Archive
Posts in Kubernetes
Auditing your Kubernetes clusters security posture with kubeaudit
In this day and age of security breaches, system compromises, and critical CVEs coming out almost daily, security best practices should go into everything we do. There is an almost limitless number of tools for auditing, securing, and reporting on system and network security issues. One of these tools, Kubeaudit, allows you to audit the security posture of your Kubernetes clusters. Kubeaudit ships with a numerous audit rules, which cover the major Kubernetes security best practices…
$ read more →Validating Kubernetes manifests with kubeval
I recently got some spare time to clean up and enhance my Kubernetes CI/CD pipelines. I have long embraced the Fail-Fast approach to deployments, and have added test after test to make our deployments go off without a hitch. One tool that has helped with this is kubeval. This super useful tool can process one or more deployment manifests, and spit out an error if they aren't properly structured…
$ read more →Creating development and testing environments with Weave footloose
I've been a long time user of Vagrant. It's invaluable for spinning up local test and development environments. Recently I learned about Weave's footloose project, which provides a similar experience to Vagrant. But instead of using virtual machines, it utilizes containers…
$ read more →Viewing Kubernetes RBAC permissions for users and groups
As a security conscious Kubernetes operator, I take security extremely seriously. When new services are rolled out, I do everything in my power to ensure roles and clusterroles have the minimum number of permissions they need. Creating permissions is easy to do with audit2rbac, but how do you view them once they are in place? I use the Kubectl Krew plug-in manager, which provides a way to easily install a number of useful plug-ins…
$ read more →Listing Kubernetes nodes by label
When you support large Kubernetes clusters, you need efficient methods to list pods, nodes, and deployments when you are troubleshooting issues. Kubectl has a number of built-in methods to do this. You can use jsonpath, selectors and sort-by statements to return the exact data you need. In addition, you can use the kubectl "-l" option to list objects that contain (or don't contain) a label…
$ read more →