Cloud Custodian is yet another tool that helps us audit, manage, and apply policies to cloud resources, but with a twist. Is it any good? Should you use it? Who should use it?
Continue readingThere’s no excuse for anyone not to use HTTPS.
Learn how to automate HTTPS with cert-manager running in Kubernetes and Let’s Encrypt in this video.
Continue readingIf we want to be certain that what we’re running is what we built, we might need to sign container (Docker) images, as well as other types of artifacts. That’s where Cosign jump in. Sigstore Cosign makes signatures invisible, especially if we combine it with Kyverno or other Kubernetes admission controller solutions.
Continue readingWhich tool for Kubernetes policies and admission controllers works better? Kyverno or Datree?
Continue readingDatree is known as a great solution for client-side manifest scanning and policy enforcement. That just changed with the introduction of Kubernetes admission controllers. Datree now supports both, so it’s time to revisit the project and see whether it is a good choice for server-side validations and policy enforcement.
Continue reading“Kubernetes secrets are not secure enough!” If that’s true, maybe we should eliminate them altogether. Can we do that? Can we live without Kubernetes secrets? Is Secrets Store CSI Driver (SSCSID) the solution?
Continue readingHow do we manage secrets in Kubernetes clusters? If they are stored in external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, and others, we need to pull them into the clusters. External Secrets Operator might be the solution.
Continue readingHow do you manage authentication, authorization, and audit for your internal infrastructure and applications? Is Teleport the solution? Learn more at http://www.goteleport.com/devopstoolkit
Continue readingAre you wondering how to secure your Kubernetes clusters? Do you even know whether your k8s is secure? Kubescape by Armo might be the tool to help you with those and many other tasks related to Kubernetes security.
Continue readingDocker 1.13 introduced a set of features that allow us to centrally manage secrets and pass them only to services that need them. They provide a much-needed mechanism to provide information that should be hidden from anyone except designated services.
A secret (at least from Docker’s point of view) is a blog of data. A typical use case would be a certificate, SSH private keys, passwords, and so on. Secrets should stay secret meaning that they should not be stored unencrypted or transmitted over a network.
Continue reading
Technology Conversations 