||
<li><a href="#high-availability">High Availability</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#kubernetes-security">Kubernetes Security</a><ul>
|
||
<li><a href="#eks">EKS</a></li>
|
||
<li><a href="#gitops">GitOps</a></li>
|
||
<li><a href="#governance-1">Governance</a></li>
|
||
<li><a href="#kyverno-1">Kyverno</a></li>
|
||
<li><a href="#kyverno-policies">Kyverno Policies</a></li>
|
||
<li><a href="#kyverno-releases">Kyverno Releases</a></li>
|
||
<li><a href="#policy-as-code-1">Policy-as-Code</a></li>
|
||
<li><a href="#upgrade-paths">Upgrade Paths</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#kubernetes-storage">Kubernetes Storage</a><ul>
|
||
<li><a href="#policy-as-code-2">Policy-as-Code</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#multi-cloud-governance">Multi-Cloud Governance</a><ul>
|
||
<li><a href="#compliance-engine">Compliance Engine</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#multi-cluster-management">Multi-Cluster Management</a><ul>
|
||
<li><a href="#policy-as-code-3">Policy-as-Code</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#security-and-compliance">Security and Compliance</a><ul>
|
||
<li><a href="#cloud-security">Cloud Security</a></li>
|
||
<li><a href="#developer-tooling">Developer Tooling</a></li>
|
||
<li><a href="#iac-security">IaC Security</a></li>
|
||
<li><a href="#policy-library">Policy Library</a></li>
|
||
<li><a href="#policy-as-code-4">Policy-as-Code</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#security-reporting">Security Reporting</a><ul>
|
||
<li><a href="#observability">Observability</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#supply-chain-security">Supply Chain Security</a><ul>
|
||
<li><a href="#container-governance">Container Governance</a></li>
|
||
<li><a href="#container-verifying">Container Verifying</a></li>
|
||
<li><a href="#cryptographic-signatures">Cryptographic Signatures</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#public-cloud">Public Cloud</a></li>
|
||
<li><a href="#azure-integration">Azure Integration</a><ul>
|
||
<li><a href="#cloud-governance">Cloud Governance</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#security">Security</a></li>
|
||
<li><a href="#policy-enforcement">Policy Enforcement</a><ul>
|
||
<li><a href="#admission-control">Admission Control</a></li>
|
||
</ul>
|
||
</li>
|
||
</ol>
|
||
<h2 id="architectural-foundations">Architectural Foundations<a class="headerlink" href="#architectural-foundations" title="Permanent link">¶</a></h2>
|
||
<h3 id="kubernetes-tools">Kubernetes Tools<a class="headerlink" href="#kubernetes-tools" title="Permanent link">¶</a></h3>
|
||
<h4 id="general-reference">General Reference<a class="headerlink" href="#general-reference" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><a href="https://t.co/cvOceuueCF">IBM Vault 2.0 UI Enhancements and Reporting Improvements</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering IBM Vault 2.0 UI Enhancements and Reporting Improvements in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://web-check.xyz">Web-Check</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering Web-Check in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://www.docker.com/blog/docker-hardened-images-for-every-developer">Docker Hardened Images for Every Developer</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering Docker Hardened Images for Every Developer in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://t.co/EKsVgKA4xn">IBM IAM for AI Agents</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering IBM IAM for AI Agents in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://medium.com/airwalk/automate-policies-enforcement-with-policy-as-code-2f20aac9e2b0">medium: Automate policies enforcement with Policy-as-Code 🌟</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium: Automate policies enforcement with Policy-as-Code 🌟 in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://www.magalix.com/blog/integrating-open-policy-agent-opa-with-kubernetes-a-deep-dive-tutorial">magalix.com: Integrating Open Policy Agent (OPA) With Kubernetes 🌟</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering magalix.com: Integrating Open Policy Agent (OPA) With Kubernetes 🌟 in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://blog.styra.com/blog/integrating-identity-oauth2-and-openid-connect-in-open-policy-agent">blog.styra.com: Integrating Identity: OAUTH2 and OPENID CONNECT in Open' Policy Agent</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blog.styra.com: Integrating Identity: OAUTH2 and OPENID CONNECT in Open' Policy Agent in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://blog.styra.com/blog/rego-unit-testing">blog.styra.com: Rego Unit Testing</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blog.styra.com: Rego Unit Testing in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://blog.styra.com/blog/dynamic-policy-composition-for-opa">blog.styra.com: Dynamic Policy Composition for OPA</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blog.styra.com: Dynamic Policy Composition for OPA in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://blog.styra.com/blog/5-opa-deployment-performance-models-for-microservices">blog.styra.com: 5 OPA Deployment Performance Models for Microservices</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blog.styra.com: 5 OPA Deployment Performance Models for Microservices in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://blog.styra.com/blog/open-policy-agent-the-top-5-kubernetes-admission-control-policies">blog.styra.com: Open Policy Agent: The Top 5 Kubernetes Admission Control' Policies</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blog.styra.com: Open Policy Agent: The Top 5 Kubernetes Admission Control' Policies in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://siegert-maximilian.medium.com/ensure-content-trust-on-kubernetes-using-notary-and-open-policy-agent-485ab3a9423c">siegert-maximilian.medium.com: Ensure Content Trust on Kubernetes using' Notary and Open Policy Agent</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering siegert-maximilian.medium.com: Ensure Content Trust on Kubernetes using' Notary and Open Policy Agent in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://blog.styra.com/blog/policy-based-infrastructure-guardrails-with-terraform-and-opa">blog.styra.com: