If we want to be certain that what we’re running is what we built, we might need to sign container (Docker) images, as well as other types of artifacts. That’s where Cosign jump in. Sigstore Cosign makes signatures invisible, especially if we combine it with Kyverno or other Kubernetes admission controller solutions.Continue reading
Which tool for Kubernetes policies and admission controllers works better? Kyverno or Datree?Continue reading
Datree is known as a great solution for client-side manifest scanning and policy enforcement. That just changed with the introduction of Kubernetes admission controllers. Datree now supports both, so it’s time to revisit the project and see whether it is a good choice for server-side validations and policy enforcement.Continue reading
“Kubernetes secrets are not secure enough!” If that’s true, maybe we should eliminate them altogether. Can we do that? Can we live without Kubernetes secrets? Is Secrets Store CSI Driver (SSCSID) the solution?Continue reading
How do we manage secrets in Kubernetes clusters? If they are stored in external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, and others, we need to pull them into the clusters. External Secrets Operator might be the solution.Continue reading
Are you wondering how to secure your Kubernetes clusters? Do you even know whether your k8s is secure? Kubescape by Armo might be the tool to help you with those and many other tasks related to Kubernetes security.Continue reading
Docker 1.13 introduced a set of features that allow us to centrally manage secrets and pass them only to services that need them. They provide a much-needed mechanism to provide information that should be hidden from anyone except designated services.
A secret (at least from Docker’s point of view) is a blog of data. A typical use case would be a certificate, SSH private keys, passwords, and so on. Secrets should stay secret meaning that they should not be stored unencrypted or transmitted over a network.