Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-k8s-security
A curated list for Awesome Kubernetes Security resources
https://github.com/magnologan/awesome-k8s-security
Last synced: 4 days ago
JSON representation
-
The Basics
- Kubernetes in 5 mins
- Kubernetes Concepts Explained in 9 minutes!
- Kubernetes 101
- Kubernetes: Getting Started
- Introduction to Kubernetes
- Kube Academy
- Game of Pods (KodeKloud)
- Gist of Kubernetes Resources
- Uncomplicating Kubernetes (Jeferson Noronha aka LinuxTips)
- Kubernetes The Hard Way - Kelsey Hightower
- Kubernetes Challenge
- Kubernetes de K a S - Erlon Pinheiro
- Kubernetes Training
- Kubernetes Security Checklist and Requirements
- Kubernetes: Getting Started
-
Official Pages
- Kubernetes.io
- Kubernetes Security and Disclosure Information
- Cloud Native Security
- Pod Security Standards
- CNCF STAG Meeting Notes
- CNCF STAG Mailing List
- Kubernetes SIG Security
- Kubernetes SIG Security Meeting Notes
- Kubernetes SIG Auth (Authorization, Authentication, and Cluster Security Policy)
- Kubernetes Security Audit 2019 Results
- Kubernetes Security Audit 2021 RFP
- Kubernetes GitHub
- CNCF STAG - Security Technical Advisory Group
-
Talks and Videos
- Compromising Kubernetes Cluster by Exploiting RBAC Permissions - Eviatar Gerzi, CyberArk (RSA 2020)
- Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down - Carson Anderson, DOMO
- Kubernetes Deconstructed: Understanding Kubernetes by Breaking It Down - Carson Anderson, DOMO (Extended Version)
- Advanced Persistence Threats: The Future of Kubernetes Attacks (RSAC 2020)
- Kubernetes Security Best Practices - Ian Lewis, Google
- Securing Kubernetes Secrets (Cloud Next '19)
- Jay Beale - Attacking and Defending Kubernetes - DEF CON 27 Packet Hacking Village
- The State of Kubernetes Security - Liz Rice
- DIY Pen-Testing for Your Kubernetes Cluster - Liz Rice, Aqua Security
- Kubernetes Security 101: Best Practices to Secure your Cluster
- Kubernetes Security 101: OWASP Natal Virtual Meeting
- Rory's McCune **@raesene** Kubernetes Security Lab | Rawkode Live workshop
- Kubernetes Security 101: OWASP Natal Virtual Meeting
- Kubernetes Security 101: Best Practices to Secure your Cluster
- Kubernetes Security 101: OWASP Natal Virtual Meeting
- Rory's McCune **@raesene** Kubernetes Security Lab | Rawkode Live workshop
-
Blogs and Articles
- Cloud native security for your clusters
- Container Security: Examining Potential Threats to the Container Environment
- Kubernetes securityContext: Linux capabilities in Kubernetes
- 10 Kubernetes Security Context settings you should understand
- Kubesploit: A New Offensive Tool for Testing Containerized Environments
- Securing Kubernetes Clusters by Eliminating Risky Permissions
- Using Kubelet Client to Attack the Kubernetes Cluster
- Eight Ways to Create a Pod
- Risk8s Business: Risk Analysis of Kubernetes Clusters
- How to Set Up and Manage Logs with Kubernetes
- The Current State of Kubernetes Threat Modelling
- Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes
- The Basics of Keeping Kubernetes Clusters Secure
- The Basics of Keeping Kubernetes Cluster Secure: Worker Nodes and Related Components
- How to Secure Your Kubernetes Cluster
- Kubernetes Security
- Introducing Kubernetes Goat
- Threat Matrix for Kubernetes
- Open Sourcing the Kubernetes Security Audit
- Protecting Kubernetes: The Kubernetes Attack Matrix and How to Mitigate Its Threats
- Securing the 4Cs of Cloud Native
- CVE-2018-18264 Privilege escalation through Kubernetes dashboard
- Certified Kubernetes Security Specialist (CKS) exam guide
- A Deep Dive Into Kubernetes Schema Validation
- A Beginner-Friendly Introduction to Kubernetes
- Managing Kubernetes without losing your cool
- Kubernetes: Detailed security assessment guidelines and necessary checklist
- Risk8s Business: Risk Analysis of Kubernetes Clusters
- The Current State of Kubernetes Threat Modelling
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- Amazon EKS Best Practices Guide for Security
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
- A Beginner-Friendly Introduction to Kubernetes
-
Books
- Hacking Kubernetes by Andrew Martin, Michael Hausenblas
- Learn Kubernetes Security by Kaizhe Huang and Pranjal Jumde
- Kubernetes Security by Liz Rice and Michael Hausenblas
- Container Security by Liz Rice
- Kubernetes: Up and Running, Second Edition by Brendan Burns, Joe Beda and Kelsey Hightower
- The Kubernetes Book by Nigel Poulton and Pushkar Joglekar
- Kubernetes Patterns: Reusable Elements for Designing Cloud-Native Applications by Bilgin Ibryam & Roland Huß
- Securing Kubernetes Secrets by Alex Soto Bueno and Andrew Block
- Google Anthos by Antonio Gulli et al.
