Welcome to the K8s Breakfast Club, our vlog series featuring conversations with inspiring peers and friends from the cloud-native ecosystem. This week, Alcide CTO and co-founder Gadi Naor is giving containers-expert and segment lead at AWS, Vipin Mohan, a call to see what’s currently happening in his container world.
Last month, the Microsoft Azure Security Center published a fully detailed Threat Matrix for Kubernetes. This article identifies attack vectors unique to a Kubernetes environment. This important contribution is derived from the more generalized MITRE ATT&CK® framework that offers a complex matrix of common attack vectors.
GitOps is a paradigm that puts Git at the heart of building and operating cloud- native applications by using Git as the single source of truth. GitOps empowers developers to perform what used to fall under IT operations. GitOps, as a development pattern, gained a fair share of popularity in recent times as it emphasizes declaratively expressing infrastructure and application configuration within Git repositories GitOps.
Spoiler: we learned about the importance of open source, creating a fantastic community, tech-first vs software that’s not vendor-driven, and more.
Welcome to the Kubernetes Breakfast Club, our new vlog series featuring conversations with some of the most inspiring peers and friends from the cloud-native ecosystem. We ask our guests very important questions like what their favorite morning dish is or what keeps them busy outside their work these days. But we also ask their opinion on open source projects, application development practices, and everything in between.
Process whitelisting is a simple concept. In the K8s context, the basic idea is to create a list for each pod of all the processes that the pod is expected to run. Every time a process runs in your cluster you check if it is in the list. If an attacker manages to gain access to your cluster and starts running a malicious process then you can identify it immediately because a new non-whitelisted process is running. It doesn’t matter whether that process is a known bitcoin miner, a custom RAT (Remote Access Tool), or even a legitimate process like ssh. If the new process isn’t in the whitelist and isn’t part of the pod’s regular behaviour then it should be flagged immediately.
Last week we released sKan: a new CI scanner for DevOps and developers that scans K8s deployment files for security drifts.
What Is an Admission Controller?
Kubernetes admission controllers are a powerful native feature, that help define and customize the API resource configurations that can be admitted to a cluster. Described simply, an admission controller is a piece of code that acts on requests made to the Kubernetes API server. They’re invoked prior to the persistence of the object(s) defined by API requests, but after the requests have been authenticated and authorized by the API server.