Need help with k8s-sec?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

mhausenblas
139 Stars 21 Forks Apache License 2.0 13 Commits 0 Opened issues

Description

Kubernetes Security: from Image Hygiene to Network Policies

Services available

!
?

Need anything else?

Contributors list

# 72,144
recover...
s3
openshi...
cidr
13 commits

Kubernetes Security: from Image Hygiene to Network Policies

Building container images

Tooling:

  • https://docs.docker.com/docker-cloud/builds/image-scan/
  • https://github.com/coreos/clair
  • https://www.open-scap.org/tools/
  • https://www.aquasec.com/use-cases/continuous-image-assurance/
  • https://neuvector.com/container-compliance-auditing-solutions/
  • https://github.com/theupdateframework/notary
  • https://github.com/in-toto

Further reading:

Running containers

Tooling:

  • https://github.com/aquasecurity/kube-bench
  • https://github.com/docker/docker-bench-security
  • https://sysdig.com/opensource/falco/
  • https://kubesec.io/
  • https://www.twistlock.com/

Further reading:

Authentication and authorization

Tooling:

  • https://github.com/coreos/dex
  • https://github.com/liggitt/audit2rbac
  • https://github.com/heptio/authenticator

Further reading:

Communication

Tooling:

  • https://github.com/aporeto-inc/trireme-kubernetes
  • https://github.com/jetstack/cert-manager/
  • https://spiffe.io/
  • https://www.openpolicyagent.org/

Further reading:

Apps

Tooling:

  • https://github.com/kelseyhightower/konfd
  • https://github.com/hashicorp/vault-plugin-auth-kubernetes
  • https://github.com/bitnami-labs/sealed-secrets
  • https://github.com/shyiko/kubesec
  • https://github.com/weaveworks/flux

Further reading:

Securing the control plane

Tooling:

  • https://github.com/bgeesaman/kubeatf
  • https://github.com/Shopify/kubeaudit
  • https://k8guard.github.io/

Further reading:

References

Kubernetes resources related to security (v1.10):

Useful

kubectl
commands:
  • kubectl create secret
  • kubectl create serviceaccount
  • kubectl create role
  • kubectl create rolebinding
  • kubectl auth can-i

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.