Policy-based infrastructure guardrails with Terraform and' OPA 🌟</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blog.styra.com: Policy-based infrastructure guardrails with Terraform and' OPA 🌟 in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://medium.com/@ravindursr/automated-manifest-file-validation-using-open-policy-agent-and-github-actions-697fa9fd74f0">medium: Automated Manifest File Validation Using Open Policy Agent and GitHub' Actions | Ravindu Sandeepa Rathugama</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium: Automated Manifest File Validation Using Open Policy Agent and GitHub' Actions | Ravindu Sandeepa Rathugama in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://inspektor.cloud/blog/evaluating-open-policy-agent-in-rust-using-wasm">inspektor.cloud: Evaluating open policy agent in rust using wasm</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering inspektor.cloud: Evaluating open policy agent in rust using wasm in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://medium.com/4th-coffee/what-is-policy-as-code-an-introduction-to-open-policy-agent-6098463f8461">medium.com/4th-coffee: What is Policy-as-Code? An Introduction to Open Policy' Agent</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium.com/4th-coffee: What is Policy-as-Code? An Introduction to Open Policy' Agent in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://banzaicloud.com/blog/istio-opa">banzaicloud.com: Istio and Kubernetes ft. OPA policies</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering banzaicloud.com: Istio and Kubernetes ft. OPA policies in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://medium.com/@siegert.maximilian/ensure-content-trust-on-kubernetes-using-notary-and-open-policy-agent-485ab3a9423c">medium: Ensure Content Trust on Kubernetes using Notary and Open Policy' Agent</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium: Ensure Content Trust on Kubernetes using Notary and Open Policy' Agent in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://medium.com/linkbynet/deploying-opa-on-a-gke-cluster-da4d3d77812c">medium: Deploying Open Policy Agent (OPA) on a GKE cluster — Step by Step</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium: Deploying Open Policy Agent (OPA) on a GKE cluster — Step by Step in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://blog.styra.com/blog/using-opa-with-gitops-to-speed-cloud-native-development">blog.styra.com: Using OPA with GitOps to speed Cloud-Native development</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering blog.styra.com: Using OPA with GitOps to speed Cloud-Native development in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://medium.com/gitguardian/what-is-policy-as-code-an-introduction-to-open-policy-agent-dba1400bb030">medium.com/gitguardian: What is Policy-as-Code? An Introduction to Open' Policy Agent</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium.com/gitguardian: What is Policy-as-Code? An Introduction to Open' Policy Agent in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://www.hashicorp.com/resources/securing-infrastructure-in-application-pipelines">hashicorp.com: Securing Infrastructure In Application Pipelines</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering hashicorp.com: Securing Infrastructure In Application Pipelines in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://venturebeat.com/2021/08/10/how-nirmata-plans-to-conquer-kubernetes-complexity-with-open-source-kyverno">venturebeat.com: How Nirmata plans to ‘conquer Kubernetes complexity’ with' open source Kyverno</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering venturebeat.com: How Nirmata plans to ‘conquer Kubernetes complexity’ with' open source Kyverno in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://movi.hashnode.dev/simplify-kubernetes-cluster-management-with-kyverno-ckt6yxjqy0duy95s14groe7h4">movi.hashnode.dev: Simplify Kubernetes Cluster Management with Kyverno</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering movi.hashnode.dev: Simplify Kubernetes Cluster Management with Kyverno in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://arun-sisodiya.medium.com/kyverno-a-policy-manager-for-kubernetes-286f6e082062">arun-sisodiya.medium.com: Kyverno — A Kubernetes native policy manager (Policy' as Code)</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering arun-sisodiya.medium.com: Kyverno — A Kubernetes native policy manager (Policy' as Code) in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://medium.com/compass-true-north/governing-multi-tenant-kubernetes-clusters-with-kyverno-3e11ba4a64ad">medium.com/compass-true-north: Governing Multi-Tenant Kubernetes Clusters' with Kyverno</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium.com/compass-true-north: Governing Multi-Tenant Kubernetes Clusters' with Kyverno in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://medium.com/@haseebshaukat2/kyverno-policy-engine-for-kubernetes-b49f3fac43b9">medium.com/@haseebshaukat2: Kyverno — Policy Engine for Kubernetes | Muhammad' Haseeb Shaukat</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium.com/@haseebshaukat2: Kyverno — Policy Engine for Kubernetes | Muhammad' Haseeb Shaukat in the Kubernetes Tools ecosystem.</li>
|
||
<li><a href="https://medium.com/@glen.yu/why-i-prefer-kyverno-over-gatekeeper-for-native-kubernetes-policy-management-35a05bb94964">medium.com/@glen.yu: Why I prefer Kyverno over Gatekeeper for native Kubernetes' policy management</a> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A curated technical resource and architectural guide covering medium.com/@glen.yu: Why I prefer Kyverno over Gatekeeper for native Kubernetes' policy management in the Kubernetes Tools ecosystem.</li>
|
||
</ul>
|
||
<h2 id="cloud-native-security">Cloud Native Security<a class="headerlink" href="#cloud-native-security" title="Permanent link">¶</a></h2>
|
||
<h3 id="infrastructure-security">Infrastructure Security<a class="headerlink" href="#infrastructure-security" title="Permanent link">¶</a></h3>
|
||
<h4 id="iac-scanning">IaC Scanning<a class="headerlink" href="#iac-scanning" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://www.sysdig.com">Apolicy</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Apolicy (acquired by Sysdig) provides advanced policy-as-code governance designed for shifting cloud security left. Scans Infrastructure-as-Code (IaC) templates and automatically matches security rules to production deployment settings.</li>
