Latest News

Read all latest blog posts

byJan Toth

:date_long

Learn AWS EKS Kubernetes cluster and devops in AWS (Part 1)

Learn AWS EKS Kubernetes cluster and devops in AWS (Part 1) Starting AWS EKS cluster manually in AWS web console

byJan Toth

:date_long

CKS behavioral analytics falco

Explore strace root@scw-k8s:~# strace -cw ls / bin etc initrd.

byJan Toth

:date_long

CKS Secure supply chain - ImagePolicyWebhook

If you want to pull from a docker registry you need to docker login first.

byJan Toth

:date_long

CKS Trivy and Clair - Vulnerability Scanner for Containers and other Artifacts

There are Clair and Trivy trivy (run one command - very convinient)

byJan Toth

:date_long

CKS Kubesec - Security risk analysis for Kubernetes resources

Static Analysis manual approach kubesec OPA Conftest Notes can be incorporated in CI/CD system looks at source code and text files check against rules enforce rules e.

byJan Toth

:date_long

CKS Image Footprint

run specific version do not run as root not shell read only filesystem This would be an ideal example of Dockerfile

byJan Toth

:date_long

OPA is not Kubenretes specific general purpose policy engine An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object, but after the request is authenticated and authorized.

Latest News

Learn AWS EKS Kubernetes cluster and devops in AWS (Part 1)

CKS behavioral analytics falco

CKS Secure supply chain - ImagePolicyWebhook

CKS Trivy and Clair - Vulnerability Scanner for Containers and other Artifacts

CKS Kubesec - Security risk analysis for Kubernetes resources

CKS Image Footprint

OPA - Gatekeeper