Category Archives: Security

Signing And Verifying Container Images With Sigstore Cosign And Kyverno

If we want to be certain that what we’re running is what we built, we might need to sign container (Docker) images, as well as other types of artifacts. That’s where Cosign jump in. Sigstore Cosign makes signatures invisible, especially if we combine it with Kyverno or other Kubernetes admission controller solutions.

Continue reading

Kubernetes Policies And Admission Controllers Compared – Kyverno vs Datree

Which tool for Kubernetes policies and admission controllers works better? Kyverno or Datree?

Continue reading

Admission Controllers Or CLI? Kubernetes Policy Validations with Datree

Datree is known as a great solution for client-side manifest scanning and policy enforcement. That just changed with the introduction of Kubernetes admission controllers. Datree now supports both, so it’s time to revisit the project and see whether it is a good choice for server-side validations and policy enforcement.

Continue reading

Eliminate Kubernetes Secrets With Secrets Store CSI Driver (SSCSID)

“Kubernetes secrets are not secure enough!” If that’s true, maybe we should eliminate them altogether. Can we do that? Can we live without Kubernetes secrets? Is Secrets Store CSI Driver (SSCSID) the solution?

Continue reading

How To Secure Kubernetes Clusters With Kubescape And Armo

Are you wondering how to secure your Kubernetes clusters? Do you even know whether your k8s is secure? Kubescape by Armo might be the tool to help you with those and many other tasks related to Kubernetes security.

Continue reading

Managing Secrets In Docker Swarm Clusters

Docker 1.13 introduced a set of features that allow us to centrally manage secrets and pass them only to services that need them. They provide a much-needed mechanism to provide information that should be hidden from anyone except designated services.

A secret (at least from Docker’s point of view) is a blog of data. A typical use case would be a certificate, SSH private keys, passwords, and so on. Secrets should stay secret meaning that they should not be stored unencrypted or transmitted over a network.
Continue reading