|
||
</ul>
|
||
<h4 id="mergers-and-acquisitions">Mergers and Acquisitions<a class="headerlink" href="#mergers-and-acquisitions" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://www.sysdig.com/blog/sysdig-and-apolicy-join-forces-to-help-customer-secure-infrastructure-as-code">sysdig.com: Sysdig and Apolicy join forces to help customers secure Infrastructure As Code and automate remediation</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An industry announcement detailing Sysdig's acquisition of Apolicy. Highlights the integration of IaC security analysis with runtime monitoring to establish unified, end-to-end security loops from Git commits to production containers.</li>
|
||
</ul>
|
||
<h4 id="runtime-analysis">Runtime Analysis<a class="headerlink" href="#runtime-analysis" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2024)</strong> <a href="https://snyk.io/product/container-vulnerability-management">Fugue: Container and Kubernetes. Runtime infrastructure security</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Fugue (now integrated under Snyk Container security suite) delivers continuous compliance and automated infrastructure monitoring for AWS, Azure, and Google Cloud alongside Kubernetes runtime configurations, mapping live states to CIS Benchmarks and SOC 2 frameworks.</li>
|
||
</ul>
|
||
<h3 id="policy-as-code">Policy-as-Code<a class="headerlink" href="#policy-as-code" title="Permanent link">¶</a></h3>
|
||
<h4 id="educational-video">Educational Video<a class="headerlink" href="#educational-video" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://www.youtube.com/watch?v=0TvhTXddRGE">youtube: The Rise of Kubernetes Policy Engine | Ep 57</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An informative panel discussion examining the rise of Kubernetes policy engines. Tracks the evolution from manual auditing workflows to declarative, automated gatekeeping systems using OPA Gatekeeper and Kyverno.</li>
|
||
</ul>
|
||
<h4 id="governance">Governance<a class="headerlink" href="#governance" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://www.techtarget.com/searchitoperations/news/252505548/CNCF-policy-as-code-project-bridges-Kubernetes-security-gaps">searchitoperations.techtarget.com: CNCF policy-as-code project bridges Kubernetes security gaps</a> <span class='md-tag md-tag--warning'>[NONE CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An industry report outlining CNCF policy-as-code initiatives designed to patch security deficiencies within container orchestration. Compares the operational paradigms of Rego-based OPA and YAML-native Kyverno for policy-driven environments.</li>
|
||
</ul>
|
||
<h4 id="kyverno">Kyverno<a class="headerlink" href="#kyverno" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://www.redhat.com/en/blog/automate-your-security-practices-and-policies-on-openshift-with-kyverno">cloud.redhat.com: Automate Your Security Practices and Policies on OpenShift With Kyverno 🌟</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Illustrates automated security practice implementation inside OpenShift clusters utilizing Kyverno. Explores Kyverno's YAML-native approach, highlighting how platform engineers write policies using standard Kubernetes resource models without learning new programming languages.</li>
|
||
</ul>
|
||
<h4 id="kyverno-training">Kyverno Training<a class="headerlink" href="#kyverno-training" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2023)</strong> <a href="https://www.appsecengineer.com/courses-collection/kubernetes-policy-management-with-kyverno">appsecengineer.com: Kubernetes Policy Management with Kyverno</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> <span class='md-tag md-tag--secondary'>[GUIDE]</span> — An educational course focusing on Kyverno-driven Kubernetes policy engineering. Walks developers and SREs through writing advanced manifest mutation, generation, and validation policies with real-world scenarios.</li>
|
||
</ul>
|
||
<h4 id="opa">OPA<a class="headerlink" href="#opa" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2020)</strong> <a href="https://www.techtarget.com/searchitoperations/news/252467102/Kubernetes-policy-project-takes-enterprise-IT-by-storm">searchitoperations.techtarget.com: Kubernetes policy project takes enterprise IT by storm</a> <span class='md-tag md-tag--warning'>[REGO CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Highlights the massive industry shift toward Open Policy Agent (OPA) for centralized, policy-as-code enforcement. Emphasizes OPA's ability to unify policy layers across different tools like Kubernetes admission controllers, API gateways, and CI/CD pipelines.</li>
|
||
<li><strong>(2020)</strong> <a href="https://www.redhat.com/en/blog/fine-grained-policy-enforcement-in-openshift-with-open-policy-agent">blog.openshift.com: Fine-Grained Policy Enforcement in OpenShift with Open Policy Agent 🌟</a> <span class='md-tag md-tag--warning'>[REGO CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A deep-dive technical article by Red Hat showcasing fine-grained policy enforcement in OpenShift using Open Policy Agent. Details how to intercept Kubernetes API requests via admission controllers to block non-compliant resource deployments programmatically.</li>
|
||
</ul>
|
||
<h4 id="opa-wasm">OPA Wasm<a class="headerlink" href="#opa-wasm" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2025)</strong> <a href="https://github.com/open-policy-agent/contrib/tree/main/wasm/cloudflare-worker"><mark>compile OpenPolicyAgent policies into WebAssembly and run them on the edge</mark></a> <span class='md-tag md-tag--info'>⭐ 348</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-ba4855b5" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 12 L 10 3 L 20 8 L 30 10 L 40 4 L 50 6" fill="none" stroke="url(#spark-grad-ba4855b5)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="6" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[WEBASSEMBLY CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — An open-source utility that compiles declarative Open Policy Agent (Rego) policies into high-performance WebAssembly (Wasm) modules. Designed for lightning-fast security and routing decisions at edge platforms like Cloudflare Workers and Envoy proxies.</li>
