Kubernetes Security
In-depth guides and analysis on kubernetes security from the Safeguard engineering team.
22 articles
Hardening Amazon EKS With Native AWS Controls
AWS secures the EKS control plane and etcd — everything else, from IAM to security groups to node OS patching, is on you under the shared responsibility model.
Kubernetes Secrets Management: Vault, Sealed Secrets, SOPS, and External Secrets Compared
Kubernetes Secrets are base64-encoded, not encrypted. That is the start of the problem. Here is a no-nonsense comparison of the tools that actually solve secrets management in Kubernetes.
Kubernetes Network Policies Deep Dive: From Zero Trust to Microsegmentation
By default, every pod can talk to every other pod. Network policies change that, but most implementations are incomplete. Here is how to build real microsegmentation in Kubernetes.
Kubernetes Ingress Security Configuration: Getting It Right
Ingress controllers are the front door to your Kubernetes cluster. Misconfigurations here expose everything behind them.
Calico Network Policy Best Practices for Production Kubernetes
Calico is the most widely deployed Kubernetes network plugin. Its policy model is powerful but has gotchas that trip up even experienced teams.
Service Mesh mTLS Configuration: Getting Mutual TLS Right
Service meshes promise automatic mTLS. The reality involves permissive modes, certificate management complexity, and gaps that attackers can exploit.
Cilium Network Security in Kubernetes: Beyond Basic Network Policies
Cilium uses eBPF to provide network security that standard Kubernetes NetworkPolicies cannot match. Here is what it adds and how to configure it.
Kubernetes Pod Security Standards: From PodSecurityPolicy to the New Admission Controller
PodSecurityPolicy is dead. Pod Security Standards replaced it. Here is what changed, what the three levels mean, and how to migrate without breaking your clusters.
OPA Gatekeeper for Kubernetes: Writing Policies That Actually Work
Gatekeeper brings OPA's policy engine to Kubernetes. The learning curve is steep but the flexibility is unmatched. Here is how to write, test, and deploy Rego policies that enforce real security.
Kubernetes Supply Chain Policy Engines: Enforcing What Gets Deployed
Scanning for vulnerabilities means nothing if you cannot enforce the results. Supply chain policy engines in Kubernetes turn security findings into hard deployment gates.