This week's articles
Docker authentication
#containers, #explain
A great explanation of how docker credential helpers and registry authentication works.
Containers vs. Pods - Taking a Deeper Look
#explain, #kubernetes
What is the difference between a Docker Container and a Kubernetes Pod? Can a Pod be created with plain Docker commands? How are Pods implemented under the hood?
|
|
Tools
opta
Infrastructure-as-code where you work with high-level constructs instead of getting lost in low level cloud configuration.
kube-review
Simple command line utility to transform a provided Kubernetes resource into a Kubernetes AdmissionReview request, as sent from the Kubernetes API server when dynamic admission control (i.e. webhook) is configured.
zarf
Zarf massively simplifies the setup & administration of kubernetes clusters "across the air gap".
starbase
Starbase collects assets and relationships from services and systems including cloud infrastructure, SaaS applications, security controls, and more into an intuitive graph view backed by a Neo4j database. You can also refer to the companion blog post.
|
|
Sponsor
ControlPlane is Hiring! Are you a cloud native pentester, engineer, or security architect with Kubernetes experience? Want to write Golang or build security tooling and pipelines? ControlPlane is a London based cloud technology company, helping to keep people safe online. We work with cloud providers and their customers to secure the building blocks of the internet, by offering consulting, training, and products related to cloud native development, security and operations. We guarantee nice people, interesting work, and offer remote-first roles: https://control-plane.breezy.hr/
|
|
|
From the cloud providers
GCP launches deny policies
IAM deny policies let you set guardrails on access to Google Cloud resources. With deny policies, you can define deny rules that prevent certain principals from using certain permissions, regardless of the roles they're granted. You can also check this useful thread from @jasonadyke.
Detecting identity attacks in Kubernetes
Identities are a key aspect of Kubernetes security, and monitoring their activity is crucial for keeping your cluster secured. The Kubernetes audit log and the cloud control plane logs can be used for identifying suspicious activity of the identities in Kubernetes.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! π If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|