Kubernetes Security

A critical security requirement for our customers is to harden their servers to reduce the attack surface by removing unnecessary software and by configuring the remaining components so an attacker has fewer opportunities to compromise the server. The Center For Internet Security A non-profit organization called Center of Internet Security (CIS) was formed in 2000

Interested in Open Policy Agent and the Gatekeeper Project? In this post we will go over admission controllers, OPA, and Gatekeeper. The Kubernetes (K8s) platform consists of several components that all work together in sync to provide advanced container orchestration and deployment strategies. In order to support an ever-increasing set of requirements, this system is

As I talk with customers and prospects that are interested in  Platform9 Managed Kubernetes offering, PCI requirements come up frequently.  One critical PCI requirement is data encryption in flight within the Kubernetes cluster.  This blog is a guided tutorial on exactly how to implement data encryption within a k8s cluster using Calico and WireGuard on

When it comes to security, there is a lot that Kubernetes does. There is also a lot that it doesn’t do. To secure Kubernetes effectively for real-world deployment, you must understand which built-in security features Kubernetes offers and which it doesn’t, and how to leverage Kubernetes’s security capabilities at scale. Below, we walk through Kubernetes’s

Security-Enhanced Linux (SELinux) is a swiss army knife for Linux security, which is as relevant in commodity Kubernetes deployments as it was in yesterdays era of artisanally crafted linux server silos. Whether or not you are using cloud native technology, some of the lessons we’ve learned around being transparent, disciplined in your security practices, and