|
||
</ul>
|
||
<h4 id="rego">Rego<a class="headerlink" href="#rego" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://snyk.io/blog">fugue.co: 5 tips for using the Rego language for Open Policy Agent (OPA)</a> <span class='md-tag md-tag--warning'>[REGO CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An additional collection of advanced Rego development practices, focusing on unit-testing frameworks, mock injections, and playground emulator tools to ensure policy robustness and security governance.</li>
|
||
</ul>
|
||
<h2 id="cloud-native-platforms">Cloud-Native Platforms<a class="headerlink" href="#cloud-native-platforms" title="Permanent link">¶</a></h2>
|
||
<h3 id="infrastructure-as-code">Infrastructure-as-Code<a class="headerlink" href="#infrastructure-as-code" title="Permanent link">¶</a></h3>
|
||
<h4 id="tagging-and-auditing">Tagging and Auditing<a class="headerlink" href="#tagging-and-auditing" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://yor.io"><mark>yor.io</mark></a> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — An open-source, extensible auto-tagging tool designed to dynamically trace infrastructure-as-code from code to cloud. It automatically adds ownership, lineage, and environment metadata tags during pull requests, allowing operations teams to seamlessly trace production resources back to their source repository.</li>
|
||
<li><strong>(2021)</strong> <a href="https://thenewstack.io/yor-automates-tagging-for-infrastructure-as-code">thenewstack.io: Yor Automates Tagging for Infrastructure as Code</a> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Outlines the capabilities of Yor, an automated tagging engine designed to apply consistent metadata to IaC assets (Terraform, CloudFormation). Tracks resource ownership, drift, and git commit history through auto-injected tags, improving traceability and cloud financial operations (FinOps).</li>
|
||
</ul>
|
||
<h3 id="kubernetes-reliability">Kubernetes Reliability<a class="headerlink" href="#kubernetes-reliability" title="Permanent link">¶</a></h3>
|
||
<h4 id="high-availability">High Availability<a class="headerlink" href="#high-availability" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://kyverno.io/policies/other/require_pdb">kyverno.io: Require PodDisruptionBudget</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A standardized Kyverno policy template ensuring that all mission-critical deployments are paired with active PodDisruptionBudgets (PDB). This governance rule guarantees cluster high-availability by guarding applications against node drain and cluster maintenance operations.</li>
|
||
</ul>
|
||
<h3 id="kubernetes-security">Kubernetes Security<a class="headerlink" href="#kubernetes-security" title="Permanent link">¶</a></h3>
|
||
<h4 id="eks">EKS<a class="headerlink" href="#eks" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://dev.to/rinkiyakedad/using-kyverno-to-enforce-eks-best-practices-cad">dev.to: Using Kyverno To Enforce EKS Best Practices</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Guided tutorial showing how platform engineers can utilize Kyverno to systematically lock down Amazon EKS clusters. Illustrates policy enforcement setups to enforce multi-tenant isolation, require standard resource limits, and disable host networking, using declarative Kubernetes manifests.</li>
|
||
</ul>
|
||
<h4 id="gitops">GitOps<a class="headerlink" href="#gitops" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://thenewstack.io/weaveworks-adds-policy-as-code-to-secure-kubernetes-apps">thenewstack.io: Weaveworks Adds Policy as Code to Secure Kubernetes Apps' (Magalix)</a> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Reports on Weaveworks' acquisition and integration of Magalix to embed Policy-as-Code directly into GitOps pipelines. Details how declarative governance policies can be evaluated in continuous-delivery cycles prior to deployment, preventing misconfigured resources from ever entering a live cluster.</li>
|
||
</ul>
|
||
<h4 id="governance-1">Governance (1)<a class="headerlink" href="#governance-1" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2022)</strong> <a href="https://dev.to/mda590/using-kyverno-policies-for-kubernetes-governance-3e17">dev.to: Using Kyverno Policies for Kubernetes Governance</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Explains how organizations can use Kyverno to establish governance guardrails across shared development environments. Covers automating labels, validating ownership configurations, and managing resource consumption rules to ensure multi-tenant hygiene.</li>
|
||
</ul>
|
||
<h4 id="kyverno-1">Kyverno (1)<a class="headerlink" href="#kyverno-1" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://kyverno.io/docs/writing-policies/mutate">kyverno.io: Mutating Resources</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Official documentation detailing how Kyverno modifies incoming resource specifications dynamically using JSON patch operations. It covers mutating rules such as auto-injecting sidecar containers, adding node affinity constraints, and enforcing default labels on namespaces at creation time.</li>
|
||
<li><strong>(2026)</strong> <a href="https://kyverno.io/docs/writing-policies/generate">kyverno.io: Generating resources into existing namespaces</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Official guide on retroactively generating Kubernetes objects, such as secrets or network rules, across pre-existing namespaces using Kyverno's dynamic policy synchronization engine. Eliminates manually syncing resources across namespaces created prior to policy deployment.</li>
|
||
<li><strong>(2026)</strong> <a href="https://kyverno.io/docs/writing-policies/autogen">kyverno.io: Auto-Gen Rules for Pod Controllers</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Illustrates how Kyverno automatically propagates policies applied to raw Pod specs to downstream controllers (Deployments, DaemonSets, StatefulSets). Simplifies security operations by validating configurations at high-level workloads rather than only catching errors at low-level pod schedulers.</li>
|
||
