- TechOps Examples
- Posts
- Epic K8s Tools For Solid Security Posture
Epic K8s Tools For Solid Security Posture
TechOps Examples
Hey β It's Govardhana MK π
Along with a use case deep dive, we identify the top news, tools, videos, and articles in the TechOps industry.
Before we begin... a big thank you to today's sponsor
A White Label Automation Solution.
SYNTHFLOW - AI Phone System Builder creates agents that connect to all your tools with a voice.
Deploy in minutes, No coding needed.
IN TODAY'S EDITION
π§ Use Case Deep Dive
Epic K8s Plugins For Solid Security Posture
π Top News
Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack
π½οΈ Videos
The Linux Filesystem Explained - How Each Directory is Used
3-way Git Merges... What?
ποΈ Resources
6 GitHub Actions Every DevOps Team Needs
What Is ArgoCD? A Practical Tutorial With Kubernetes
Prometheus vs Grafana - A Comparative Guide to Key Differences
π οΈ TOOL OF THE DAY
Kubernetes Goat - βVulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground.
Intentionally created vulnerabilities, applications, and configurations to attack and gain access to the cluster and workloads.
DO NOT run this alongside your production environments and infrastructure.
To be used for educational purposes only in a safe and isolated environment.
π§ USE CASE DEEP DIVE
Epic K8s Plugins For Solid Security Posture
Kubernetes simplifies building and deploying apps via containerization, but securing your pods and containers is a different challenge.
Kubernetes provides basic IP-based security for each pod, but securing your clusters requires moreβnetwork policies, access policies for individual pods, RBAC, namespace access policies, and so on.
However, many open-source tools and plugins can help manage these issues.
Let's explore some of the most useful ones:
Made with https://star-history.com/
1. Kube bench
β: 6,977 +
Kube-bench is a tool that checks Kubernetes clusters for compliance with security best practices, based on the CIS Kubernetes Benchmark. It helps identify vulnerabilities and misconfigs, providing detailed reports for remediation.
YAML-based test configuration allows easy updates as specs evolve.
kube-bench auto-selects tests for the node's Kubernetes version.
2. Stern
β: 3,265 +
Stern allows you to tail multiple pods and containers in Kubernetes, with color-coded log results for faster debugging.
Filters pods with regex or <resource>/<name>, no exact pod IDs needed.
Tails all pod containers by default, but you can limit with the container flag.
Auto-removes deleted pods, adds new ones as created.
3. Kubescore
β: 2,750 +
Kube-score is a tool that performs static code analysis of your Kubernetes object definitions, checking them against best practices to ensure proper configurations.
Evaluates resource definitions like Deployments, Services, and Ingresses for misconfigs.
Supports CRD validation, checks labels, resource limits, and other key configs.
Provides a score based on best practices and highlights issues.
4. Kubiscan
β: 1,313 +
KubiScan is a tool for scanning Kubernetes clusters for risky permissions in the RBAC authorization model.
Identify risky Pods\Containers
Identify risky Roles\ClusterRoles
Identify risky RoleBindings\ClusterRoleBindings
Identify risky Subjects (Users, Groups and ServiceAccounts)
Dump tokens from pods (all or by namespace)
CVE scan
5. Rakkess
β: 1,300 +
Rakkess is a kubectl plugin designed to show an access matrix for Kubernetes server resources, helping visualize and audit permissions.
Shows who can access Kubernetes resources and their actions.
Audits RBAC permissions for users, groups, and service accounts in a clear matrix view.
Supports CI/CD integration for continuous RBAC audits.
Remember, we are only as strong as the weakest link.
I hope this edition helped shed some light in that direction.
Automate Calls and Boost Conversions with AI Voice Assistants
Set up an AI receptionist (on 24/7) or an outbound lead qualifier (#Speedtolead). Book appointments, transfer calls, and extract info seamlessly. Integrates with HubSpot, GohighLevel, and more. Deploy in minutes, no coding needed.
If you're enjoying TechOps Examples please forward this email to a colleague.
It helps us keep this content free.