Kubernetes Pod Security Policy Deprecation

A couple of weeks ago I noticed that the Kubernetes Auth Special Interest Group (AKA sig-auth) announced its decision to deprecate the Pod Security Policy (PSP) in Kubernetes version 1.21 and to remove the API completely at version 1.25. Similar to the case where it was decided to remove the dynamic audit sink feature, it…

Kubernetes MITRE ATT&CK Framework Explained

If you’ve been around the cloud native world in the last few months, you probably couldn’t escape from hearing the term MITRE ATT&CK. In this blog post I’ll give a simple introduction and explanation as to what MITRE ATT&CK is and it’s applications to Kubernetes specifically. The MITRE Corporation The MITRE Corporation is an American…

Configure And Implement A Kubernetes Audits Webhook

This post is going to be mostly technical. By the end of it you should know exactly how to implement your own Kubernetes audits webhook. First off, if you need some background on Kubernetes auditing, I recommend reading my Kubernetes audits introduction post first. The reason for which I’m writing this post is because of…

Ambassador Container Design Hands On

When developing a cloud native application, we want it to serve a single purpose and be as simple as possible. For example, you would want to have a clear separation between your application logic and communications to remote services. This is where the ambassador container pattern comes in place.

The Death Of Kubernetes AuditSink

I’ll start this blog post with a funny story: my last blog post was an introduction to Kubernetes audits (which I recommend reading before diving into this post). As a continuing post, I wrote about what I thought to be the future of Kubernetes audits – the dynamic backend. Only to find out, a couple…

Kubernetes Audits Introduction

Monitoring the security aspects of a system as complex as Kubernetes can get frustrating. Especially when you want simple answers to simple questions (e.g., what happened? when did it happen?). That is exactly where Kubernetes audits come into place. In this blog post I will go over Kubernetes audits in detail: What are they exactly?…