<li><strong>(2021)</strong> <a href="https://www.squadcast.com/blog/kyverno-policy-management-in-kubernetes">squadcast.com: Kyverno - Policy Management in Kubernetes 🌟</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Explores the design patterns of Kyverno as a Kubernetes-native policy engine that eliminates the need to learn specialized programming languages. Highlights how Kyverno manages resource validation, mutation, and generation using declarative YAML configurations designed to fit existing GitOps workflows.</li>
|
||
<li><strong>(2020)</strong> <a href="https://neonmirrors.net/post/2020-12/exploring-kyverno-part3">neonmirrors.net: Exploring Kyverno: Part 3, Generation</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Deep-dive technical exploration into Kyverno's generation rules, demonstrating how the policy engine can automatically provision ancillary resources, like NetworkPolicies or ConfigMaps, whenever a new namespace is initialized. Optimizes cluster bootstrapping without custom operators.</li>
|
||
<li><strong>(2020)</strong> <a href="https://neonmirrors.net/post/2020-11/exploring-kyverno-intro">neonmirrors.net: Exploring Kyverno: Introduction 🌟</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A foundational introductory article dissecting the architecture and operational benefits of adopting Kyverno. Contrasts it with custom-coded validating webhooks and details its direct design philosophy of aligning container policy administration with idiomatic Kubernetes constructs.</li>
|
||
</ul>
|
||
<h4 id="kyverno-policies">Kyverno Policies<a class="headerlink" href="#kyverno-policies" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://kyverno.io/policies/other/add-pod-proxies">kyverno.io: Add Pod Proxies</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Technical documentation demonstrating how to use Kyverno to dynamically inject HTTP/HTTPS proxy environment variables into Pod containers upon admission. Solves enterprise proxy configuration demands automatically without requiring manual pod-by-pod updates from development teams.</li>
|
||
<li><strong>(2026)</strong> <a href="https://kyverno.io/policies/best-practices/require_probes/require_probes">kyverno.io: Implementing your best practices is simple with kyverno</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Standard Kyverno policy design pattern focused on enforcing health probe settings (liveness, readiness, startup) across all deployed container payloads. This rule enforces Kubernetes operations best practices, safeguarding application lifecycle management and endpoint routing.</li>
|
||
</ul>
|
||
<h4 id="kyverno-releases">Kyverno Releases<a class="headerlink" href="#kyverno-releases" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://nirmata.com/2021/08/18/introducing-kyverno-1-4-2-trusted-and-more-efficient">nirmata.com: Introducing Kyverno 1.4.2: Trusted And More Efficient!</a> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Reviews release-specific improvements introduced in Kyverno v1.4.2, highlighting optimizations in validation speeds, improved caching models, and expanded schema support. Provides performance benchmarks of Kyverno when subjected to scale workloads across massive enterprise orchestrators.</li>
|
||
</ul>
|
||
<h4 id="policy-as-code-1">Policy-as-Code (1)<a class="headerlink" href="#policy-as-code-1" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2022)</strong> <a href="https://github.com/raspbernetes/k8s-security-policies"><mark>k8s-security-policies</mark></a> <span class='md-tag md-tag--info'>⭐ 177</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-36066366" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 12 L 10 10 L 20 5 L 30 6 L 40 5 L 50 3" fill="none" stroke="url(#spark-grad-36066366)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="3" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> <span class='md-tag md-tag--critical'>[LEGACY]</span> — A repository hosting robust and ready-to-use security configurations for Kubernetes clusters, heavily focused on replacing deprecated PodSecurityPolicies with Kyverno and OPA alternatives. It is a highly practical compliance baseline library for platform teams seeking rapid deployment of security controls.</li>
|
||
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/blogs/containers/policy-based-countermeasures-for-kubernetes-part-1">amazon.com: Policy-based countermeasures for Kubernetes – Part 1</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Detailed architectural guide on implementing declarative guardrails in EKS clusters to reduce attack surfaces. Focuses on the synergy between Kubernetes admission controllers and modern policy engines, illustrating how to validate and mutate payloads to block insecure configuration drift.</li>
|
||
<li><strong>(2021)</strong> <a href="https://aws.amazon.com/es/blogs/containers/policy-based-countermeasures-for-kubernetes-part-1">aws.amazon.com: Policy-based countermeasures for Kubernetes – Part 1</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Spanish localized edition of AWS's architectural breakdown detailing policy-driven mitigations within Kubernetes runtime layers. Instructs platform engineers on configuring robust security guardrails using native Kubernetes controllers and cloud provider identity brokers to neutralize container vulnerabilities.</li>
|
||
<li><strong>(2021)</strong> <a href="https://neonmirrors.net/post/2021-02/kubernetes-policy-comparison-opa-gatekeeper-vs-kyverno">neonmirrors.net: Kubernetes Policy Comparison: OPA/Gatekeeper vs Kyverno' 🌟</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A seminal technical comparison contrasting the architecture and design patterns of OPA Gatekeeper (relying on the domain-specific Rego language) against Kyverno (which uses native Kubernetes YAML). Helps engineers evaluate resource consumption, developer velocity, and cognitive overhead for both systems.</li>
|
||
<li><strong>(2021)</strong> <a href="https://www.sesin.at/2021/08/28/securing-kubernetes-with-kyverno-how-to-protect-your-users-from-themselves-by-ritesh-patel">sesin.at: Securing Kubernetes with Kyverno: How to Protect Your Users From' Themselves by Ritesh Patel</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Explores security policy implementation using Kyverno to proactively safeguard users against unsafe configuration actions. Discusses deployment of best-practice guardrails, preventing privilege escalation, insecure mount paths, and other critical risks without impeding agile deployment workflows.</li>
