Public

Adventures in Kubernetes

Author: Andrew Martin (ControlPlane) Kubernetes security has come a long way since the project's inception, but still contains some gotchas. Starting with the control plane, building up through workload and network security, and finishing with a projection into the future of security, here is a list of handy tips to help harden your clusters and increase their resilience if compromised. Part One: The Control Plane 1. TLS Everywhere 2. Enable RBAC with Least Privilege, Disable ABAC, and Monitor Logs 3.

So you built a cluster. Maybe you have some apps deployed. You’re sold on this whole Kubernetes thing. Now what do you do?

By Connor Gilbert, product manager at StackRox Last month, the Kubernetes ecosystem was shaken by the discovery of the first major security flaw in Kubernetes, the world’s most popular container…

The container orchestrator war is over, and Kubernetes has won. With companies large and small rapidly adopting the platform, security has emerged as an important concern – partly because of the learning curve inherent in understanding any new infrastructure, and partly because of recently announced vulnerabilities.

This document covers topics related to protecting a cluster from accidental or malicious access and provides recommendations on overall security. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

Discover reference architectures, diagrams, design patterns, guidance, and best practices for building or migrating your workloads on Google Cloud.

This article introduces the most common techniques and patterns to build and operate a highly available microservices architecture.

Code and technology musings by Orr Sella

Default installations of Helm on Kubernetes can make it trivial for attackers to escalate to cluster admin. In this post I’ll demonstrate how.

As the idea of the “service mesh” has become increasingly popular over the last two years and as the number of entrants into the space has…

I was talking to a former student when he brought up an article written by a well-seasoned programmer regretting his choice of career. This fellow had rejec...

Offered by Stanford University. Learn To Think Like A ... Enroll for free.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. - GitHub - OWASP/CheatSheetSeries: The OWASP Cheat Sheet ...

In the previous post we looked at relative event ordering and the decoupling of publishers and consumers among other things. In this post we'll take those concepts and look at an example architecture. We'll look at the various modelling possibilities we have with RabbitMQ representing a queue base

79 votes and 35 comments so far on Reddit

Fail2ban is a daemon that can be run on your server to dynamically block clients that fail to authenticate correctly with your services repeatedly. This can…

181 votes and 37 comments so far on Reddit