- Kubernetes for Developers by William Denniss
- Kubernetes on Windows by Jay Vyas and James Sturtevant
- Core Kubernetes by Chris Love
- Kubernetes Security with M9sweeper
- Kubernetes: Up and Running, Second Edition by Brendan Burns, Joe Beda and Kelsey Hightower
- Kubernetes in Action, Second Edition by Marko Lukša
-
Certifications
-
CVEs
- Exploring container security: Vulnerability management in open-source Kubernetes
- CVE-2018-18264 - Kubernetes Dashboard bypass authentication
- CVE-2019-11247 - kube-apiserver mistakenly allows access to a cluster-scoped custom resource
- CVE-2019-11249 - kubectl cp command tar exploit
- CVE-2021-25735 - kube-apiserver allow node updates to bypass a Validating Admission Webhook
- CVE-2021-25737 - user may be able to redirect pod traffic to private networks on a node
- CVE-2021-25740 - enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack
- CVE-2021-25741 - user may be able to create a container with subpath volume mounts to access files & directories outside of the volume
- CVE-2021-30465 - runc container filesystem breakout via directory traversal
- CVE-2020-8558 PoC - kube-proxy unexpectedly makes localhost-bound host services available to others on the network
- CVE-2020-8559 PoC - kube-apiserver vulnerable to an unvalidated redirect on proxied upgrade requests
- CVE-2020-8559 PoC 2 - kube-apiserver vulnerable to an unvalidated redirect on proxied upgrade requests
- CVE-2020-10749 PoC - malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks
-
Slides
-
Trainings
- Secure Kubernetes
- Cloud Native Security Tutorial
- Kubernetes Security (Advanced Concepts)
- Kubernetes Goat Guide
- Katacoda Kubernetes Goat Videos
- A Cloud Guru Kubernetes Security
- SANS Cloud-Native Security Defending Containers and Kubernetes
- Tutorial: Getting Started With Cloud-Native Security - KubeCon EU 2020 - Liz Rice & Michael Hausenblas
- Control Plane Security Training
- Kubernetes CKS Exam Simulator
- Attacking and Auditing Docker Containers and Kubernetes Clusters
- Kubernetes Security Workshop
- Linux Academy - Kubernetes Security
- Tutorial: Getting Started With Cloud-Native Security - KubeCon EU 2020 - Liz Rice & Michael Hausenblas
- Mumshad's KodeCloud Certified kubernetes security specialist **cks**
-
Repositories / Tools
-
Learning
-
Defending
- Inspektor Gadget
- Open Policy Agent
- Kyverno
- Kubewarden
- cnspec - cloud-native security and policy project
- kubescape
- KubeArmor - Cloud-native runtime protection
- KubiScan
- Kubernetes Audit by Trail of Bits
- kubeaudit
- Deepfence ThreatMapper
- falco
- kubesec
- kube-bench
- trivy
- MKIT
- kubetap
- kube-forensics
- k8s-security-dashboard
- CIS Kubernetes Benchmark - InSpec Profile
- Kube PodSecurityPolicy Advisor
- Starboard
- Advocacy Site for Kubernetes RBAC
- Helm-Snyk
- Krane
- rakkess
- kubectl-who-can
- M9sweeper - Kubernetes Security Platform
- Kubernetes Security - Best Practice Guide
- External Secrets
- KubeLinter
- Gatekeeper
- KICS - Keeping Infrastructure as Code Secure
- Inspektor Gadget
- kubescape
-
Attacking
-
-
Community
-
K8s Alternatives
-
Slacks
-
Newsletters
-
Jobs
-
K8s Managed Services
-
Other Awesome Lists
-
-
Papers
-
Podcasts
Programming Languages
Categories
Sub Categories
Keywords
kubernetes
36
security
20
containers
9
security-tools
7
golang
6
kubernetes-security
6
cncf
6
cloud-native
6
devsecops
5
rbac
5
k8s
5
vulnerability-detection
4
docker
4
kubectl
3
policy
3
kube-bench
3
certification
3
cks
3
ckss
3
falco
3
devops
3
ebpf
3
authorization
3
vulnerability-scanners
3
container-security
3
iac
2
hardening
2
vulnerabilities
2
infrastructure-as-code
2
vulnerability
2
cloudsecurity
2
kubectl-plugins
2
trivy
2
open-policy-agent
2
mitre-attack
2
kube-hunter
2
cncf-project
2
bpf
2
audit
2
tool
2
aws
2
rbac-management
2
azure
2
best-practice
2
access-control
2
static-analysis
2
go
2
google-cloud
1
kubernetes-goat
1
google-kubernetes
1