|
||
</ul>
|
||
<h4 id="upgrade-paths">Upgrade Paths<a class="headerlink" href="#upgrade-paths" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://kyverno.io/policies/best-practices/check_deprecated_apis">kyverno.io: Check deprecated APIs 🌟</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--critical'>[LEGACY]</span> — Outlines a pre-configured Kyverno policy targeted at scanning incoming manifests to detect and block deprecated or removed Kubernetes API groups. Indispensable for preventing cluster upgrade blockages, validating manifests before execution on newer API-driven orchestrators.</li>
|
||
</ul>
|
||
<h3 id="kubernetes-storage">Kubernetes Storage<a class="headerlink" href="#kubernetes-storage" title="Permanent link">¶</a></h3>
|
||
<h4 id="policy-as-code-2">Policy-as-Code (2)<a class="headerlink" href="#policy-as-code-2" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://dev.to/niveditacoder/default-kyverno-policies-for-openebs-4abf">dev.to: Default Kyverno Policies for OpenEBS</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Walks through establishing Kyverno policies optimized for workloads using OpenEBS as their persistent storage driver. Demonstrates how to automatically enforce volume attachment limits, dynamic volume provisioning policies, and validate container mount points for improved system stability.</li>
|
||
</ul>
|
||
<h3 id="multi-cloud-governance">Multi-Cloud Governance<a class="headerlink" href="#multi-cloud-governance" title="Permanent link">¶</a></h3>
|
||
<h4 id="compliance-engine">Compliance Engine<a class="headerlink" href="#compliance-engine" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://github.com/cloud-custodian/cloud-custodian"><mark>Cloud Custodian</mark></a> <span class='md-tag md-tag--info'>⭐ 6007</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-6de45dba" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 5 L 10 12 L 20 4 L 30 8 L 40 12 L 50 5" fill="none" stroke="url(#spark-grad-6de45dba)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="5" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[PYTHON CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — A robust, YAML-configured rules engine used by enterprise platform engineers to manage multi-cloud compliance, cost control, and security posture across AWS, Azure, and GCP. Automates cost-saving resource deletions, tag compliance, and real-time security remediation.</li>
|
||
</ul>
|
||
<h3 id="multi-cluster-management">Multi-Cluster Management<a class="headerlink" href="#multi-cluster-management" title="Permanent link">¶</a></h3>
|
||
<h4 id="policy-as-code-3">Policy-as-Code (3)<a class="headerlink" href="#policy-as-code-3" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://www.kubermatic.com/blog/using-open-policy-agent-with-kubermatic">kubermatic.com: Using Open Policy Agent With Kubermatic Kubernetes Platform</a> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Examines the implementation of OPA Gatekeeper within Kubermatic Kubernetes Platform (KKP) for programmatic multi-cluster fleet management. Illustrates how operators can centrally define, distribute, and enforce admission controller policies across dozens of hybrid and multi-cloud Kubernetes deployments.</li>
|
||
</ul>
|
||
<h3 id="security-and-compliance">Security and Compliance<a class="headerlink" href="#security-and-compliance" title="Permanent link">¶</a></h3>
|
||
<h4 id="cloud-security">Cloud Security<a class="headerlink" href="#cloud-security" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://github.com/selefra/selefra"><mark>Selefra: Selefra is an open-source policy-as-code software that provides' analytics for multi-cloud and SaaS.</mark></a> <span class='md-tag md-tag--info'>⭐ 545</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-1224f44c" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 6 L 10 2 L 20 10 L 30 8 L 40 2 L 50 6" fill="none" stroke="url(#spark-grad-1224f44c)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="6" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — An open-source policy-as-code platform engineered to analyze multi-cloud and SaaS configurations using SQL-based query patterns. This tool enables developers to scan cloud resources for compliance defects, security gaps, and operational overhead with rapid execution and modular plugins.</li>
|
||
</ul>
|
||
<h4 id="developer-tooling">Developer Tooling<a class="headerlink" href="#developer-tooling" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://github.com/policy-hub/policy-hub-cli"><mark>PolicyHub CLI, a CLI tool that makes Rego policies searchable 🌟</mark></a> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — A lightweight command-line utility engineered to improve discoverability and usability of Rego-based policies. This tool parses and indexes shared policy repositories, enabling infrastructure and platform engineers to search, validate, and integrate standard compliance policies directly from local environments.</li>
|
||
</ul>
|
||
<h4 id="iac-security">IaC Security<a class="headerlink" href="#iac-security" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://www.checkov.io"><mark>checkov.io</mark></a> <span class='md-tag md-tag--warning'>[PYTHON CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — A leading static code analysis utility designed to scan Infrastructure-as-Code configurations (Terraform, Kubernetes, CloudFormation, Helm, Dockerfile) for security misconfigurations. Features out-of-the-box policy libraries that enforce industry standards like CIS Benchmarks, SOC2, and HIPAA prior to deployment.</li>
|
||
</ul>
|
||
<h4 id="policy-library">Policy Library<a class="headerlink" href="#policy-library" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://github.com/instrumenta/policies"><mark>github.com/instrumenta/policies: A set of shared policies for use with Conftest' and other Open Policy Agent tools</mark></a> <span class='md-tag md-tag--info'>⭐ 66</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-bfe49355" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 6 L 10 7 L 20 11 L 30 7 L 40 9 L 50 9" fill="none" stroke="url(#spark-grad-bfe49355)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="9" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[REGO CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — A structured directory of modular policy files for linting infrastructure-as-code deployments (Terraform, Kubernetes YAML, Helm charts). Designed to enforce standards like non-root container runs, memory limit boundaries, and forbidden network ingress setups early in CI/CD cycles.</li>
