# Kubernetes

## Guias

* [Kubernetes.io :: Securing a Cluster](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/)
* [OWASP Cheat Sheet :: Kubernetes Security](https://cheatsheetseries.owasp.org/cheatsheets/Kubernetes_Security_Cheat_Sheet.html)

## Tools

### [Falco by CNCF](https://sysdig.com/opensource/falco/)

Falco is the open source standard for real-time detection of threats and anomalies across containers, Kubernetes, and cloud services.

### [Open Policy Agent by Sysdig](https://sysdig.com/opensource/open-policy-agent/)

Sysdig Secure leverages OPA to enforce consistent policies across multiple infrastructure-as-code (IaC) sources (Terraform, Helm, Kustomize) and Kubernetes clusters, using a policy-as-code approach.

### [Harbor](https://goharbor.io/)

Harbor is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud native compute platforms like Kubernetes and Docker.

### [External Secrets Operator](https://external-secrets.io/)

External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret.

### [Datree](https://github.com/datreeio/datree)

Datree automatically validates Kubernetes objects for rule violations, ensuring no misconfigurations reach production. It’s an E2E policy enforcement solution that can be used on the command line, admission webhook, or even as a kubectl plugin.

### [Kubeshark](https://kubeshark.co/)

Deep visibility and monitoring of all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster.

## Links Úteis

### Cursos

* [FreeCodeCamp :: Docker Containers and Kubernetes Fundamentals – Full Hands-On Course](https://www.youtube.com/watch?v=kTp5xUtcalw)

### Artigos

* [Infracloud :: Securing Kubernetes Secrets with HashiCorp Vault](https://www.infracloud.io/blogs/kubernetes-secrets-hashicorp-vault/?utm_source=pocket_mylist)
* [DarkReading :: Top 10 Kubernetes Security Risks Every DevSecOps Pro Should Know](https://www.darkreading.com/dr-tech/top-10-kubernetes-security-risks-every-devsecops-needs-to-know)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ben-hurs-organization.gitbook.io/guia-de-appsec/cheat-sheets/kubernetes.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.