Operations | Monitoring | ITSM | DevOps | Cloud

October 2019

Enable GitOps for Kubernetes Security - Part 1

“How do I enable GitOps for my network policies?” That is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, security. Most security teams already have a high-level security blueprint for their data centers.

Everything you need to know about Kubernetes pod networking on AWS

When you are first starting out with Kubernetes running in Amazon cloud, pod networking is probably not the first thing you think about. Nevertheless, at some point you are going to be 100% dependent on whatever networking you choose. So while you don’t need to be a networking expert, it’s well worth investing a few minutes to gain a basic understanding of the common choices, how they work, and the tradeoffs between them.

Single Sign-On for Kubernetes: Dashboard Experience

Over my last two posts (part 1 and part 2), I have investigated user authentication in Kubernetes and how to create a single sign-on experience within the Kubernetes ecosystem. So far I have explained how Open ID Connect (OIDC) works, how to get started with OIDC and how to perform a login from the command line. The final piece of this puzzle is the Kubernetes dashboard, often used by our engineers alongside kubectl.

3 Layers to Defend Your Kubernetes Workloads

Researchers at Netflix and Google recently reported a vulnerability in the HTTP/2 protocol that enables adversaries to execute a DOS attack by legitimate use of the protocol. These types of attacks are very difficult to detect and mitigate because the traffic is valid HTTP/2 traffic. While HTTP/2 is a relatively new protocol it should be noted that even after several years of hardening we still see vulnerabilities for the TCP protocol like the recently reported SACK vulnerability.