3. How to Secure Kubernetes Pods Post-PSPs Deprecation

How to Secure Kubernetes Pods Post-PSPs Deprecation

Few tips I bookmarked regarding that subject, that help me, hope it will help some of you as well

  • Scan containers and Pods for vulnerabilities or misconfigurations.

  • Run containers and Pods with the least privileges possible.

  • Use network separation to control the amount of damage a compromise can cause.

  • Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality.

  • Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.

  • Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity.

  • Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for and security patches are applied.

/r/programming Thread Link - armosec.io
Previous
Next

Recently removed from /r/programming

A Plea for Fairness for Non-profit Developers of Open Source Software TIL It takes developers 23 minutes of uninterrupted focus until they hit their “flow” state - the stage in which they do actual coding. Slack messages, fragmented meeting schedules and the need to be "available" online is hampering the possible productive gains “ChatGPT Will Replace Programmers Within 10 Years” - What do YOU, the programmer think? Docker is deleting Open Source organisations - what you need to know Disambiguating Arm, Arm ARM, Armv9, ARM9, ARM64, Aarch64, A64, A78, ... ASP.NET Core Blazor - A Complete Overview The Case for Functional CSS Why we ditched GraphQL for tRPC Single mom sues coding boot camp over job placement rates Good day. I'm writing a QUIC proxy in C. It's halfway done. It uses HTTP as protocol. Parser written, QUIC implemented through MS's library. Please star if you like. Thanks. Meta releases Sapling, a new way of using source control We’ve filed a law­suit chal­leng­ing GitHub Copi­lot, an AI prod­uct that relies on unprece­dented open-source soft­ware piracy. We Need To Talk About The Bad Sides of Go GitHub Copilot investigation Is a ‘software engineer’ an engineer? Alberta regulator says no, riling the province’s tech sector

More Random Comments

Were your expectations for AOE4 met? Is it me or do the majority of locals have no "noonchi" (Got into an altercation) What is the first memory you have as a person? Can we have an honest discussion about the relationship between Lewis' statistical success and the dominance of the Mercedes car? One where it isn't automatically assumed I'm questioning his talent? I Found This Game That COPIED GTA 5, And it Was Just So Funny... Trust Account GME Cubes ™️ built inside of Walmart? Video has been deleted from TikTok as well as the profile. Deeply Sorry Can they push back my ORD because my MC is too long? Vyvanse makes me head quiet How did you meet your SO? U.S. And Chinese Carrier Groups Mass In The South China Sea Superstonk $GME Discussion Biden pursues giant boost for science spending, requests $8.7-bill budget for CDC, largest budget increase at 23% in nearly two decades. 25% increase for Ocean and Atmosphere Admin, 21% for NIH, 20% NSF, 6.3% increase for Space, 10% increase for Energy.