A couple of weeks ago I noticed that the Kubernetes Auth Special Interest Group (AKA sig-auth) announced its decision to deprecate the Pod Security Policy (PSP) in Kubernetes version 1.21 and to remove the API completely at version 1.25. Similar to the case where it was decided to remove the dynamic audit sink feature, it…
Category: Security
Kubernetes MITRE ATT&CK Framework Explained
If you’ve been around the cloud native world in the last few months, you probably couldn’t escape from hearing the term MITRE ATT&CK. In this blog post I’ll give a simple introduction and explanation as to what MITRE ATT&CK is and it’s applications to Kubernetes specifically. The MITRE Corporation The MITRE Corporation is an American…
Configure And Implement A Kubernetes Audits Webhook
This post is going to be mostly technical. By the end of it you should know exactly how to implement your own Kubernetes audits webhook. First off, if you need some background on Kubernetes auditing, I recommend reading my Kubernetes audits introduction post first. The reason for which I’m writing this post is because of…
Kubernetes Audits Introduction
Monitoring the security aspects of a system as complex as Kubernetes can get frustrating. Especially when you want simple answers to simple questions (e.g., what happened? when did it happen?). That is exactly where Kubernetes audits come into place. In this blog post I will go over Kubernetes audits in detail: What are they exactly?…
Go Seccomp Filters – Part 2
In the previous post you walked through an explanation on what syscalls are, what is seccomp and specifically what is a seccomp filter. If you are unfamiliar with seccomp filters or syscalls, I suggest you read the first part and then come back here. In this post, you’ll implement a seccomp filter on a Go…
Go Seccomp Filters – Part 1
In the following two blog posts series you are welcome to deep dive with me into applying seccomp filters on Go applications. Navigating your way bottom-up, these posts will give you a better understanding of what seccomp is. Hopefully, when finish reading this short, two-parts guide, you’ll be able to use it to protect your…
What is Open Policy Agent?
In the cloud native space, security goes a long way. One of the open source rising stars of this space is Open Policy Agent (in short – OPA). I’ve found it difficult to explain to fellow engineers and my colleagues what exactly is OPA and what does it do? As time passed, I came up…