Configure And Implement A Kubernetes Audits Webhook

This post is going to be mostly technical. By the end of it you should know exactly how to implement your own Kubernetes audits webhook. First off, if you need some background on Kubernetes auditing, I recommend reading my Kubernetes audits introduction post first. The reason for which I’m writing this post is because of…

Kubernetes Audits Introduction

Monitoring the security aspects of a system as complex as Kubernetes can get frustrating. Especially when you want simple answers to simple questions (e.g., what happened? when did it happen?). That is exactly where Kubernetes audits come into place. In this blog post I will go over Kubernetes audits in detail: What are they exactly?…

Go Seccomp Filters – Part 2

In the previous post you walked through an explanation on what syscalls are, what is seccomp and specifically what is a seccomp filter. If you are unfamiliar with seccomp filters or syscalls, I suggest you read the first part and then come back here. In this post, you’ll implement a seccomp filter on a Go…

Go Seccomp Filters – Part 1

In the following two blog posts series you are welcome to deep dive with me into applying seccomp filters on Go applications. Navigating your way bottom-up, these posts will give you a better understanding of what seccomp is. Hopefully, when finish reading this short, two-parts guide, you’ll be able to use it to protect your…

What is Open Policy Agent?

In the cloud native space, security goes a long way. One of the open source rising stars of this space is Open Policy Agent (in short – OPA). I’ve found it difficult to explain to fellow engineers and my colleagues what exactly is OPA and what does it do? As time passed, I came up…