#
kubernetes-security
Here are 38 public repositories matching this topic...
xanhacks
commented
Apr 20, 2021
Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
docker
kubernetes
infrastructure
security
microservices
helm
container
hacking
owasp
cloud-native
pentesting
cloudsecurity
devsecops
cloud-security
container-security
vulnerable-app
kubernetes-security
kubernetes-goat
-
Updated
Jun 13, 2021 - HTML
Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
kubernetes
security
policy
pod
certification
seccomp
apparmor
falco
exam-objectives
mitre-attack
open-policy-agent
kernel-hardening
kube-bench
pod-security-policy
cks
kubernetes-security
trivy
kube-hunter
ckss
os-footprint
-
Updated
Jun 4, 2021 - AGS Script
Kubernetes security notes and best practices
kubernetes
checklist
security
best-practices
kubernetes-cluster
attacker
vulnerabilities
kubernetes-security
-
Updated
Apr 24, 2020 - Shell
A Blazing fast Security Auditing tool for Kubernetes
docker
kubernetes
aws
security
devops
security-audit
automation
azure
containers
gke
infosec
security-tools
docker-security
container-security
aks
eks
informationsecurity
kubernetes-security
-
Updated
May 6, 2021 - Python
Kubei is a flexible Kubernetes runtime scanner, scanning images of worker and Kubernetes nodes providing accurate vulnerabilities assessment, for more information checkout:
-
Updated
Jun 14, 2021 - Go
Kubernetes security tool for policy enforcement
-
Updated
May 7, 2021 - Go
MKIT is a Managed Kubernetes Inspection Tool that validates several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside the cluster.
-
Updated
Jun 19, 2020 - Dockerfile
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
kubernetes
container
target
cloud-native
vulnerabilities
kernel-exploitation
privilege-escalation
container-security
kubernetes-security
container-escape
cloud-native-security
vulnerable-infrastructure
vulnerable-scenes
vulnerable-infrastructures
-
Updated
Jun 16, 2021 - Python
A curated list of Falco related tools, frameworks, blogs, podcasts, and articles
awesome
falco
kubernetes-security
falco-security
container-runtime-security
falcosidekick
sysdig-falco
falco-outputs
-
Updated
May 29, 2021
A curated list of awesome Kubernetes security resources
-
Updated
Jan 13, 2021
Manipulate K8s in a K8s way
reverse-shell
k8s
container-injection
container-security
kubernetes-security
post-penetration
container-escape
hack-k8s
fileless-attack
-
Updated
Jan 12, 2021 - Shell
Container Security Workshop covering using Falco on Kubernetes.
-
Updated
Apr 30, 2021 - Python
References for CKS Exam Objectives - Certified Kubernetes Security Specialist
-
Updated
Oct 17, 2020
awesome resources about cloud native security 🐿
docker
kubernetes
serverless
container
cloud-computing
k8s
cloud-native
cloud-security
docker-security
container-security
serverless-security
kubernetes-security
container-escape
cloud-native-security
-
Updated
Jun 16, 2021
flavio
commented
Mar 20, 2021
Right now policy-server will always download all the policies defined inside of the policies.yml file, even if they have already been downloaded.
This is sub-optimal, changing a policy setting requires to restart the policy-server, which then causes all the policies to be downloaded again.
Acceptance criteria
policies.ymlfile is extended to allow something similar to Kubernetes'
Shortlist of preparation materials to pass CKS exam
-
Updated
Oct 15, 2020 - HTML
Kubernetes Mutating and Validating Webhooks written in Sanic
-
Updated
Sep 21, 2019 - Python
Terraform provider to create OPA Gatekeeper v3 constraints and templates
-
Updated
Jun 30, 2020 - Go
A Kubewarden policy that restricts what registries, tags and images can pods on your cluster refer to
-
Updated
Jun 7, 2021 - Rust
A Kubewarden Pod Security Policy that controls usage of AppArmor profiles
-
Updated
Jun 1, 2021 - Rust
A Kubewarden Pod Security Policy that controls usage of allowPrivilegeEscalation
-
Updated
Jun 2, 2021 - Rust
A Pod Security Policy that controls Container Capabilities
-
Updated
Jun 2, 2021 - Rust
Authenticate and retrieve data from @HashiCorp-Vault via @kubernetes auth method
-
Updated
Feb 19, 2020 - Go
A Kubewarden Policy written in AssemblyScript that limits the ability to create privileged containers
-
Updated
Jun 7, 2021 - TypeScript
Policy to enforce requirements on Kubernetes Ingress resources.
kubernetes
ingress
webassembly
policy-as-code
kubernetes-security
ingresses-resources
kubewarden-policy
-
Updated
Jun 7, 2021 - Go
Kubewarden policy that validates Kubernetes' resource labels
-
Updated
Jun 7, 2021 - Go
External Secrets for Kubernetes
kubernetes
security
secrets
kubernetes-secrets
secrets-management
secrets-manager
kubernetes-security
external-secrets
external-secrets-operator
-
Updated
May 17, 2021 - Python
Free SSL on Kubernetes with cert-manager
-
Updated
May 18, 2021 - Go
Improve this page
Add a description, image, and links to the kubernetes-security topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the kubernetes-security topic, visit your repo's landing page and select "manage topics."
Overview
We have a custom Etcd cluster that setup with systemd and bash scripts. We can't pass the 'Etcd Node Configuration' check.
Environment
Kubernetes v1.18.6
Kube-bench: v0.5.0
Running processes