Community post originally published on Medium by Mathieu Benoit In Kubernetes 1.25 as stable (and since 1.23 as beta), the Pod Security admission (PSA) controller replaces PodSecurityPolicy (PSP), making it easier to enforce predefined Pod Security Standards (PSS) by simply adding a…
Secure your Kubernetes environment with OPA and Gatekeeper
Guest post originally published on SighUP’s blog by Simone Ragonesi We will introduce you to the powerful combination of Open Policy Agent (OPA) and Gatekeeper for Kubernetes security. In this article, we will introduce you to…
Kubernetes security: best practices for Kubernetes secrets management
Guest post originally published on the CyberArk blog by John Walsh Kubernetes has come a long way since its inception. But as the adoption of containerization has grown, Kubernetes security continues to be top of mind. Red Hat’s “The…
Kubernetes governance & the top 5 best practices of K8s deployment
Member post originally published on the Fairwinds blog by Joe Pelletier The widespread adoption of containerized applications has fundamentally changed how organizations develop, deploy, and manage their software infrastructure. Kubernetes is fundamental to this change, because…
Guest post originally published on Weaveworks’ blog Overview Developed by Weaveworks in 2016, Flux CD is a GitOps continuous delivery tool used to streamline and automate application deployments. It started as a small, internal project; now it’s a CNCF-graduated…
Switching To Cilium For Scalable and Cloud Native Networking Trip.com Group Limited, a multinational travel service conglomerate, serves customers in over 40 languages and 200 countries. Their operations are supported by a vast IT infrastructure, with…
Introducing the Wasm landscape (in English and Chinese)
By Chris Aniszczyk, Vivian Hu and Michael Yuan “Containers are the new normal, and WebAssembly is the future.” — CNCF Annual Survey 2022 key findings. Originally created as a secure sandbox to run compiled C/C++…
Kubernetes 1.28: revenge of the sidecars?
Member post originally published on the Buoyant blog by William Morgan A guide to Kubernetes sidecars: what they are, why they exist, and what Kubernetes 1.28 changes If you’re using Kubernetes, you’ve probably heard the term sidecar by…
Verifying images in a private Amazon ECR with Kyverno and IAM Roles for Service Accounts (IRSA)
Community post originally published on GitHub by Shuting Zhao, a maintainer of Kyverno When running workloads in Amazon Elastic Kubernetes Service (EKS), it is essential to ensure supply chain security by verifying container image signatures and…
Notary Project announces a major release!
Project post originally published on the Notary Project blog by the Notary Project Release Team The Notary Project maintainers are proud to announce a major release, including Notary Project specifications v1.0.0, notation v1.0.0, notation-go v1.0.0, and notation-core-go v1.0.0 which are ready…