Epic K8s Tools For Solid Security Posture

TechOps Examples

Hey β€” It's Govardhana MK πŸ‘‹

Along with a use case deep dive, we identify the top news, tools, videos, and articles in the TechOps industry.

Before we begin... a big thank you to today's sponsor

  • A White Label Automation Solution.

  • SYNTHFLOW - AI Phone System Builder creates agents that connect to all your tools with a voice.

  • Deploy in minutes, No coding needed.

IN TODAY'S EDITION

🧠 Use Case Deep Dive

  • Epic K8s Plugins For Solid Security Posture

πŸš€ Top News

πŸ“½οΈ Videos

  • 3-way Git Merges... What?

πŸ“šοΈ Resources

πŸ› οΈ TOOL OF THE DAY

Kubernetes Goat - β€œVulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground.

  • Intentionally created vulnerabilities, applications, and configurations to attack and gain access to the cluster and workloads.

  • DO NOT run this alongside your production environments and infrastructure.

  • To be used for educational purposes only in a safe and isolated environment.

🧠 USE CASE DEEP DIVE

Epic K8s Plugins For Solid Security Posture

Kubernetes simplifies building and deploying apps via containerization, but securing your pods and containers is a different challenge.

Kubernetes provides basic IP-based security for each pod, but securing your clusters requires moreβ€”network policies, access policies for individual pods, RBAC, namespace access policies, and so on.

However, many open-source tools and plugins can help manage these issues.

Let's explore some of the most useful ones:

⭐: 6,977 +

Kube-bench is a tool that checks Kubernetes clusters for compliance with security best practices, based on the CIS Kubernetes Benchmark. It helps identify vulnerabilities and misconfigs, providing detailed reports for remediation.

  • YAML-based test configuration allows easy updates as specs evolve.

  • kube-bench auto-selects tests for the node's Kubernetes version.

⭐: 3,265 +

Stern allows you to tail multiple pods and containers in Kubernetes, with color-coded log results for faster debugging.

  • Filters pods with regex or <resource>/<name>, no exact pod IDs needed.

  • Tails all pod containers by default, but you can limit with the container flag.

  • Auto-removes deleted pods, adds new ones as created.

⭐: 2,750 +

Kube-score is a tool that performs static code analysis of your Kubernetes object definitions, checking them against best practices to ensure proper configurations.

  • Evaluates resource definitions like Deployments, Services, and Ingresses for misconfigs.

  • Supports CRD validation, checks labels, resource limits, and other key configs.

  • Provides a score based on best practices and highlights issues.

⭐: 1,313 +

KubiScan is a tool for scanning Kubernetes clusters for risky permissions in the RBAC authorization model.

  • Identify risky Pods\Containers

  • Identify risky Roles\ClusterRoles

  • Identify risky RoleBindings\ClusterRoleBindings

  • Identify risky Subjects (Users, Groups and ServiceAccounts)

  • Dump tokens from pods (all or by namespace)

  • CVE scan

⭐: 1,300 +

Rakkess is a kubectl plugin designed to show an access matrix for Kubernetes server resources, helping visualize and audit permissions.

  • Shows who can access Kubernetes resources and their actions.

  • Audits RBAC permissions for users, groups, and service accounts in a clear matrix view.

  • Supports CI/CD integration for continuous RBAC audits.

Remember, we are only as strong as the weakest link.

I hope this edition helped shed some light in that direction.

Automate Calls and Boost Conversions with AI Voice Assistants

Set up an AI receptionist (on 24/7) or an outbound lead qualifier (#Speedtolead). Book appointments, transfer calls, and extract info seamlessly. Integrates with HubSpot, GohighLevel, and more. Deploy in minutes, no coding needed.

If you're enjoying TechOps Examples please forward this email to a colleague.

It helps us keep this content free.

Looking to promote your company, product, service, or event to 13,000+ TechOps Professionals? Let's work together.