This week's articles
Four steps for hardening Amazon EKS security
Best practices for hardening AWS EKS clusters, including the importance of dedicated continuous delivery IAM roles, multi-account architecture for cluster isolation, and how to encrypt secrets in the control plane.
#aws
#defend
#kubernetes
Bye bye bastion hosts...Hello AWS IAM!
How Segment got rid of SSH bastion hosts, reducing cost, complexity, and maintenance of their infrastructure, as well as eliminating the need to distribute SSH Keys. Last but not least, they reduced their attack surface by not having any SSH port open to the world.
#aws
#defend
Kubernetes monitoring with Prometheus, the ultimate guide
How to implement Kubernetes monitoring with Prometheus, by learning how to deploy a Prometheus server and metrics exporters, setup kube-state-metrics, pull and collect those metrics, and configure alerts with Alertmanager and dashboards with Grafana.
#kubernetes
#monitor
Azure Flow Log Analysis
Azure flow logs don't have the same instance ID that AWS flow logs do. So how do you figure out which VM the logs came from?
#azure
#monitor
What Is Workload Security? On-Premises, Cloud, Kubernetes, and More
Different workloads have different characteristics, and the best platform for a particular workload to run on depends on the nature of the specific workload. Workloads and their layers of abstraction need to be addressed independently since the workflow of its users will vary between use cases.
#explain
#kubernetes
|