What is more important than actually getting the Kubernetes security certificate CKS is to have a sort of a mind map or a clear vision over the Kubernetes core security concepts and the different tools that you may use to prevent or mitigate attacks that could get through one of...
[Read More]
AKS - Encrypt OS and Data Disks BYOK and Mutate Default Storage
Working on Azure Kubernetes Service on an Enterprise scale imposes security first approaches, Therefor encrypting OS and Data disks should be on the top of your security checklist for AKS and it’s ecosystem. The challenge is actually how to make sure that the cluster users when requesting PersistentVolumes through PersistentVolumeClaims,...
[Read More]
Azure Policy and OPA Gatekeeper underlay for AKS
The Pod Security Policy is going to be deprecated after February 2021, Therefor it’s highly recommended to begin the preparation to migrate to Azure Policy for AKS, , offering built-in policies to secure pods and built-in initiatives which map to pod security policies, which work with Open Policy Agent -...
[Read More]
Service Mesh 203 - Authorization
Let’s take it over where we left in the previous article, We have familiarized with the MeshPolicy and Policy concepts in the Istio world. The system reached the inter-services security standards by implementing mutual TLS. However, There were limitations to the setup where such as Authorization aspect but fortunately Istio...
[Read More]
Synchronize Kubernetes Secrets with Azure Keyvault
Configuring applications to run on Kubernetes requires an understanding of some concepts like ConfigMaps and Secret, Those objects allow us to decouple environment-specific configuration from our container images, so that the applications are easily portable.
[Read More]