Latest News
Read all latest blog posts
![post image](/images/blog/post-1_hu503387a4685af09377e6d1551af25ae0_75926_00f003beefc3d69b1ea5cccf1e62694c.webp)
Learn AWS EKS Kubernetes cluster and devops in AWS (Part 1)
Learn AWS EKS Kubernetes cluster and devops in AWS (Part 1) Starting AWS EKS cluster manually in AWS web console
Read More![post image](/images/blog/linux-1_hu928a111b75a731678aae189a5163bdac_17752_2d088676a8ab422d4bcdea1fd252c956.webp)
CKS Reduce Attack Surface
Overview only purpose (remove unneceassary services) node recycling (should be ephemeral, created from images) ubuntu, centos systemctl list-units | grep <service-name> systemctl list-units --type=service | grep <service-name> systemctl list-units --type=service --state=running | grep <service-name>
Read More![post image](/images/blog/kubernetes-cert-1_hu8293200294569c0974c38191cd2be9b7_41610_30f1e7bd325158d99a816f9f17673a68.webp)
CKS Kernel Hardening Tools
Requirements for Apparmor container runtime needs to support Apparmor Apparmor needs to be installed on every node Apparmor profiles need to be available on every node Apparmor profiles are specified per container (done via annotations) not per pod!
Read More![post image](/images/blog/kubernetes-cert-1_hu8293200294569c0974c38191cd2be9b7_41610_30f1e7bd325158d99a816f9f17673a68.webp)
CKS Audit logging via kube-api server
Important Kubernetes request stages What events should be recorded Audit log from Mushad course
Read More![post image](/images/blog/linux-1_hu928a111b75a731678aae189a5163bdac_17752_2d088676a8ab422d4bcdea1fd252c956.webp)
CKS Immutability of containers at runtime
advanced deployment methods easy rollback more reliability better security (on container level) Interesting example of how ‘‘startupProbe’’ can be used to make container a bit more secure root@cks-master:~# cat immutable.
Read More![post image](/images/blog/kubernetes-cert-1_hu8293200294569c0974c38191cd2be9b7_41610_30f1e7bd325158d99a816f9f17673a68.webp)
CKS behavioral analytics falco
Explore strace root@scw-k8s:~# strace -cw ls / bin etc initrd.
Read More![post image](/images/blog/kubernetes-cert-1_hu8293200294569c0974c38191cd2be9b7_41610_30f1e7bd325158d99a816f9f17673a68.webp)
CKS Secure supply chain - ImagePolicyWebhook
If you want to pull from a docker registry you need to docker login first.
Read More