Cloud Custodian is yet another tool that helps us audit, manage, and apply policies to cloud resources, but with a twist. Is it any good? Should you use it? Who should use it?Continue reading
Category Archives: Security
What Is HTTPS? How Does It Work? Automate With cert-manager And Let’s Encrypt
There’s no excuse for anyone not to use HTTPS.
Learn how to automate HTTPS with cert-manager running in Kubernetes and Let’s Encrypt in this video.Continue reading
Signing And Verifying Container Images With Sigstore Cosign And Kyverno
If we want to be certain that what we’re running is what we built, we might need to sign container (Docker) images, as well as other types of artifacts. That’s where Cosign jump in. Sigstore Cosign makes signatures invisible, especially if we combine it with Kyverno or other Kubernetes admission controller solutions.Continue reading
Kubernetes Policies And Admission Controllers Compared – Kyverno vs Datree
Which tool for Kubernetes policies and admission controllers works better? Kyverno or Datree?Continue reading
Admission Controllers Or CLI? Kubernetes Policy Validations with Datree
Datree is known as a great solution for client-side manifest scanning and policy enforcement. That just changed with the introduction of Kubernetes admission controllers. Datree now supports both, so it’s time to revisit the project and see whether it is a good choice for server-side validations and policy enforcement.Continue reading
Eliminate Kubernetes Secrets With Secrets Store CSI Driver (SSCSID)
“Kubernetes secrets are not secure enough!” If that’s true, maybe we should eliminate them altogether. Can we do that? Can we live without Kubernetes secrets? Is Secrets Store CSI Driver (SSCSID) the solution?Continue reading
Manage Kubernetes Secrets With External Secrets Operator
How do we manage secrets in Kubernetes clusters? If they are stored in external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, and others, we need to pull them into the clusters. External Secrets Operator might be the solution.Continue reading
Authentication, Authorization, Audit, And Connectivity With Teleport
How do you manage authentication, authorization, and audit for your internal infrastructure and applications? Is Teleport the solution? Learn more at http://www.goteleport.com/devopstoolkitContinue reading
How To Secure Kubernetes Clusters With Kubescape And Armo
Are you wondering how to secure your Kubernetes clusters? Do you even know whether your k8s is secure? Kubescape by Armo might be the tool to help you with those and many other tasks related to Kubernetes security.Continue reading
Managing Secrets In Docker Swarm Clusters
Docker 1.13 introduced a set of features that allow us to centrally manage secrets and pass them only to services that need them. They provide a much-needed mechanism to provide information that should be hidden from anyone except designated services.
A secret (at least from Docker’s point of view) is a blog of data. A typical use case would be a certificate, SSH private keys, passwords, and so on. Secrets should stay secret meaning that they should not be stored unencrypted or transmitted over a network.