|
||
</ul>
|
||
<h4 id="policy-as-code-4">Policy-as-Code (4)<a class="headerlink" href="#policy-as-code-4" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://www.openpolicyagent.org"><mark>OPA Open Policy Agent 🌟</mark></a> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — General-purpose policy engine designed to unify and enforce fine-grained authorization across microservices, Kubernetes, CI/CD, and API gateways. Uses the declarative query language Rego to decouple policy decisions from execution, serving as a critical cornerstone in modern Zero-Trust architectures.</li>
|
||
<li><strong>(2022)</strong> <a href="https://blog.gitguardian.com/what-is-policy-as-code-an-introduction-to-open-policy-agent">blog.gitguardian.com: What is Policy-as-Code? An Introduction to Open Policy' Agent</a> <span class='md-tag md-tag--warning'>[REGO CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Comprehensive introduction to Open Policy Agent (OPA) and its application of declarative, domain-agnostic policy enforcement using the Rego language. Evaluates the architectural shift of separating policy logic from application code, making security policies testable and auditable in Git repos.</li>
|
||
<li><strong>(2022)</strong> <a href="https://dev.to/permit_io/load-external-data-into-opa-the-good-the-bad-and-the-ugly-26lc">dev.to: Load external data into OPA: The Good, The Bad, and The Ugly</a> <span class='md-tag md-tag--warning'>[REGO CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Analyses the complex architectural patterns required for injecting dynamic runtime datasets into Open Policy Agent (OPA). Evaluates caching strategies, JWT validation, HTTP pull-push mechanisms, and their relative trade-offs regarding latency, scalability, and network failure tolerance inside authorization pathways.</li>
|
||
<li><strong>(2021)</strong> <a href="https://thenewstack.io/getting-open-policy-agent-up-and-running">thenewstack.io: Getting Open Policy Agent Up and Running</a> <span class='md-tag md-tag--warning'>[REGO CONTENT]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — A pragmatic guide detailing bootstrap procedures for deploying Open Policy Agent (OPA) inside production systems. Guides the reader through daemon configuration, loading external data contexts, and integrating policy enforcement into Kubernetes via the Gatekeeper admission controller framework.</li>
|
||
</ul>
|
||
<h3 id="security-reporting">Security Reporting<a class="headerlink" href="#security-reporting" title="Permanent link">¶</a></h3>
|
||
<h4 id="observability">Observability<a class="headerlink" href="#observability" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://github.com/kyverno/policy-reporter"><mark>Policy Reporter 🌟</mark></a> <span class='md-tag md-tag--info'>⭐ 371</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-65952f03" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 6 L 10 8 L 20 9 L 30 3 L 40 13 L 50 10" fill="none" stroke="url(#spark-grad-65952f03)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="10" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> 🌟🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[DE FACTO STANDARD]</span> — A CNCF-recognized dashboard and reporter engineered to capture, aggregate, and visualize policy violations (like Kyverno or OPA findings) inside Kubernetes clusters. Converts abstract policy status reports into accessible web UI tables and distributes real-time alerts to Slack or Grafana.</li>
|
||
</ul>
|
||
<h3 id="supply-chain-security">Supply Chain Security<a class="headerlink" href="#supply-chain-security" title="Permanent link">¶</a></h3>
|
||
<h4 id="container-governance">Container Governance<a class="headerlink" href="#container-governance" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://kyverno.io/policies/best-practices/restrict_image_registries/restrict_image_registries">kyverno.io: Restrict Image Registries</a> <span class='md-tag md-tag--warning'>[YAML CONTENT]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Official documentation outlining how to write Kyverno policies to block deployment of images from unapproved registries. Enforces a key tenant of secure container delivery by ensuring workloads only pull code from trusted, internally-vetted registry endpoints.</li>
|
||
</ul>
|
||
<h4 id="container-verifying">Container Verifying<a class="headerlink" href="#container-verifying" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2021)</strong> <a href="https://nirmata.com/2021/08/12/kubernetes-supply-chain-policy-management-with-cosign-and-kyverno">nirmata.com: Kubernetes Supply Chain Policy Management with Cosign and Kyverno</a> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — Practical guide demonstrating how Nirmata utilizes Sigstore Cosign paired with Kyverno to authenticate digital signatures on incoming container images. Establishes programmatic cryptographic validation inside admission paths, preventing unverified or tampered binaries from launching in production environments.</li>
|
||
</ul>
|
||
<h4 id="cryptographic-signatures">Cryptographic Signatures<a class="headerlink" href="#cryptographic-signatures" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2022)</strong> <a href="https://blog.sigstore.dev/how-to-verify-container-images-with-kyverno-using-kms-cosign-and-workload-identity-1e07d2b85061">blog.sigstore.dev: How to verify container images with Kyverno using KMS,' Cosign, and Workload Identity</a> <span class='md-tag md-tag--warning'>[GO CONTENT]</span> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--info'>[COMMUNITY-TOOL]</span> — An advanced technical exploration of enterprise container security architectures. Provides steps to construct a validation loop that verifies image signatures dynamically using Kyverno, integrated directly with KMS key stores, Sigstore Cosign, and OIDC-based Workload Identity.</li>
|
||
</ul>
|
||
