One of the biggest security risks related to Kubernetes are often linked to the fact that it is really hard to ensure that only “approved” images are deployed in your Kubernetes cluster. The goal here is to leverage Notary and the a project called “Portieris” created by IBM.
Also ARM processor on the Raspberry PI 3B+ is a 64 bit processor, because the board is only equipped with 1G of RAM, a 64 bit operating system is not really needed except when….
Kubeadm is coming with an upgrade option. The goal of this study is to leverage the option.
kustomize seems to help the setup of multiple clusters by removing copy paste accross cluster and still keeping the configuration file has plain yaml instead of the template like it is often the case with t
test-infra seems to somewhat overlap with sonobuoy features. The purpose of this post is to fetch the code, compile and deploy it on a Kubernetes cluster.
Istio is aiming at improving security of the containers. One of the key aspects is the end to end encryption of the commnucation, the role of citadel to ensure the management of the certificates, the renewal of the certificates. As always, the goal of this post is to study that new tool and figure out I can leverage it in my day to day work.
Vault is aiming at improving security of the containers by rotating token and credential much more often than usual. Looks like it is especially effectiv to help rotate passwords used to access internal databases.