This repository contains an extended version of the Open Policy Agent (OPA-Envoy) that allows you to enforce OPA policies with Envoy

➜ github.com/open-policy-ag…

In this article, you'll learn how to use RBAC and set up Roles that specify what actions are allowed and how to link these Roles to your Users and Service Accounts using RoleBindings

➜ medium.com/@arton.demaku/…

Learn to auto-update Kubernetes secrets via External Secrets Operator and secret managers like GCP secret manager

The guide covers secret rotation, syncing, Helm installation, and TLS management

➤ medium.com/linux-shots/sy…

In this article, you'll find instructions for setting up and installing Pod Security Admission (PSA), step-by-step migration guides to transition from Pod Security Policies (PSP) to PSA, and precise commands for transferring existing PSP rules to PSA

➤ hackernoon.com/migrating-from…

The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store and mount them into Kubernetes pods

➤ github.com/aws/secrets-st…

In this article, you will take a comprehensive look at the OWASP Kubernetes Top 10, discuss each risk in detail, and provide recommendations for mitigating it

Finally, you'll look at tools and techniques for auditing your configuration

➤ medium.com/@seifeddineraj…

Amazon EKS Pod Identities automates the association between Kubernetes service accounts and AWS IAM roles, eliminating manual credential management

This tutorial explains the steps involved in doing so

➜ medium.com/lumigo/eks-pod…

AWS ACM Private CA is a module of the AWS Certificate Manager that can set up and manage private CAs

This project acts as an addon to cert-manager that signs off certificate requests using AWS PCA

➤ github.com/cert-manager/a…

The article compares three policy engines: OPA, Gatekeeper, Kyverno, and jsPolicy

➜ blogs.aftabs.co/enforcing-secu…

If you are an admin running a Kubernetes cluster on AWS, you already need to manage AWS IAM credentials to provision and update the cluster

You avoid managing a separate credential for Kubernetes access by using AWS IAM Authenticator for Kubernetes

➜ github.com/kubernetes-sig…

This week on the Learn Kubernetes Weekly:

🐾 Journey with Cluster API
📏 Horizontal Autoscaling
⏱️ Testing Service Mesh performance
🥷 Escaping the OOM Killer
💡 From on-premise to GKE

Read it now: learnk8s.io/issues/74

The article discusses enhancing Kubernetes network security using iptables, covering its setup, configuring rules for different nodes, and ensuring persistent configurations for continuous protection

➜ dev.to/docteurrs/shie…

In this article, you will learn how envelope encryption works in EKS with KMS through illustrations

➤ teamoptimizers.hashnode.dev/envelope-encry…

KubeMod is a universal Kubernetes mutating operator

It introduces Custom Resource Definition (`ModRule`) that can intercept the deployment of any Kubernetes object and apply modifications or reject it before it is deployed to the cluster

➜ github.com/kubemod/kubemod

Reflector is a Kubernetes addon designed to monitor changes to resources (Secrets and ConfigMaps) and reflect changes to mirror resources in the same or other namespaces

➤ github.com/emberstack/kub…

In this article, you'll compare three popular container signing solutions: Sigstore Cosign, Notary v2, and Docker Content Trust (DCT)

You'll learn about their features, capabilities, and suitability for securing container image supply chains

➤ snyk.io/blog/signing-c…

This tutorial teaches how to integrate Hashicorp Vault with Kubernetes for dynamic, secure secrets management using the External Secrets Operator (ESO)

It covers setting up Vault roles, policies, and the Key/Value secrets engine for ESO

➤ faun.pub/vault-integrat…

The article delves into Google Kubernetes Engine's Workload Identity Federation and highlights the security benefits, operational simplicity, and importance of annotations and policy bindings in managing access control

➜ medium.com/google-cloud/w…

This tutorial outlines securing a cluster with Kubescape, Prometheus, and Grafana for proactive risk identification, trend analysis, and improved audit processes

A setup guide includes Terraform deployment and log management with Loki and Promtail

➜ araji.medium.com/proactive-kube…

This article explores the fundamental concepts, syntax, semantics, and implementation considerations associated with Network Policies

It also delves into best practices and real-world examples to illustrate their practical application and benefits

➤ medium.com/cloud-native-d…