Kubernetes

Guias

• Kubernetes.io :: Securing a Cluster

• OWASP Cheat Sheet :: Kubernetes Security

Tools

Falco by CNCF

Falco is the open source standard for real-time detection of threats and anomalies across containers, Kubernetes, and cloud services.

Open Policy Agent by Sysdig

Sysdig Secure leverages OPA to enforce consistent policies across multiple infrastructure-as-code (IaC) sources (Terraform, Helm, Kustomize) and Kubernetes clusters, using a policy-as-code approach.

Harbor

Harbor is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud native compute platforms like Kubernetes and Docker.

External Secrets Operator

External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.

Datree

Datree automatically validates Kubernetes objects for rule violations, ensuring no misconfigurations reach production. It’s an E2E policy enforcement solution that can be used on the command line, admission webhook, or even as a kubectl plugin.

Kubeshark

Deep visibility and monitoring of all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster.

Links Úteis

Cursos

• FreeCodeCamp :: Docker Containers and Kubernetes Fundamentals – Full Hands-On Course

Artigos

• Infracloud :: Securing Kubernetes Secrets with HashiCorp Vault

• DarkReading :: Top 10 Kubernetes Security Risks Every DevSecOps Pro Should Know