<h2 id="public-cloud">Public Cloud<a class="headerlink" href="#public-cloud" title="Permanent link">¶</a></h2>
|
||
<h3 id="azure-integration">Azure Integration<a class="headerlink" href="#azure-integration" title="Permanent link">¶</a></h3>
|
||
<h4 id="cloud-governance">Cloud Governance<a class="headerlink" href="#cloud-governance" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2026)</strong> <a href="https://nubenetes.com/azure/"><strong>Azure Policy</strong></a> <span class='md-tag md-tag--critical'>[ADVANCED LEVEL]</span> <span class='md-tag md-tag--primary'>[DOCUMENTATION]</span> 🌟🌟🌟🌟 <span class='md-tag md-tag--success'>[ENTERPRISE-STABLE]</span> — Specialized gateway and reference documentation for enforcing structural compliance, resource auditing, and governance across Azure resource environments. Explains custom definition policies, policy initiatives, and automated remediation workflows. Critical reference for maintaining operational guardrails in enterprise cloud architectures.</li>
|
||
</ul>
|
||
<h2 id="security">Security<a class="headerlink" href="#security" title="Permanent link">¶</a></h2>
|
||
<h3 id="policy-enforcement">Policy Enforcement<a class="headerlink" href="#policy-enforcement" title="Permanent link">¶</a></h3>
|
||
<h4 id="admission-control">Admission Control<a class="headerlink" href="#admission-control" title="Permanent link">¶</a></h4>
|
||
<ul>
|
||
<li><strong>(2022)</strong> <a href="https://github.com/tmobile/magtape">MagTape</a> <span class='md-tag md-tag--info'>⭐ 152</span> <svg class="v2-sparkline" width="50" height="15" viewBox="0 0 50 15" style="vertical-align: middle; display: inline-block; margin-left: 6px;" title="Activity Trend"><defs><linearGradient id="spark-grad-7aafde66" x1="0" y1="0" x2="1" y2="0"><stop offset="0%" stop-color="rgba(34, 211, 238, 0.2)" /><stop offset="100%" stop-color="var(--md-accent-fg-color)" /></linearGradient></defs><path class="v2-sparkline-path" d="M 0 13 L 10 5 L 20 7 L 30 3 L 40 5 L 50 7" fill="none" stroke="url(#spark-grad-7aafde66)" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /><circle cx="50" cy="7" r="2" fill="var(--md-accent-fg-color)" /></svg> <span class='md-tag md-tag--warning'>[JAVASCRIPT CONTENT]</span> 🌟🌟 <span class='md-tag md-tag--critical'>[LEGACY]</span> — An admission controller developed by T-Mobile that evaluates resources against organizational policy constraints during creation. Written in Node.js, it offered a lightweight alternative to OPA for specific JSON schema validations. By 2026, it has been largely archived, with developers migrating to Gatekeeper or Kyverno.</li>
|
||
</ul>
|
||
<hr />
|
||
<p>💡 <strong>Explore Related:</strong> <a href="../iac/">IaC</a> | <a href="../terraform/">Terraform</a> | <a href="../chef/">Chef</a></p>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
</article>
|
||
</div>
|
||
|
||
|
||
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
|
||
</div>
|
||
|
||
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
|
||
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
|
||
Back to top
|
||
</button>
|
||
|
||
</main>
|
||
|
||
<footer class="md-footer">
|
||
|
||
<div class="md-footer-meta md-typeset">
|
||
<div class="md-footer-meta__inner md-grid">
|
||
<div class="md-copyright">
|
||
|
||
<div class="md-copyright__highlight">
|
||
Copyright © 2026 Nubenetes Agentic Intelligence
|
||
</div>
|
||
|
||
|
||
Made with
|
||
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
|
||
Material for MkDocs
|
||
</a>
|
||
|
||
</div>
|
||
|
||
|
||
<div class="md-social">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<a href="https://github.com/nubenetes/awesome-kubernetes" target="_blank" rel="noopener" title="github.com" class="md-social__link">
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M173.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M252.8 8C114.1 8 8 113.3 8 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C436.2 457.8 504 362.9 504 252 504 113.3 391.5 8 252.8 8M105.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
|
||
</a>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<a href="https://twitter.com/nubenetes" target="_blank" rel="noopener" title="twitter.com" class="md-social__link">
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M459.4 151.7c.3 4.5.3 9.1.3 13.6 0 138.7-105.6 298.6-298.6 298.6-59.5 0-114.7-17.2-161.1-47.1 8.4 1 16.6 1.3 25.3 1.3 49.1 0 94.2-16.6 130.3-44.8-46.1-1-84.8-31.2-98.1-72.8 6.5 1 13 1.6 19.8 1.6 9.4 0 18.8-1.3 27.6-3.6-48.1-9.7-84.1-52-84.1-103v-1.3c14 7.8 30.2 12.7 47.4 13.3-28.3-18.8-46.8-51-46.8-87.4 0-19.5 5.2-37.4 14.3-53C87.4 130.8 165 172.4 252.1 176.9c-1.6-7.8-2.6-15.9-2.6-24C249.5 95.1 296.3 48 354.4 48c30.2 0 57.5 12.7 76.7 33.1 23.7-4.5 46.5-13.3 66.6-25.3-7.8 24.4-24.4 44.8-46.1 57.8 21.1-2.3 41.6-8.1 60.4-16.2-14.3 20.8-32.2 39.3-52.6 54.3"/></svg>
|
||
</a>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<a href="https://www.linkedin.com/groups/1937212/" target="_blank" rel="noopener" title="www.linkedin.com" class="md-social__link">
|
||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M416 32H31.9C14.3 32 0 46.5 0 64.3v383.4C0 465.5 14.3 480 31.9 480H416c17.6 0 32-14.5 32-32.3V64.3c0-17.8-14.4-32.3-32-32.3M135.4 416H69V202.2h66.5V416zM102.2 96a38.5 38.5 0 1 1 0 77 38.5 38.5 0 1 1 0-77m282.1 320h-66.4V312c0-24.8-.5-56.7-34.5-56.7-34.6 0-39.9 27-39.9 54.9V416h-66.4V202.2h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2 0 79.7 44.3 79.7 101.9z"/></svg>
|
||
</a>
|
||
|
||
</div>
|
||
|
||
</div>
|
||
</div>
|
||
</footer>
|
||
|
||
</div>
|
||
<div class="md-dialog" data-md-component="dialog">
|
||
<div class="md-dialog__inner md-typeset"></div>
|
||
</div>
|
||
|
||
|
||
|
||
|
||
|
||
<script id="__config" type="application/json">{"annotate": null, "base": "..", "features": ["navigation.tabs", "navigation.tabs.sticky", "navigation.top", "navigation.tracking", "navigation.sections", "navigation.expand", "navigation.indexes", "search.suggest", "search.highlight", "search.share", "content.code.copy", "content.action.view", "content.action.edit", "content.tooltips", "navigation.prune", "toc.integrate"], "search": "../assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
|
||
|
||
|
||
<script src="../assets/javascripts/bundle.79ae519e.min.js"></script>
|
||
|
||
<script src="../static/v2_filter.js"></script>
|
||
|
||
|
||
</body>
|
||
</html> |