github/container.training
1
0
Fork 0
mirror of https://github.com/jpetazzo/container.training.git synced 2026-02-14 09:39:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
164651c461c5048ab86f495e071564fa362f8708
container.training/slides/exercises/ingress-secret-policy-brief.md
Jérôme Petazzoni 164651c461 Add new Kyverno exercise
2021-12-14 16:39:06 +01:00

471 B
Raw Blame History

⚠️ BROKEN EXERCISE - DO NOT USE

Exercise — Ingress Secret Policy

Implement policy to limit impact of ingress controller vulnerabilities.

(Mitigate e.g. CVE-2021-25742)

  • Deploy an ingress controller and cert-manager

  • Deploy a trivial web app secured with TLS

    (obtaining a cert with cert-manager + Let's Encrypt)

  • Prevent ingress controller from reading arbitrary secrets

  • Automatically grant selective access to TLS secrets, but not other secrets

Reference in New Issue View Git Blame Copy Permalink