Safeguard
Topic

Kubernetes Security

In-depth guides and analysis on kubernetes security from the Safeguard engineering team.

22 articles

Kubernetes Security

Hardening Amazon EKS With Native AWS Controls

AWS secures the EKS control plane and etcd — everything else, from IAM to security groups to node OS patching, is on you under the shared responsibility model.

Jul 8, 20267 min read
Kubernetes Security

Kubernetes Secrets Management: Vault, Sealed Secrets, SOPS, and External Secrets Compared

Kubernetes Secrets are base64-encoded, not encrypted. That is the start of the problem. Here is a no-nonsense comparison of the tools that actually solve secrets management in Kubernetes.

Apr 8, 20247 min read
Kubernetes Security

Kubernetes Network Policies Deep Dive: From Zero Trust to Microsegmentation

By default, every pod can talk to every other pod. Network policies change that, but most implementations are incomplete. Here is how to build real microsegmentation in Kubernetes.

Aug 18, 20237 min read
Kubernetes Security

Kubernetes Ingress Security Configuration: Getting It Right

Ingress controllers are the front door to your Kubernetes cluster. Misconfigurations here expose everything behind them.

Aug 12, 20234 min read
Kubernetes Security

Calico Network Policy Best Practices for Production Kubernetes

Calico is the most widely deployed Kubernetes network plugin. Its policy model is powerful but has gotchas that trip up even experienced teams.

Apr 12, 20236 min read
Kubernetes Security

Service Mesh mTLS Configuration: Getting Mutual TLS Right

Service meshes promise automatic mTLS. The reality involves permissive modes, certificate management complexity, and gaps that attackers can exploit.

Mar 12, 20235 min read
Kubernetes Security

Cilium Network Security in Kubernetes: Beyond Basic Network Policies

Cilium uses eBPF to provide network security that standard Kubernetes NetworkPolicies cannot match. Here is what it adds and how to configure it.

Dec 12, 20225 min read
Kubernetes Security

Kubernetes Pod Security Standards: From PodSecurityPolicy to the New Admission Controller

PodSecurityPolicy is dead. Pod Security Standards replaced it. Here is what changed, what the three levels mean, and how to migrate without breaking your clusters.

Dec 8, 20226 min read
Kubernetes Security

OPA Gatekeeper for Kubernetes: Writing Policies That Actually Work

Gatekeeper brings OPA's policy engine to Kubernetes. The learning curve is steep but the flexibility is unmatched. Here is how to write, test, and deploy Rego policies that enforce real security.

Oct 12, 20226 min read
Kubernetes Security

Kubernetes Supply Chain Policy Engines: Enforcing What Gets Deployed

Scanning for vulnerabilities means nothing if you cannot enforce the results. Supply chain policy engines in Kubernetes turn security findings into hard deployment gates.

Jun 8, 20226 min read
Kubernetes Security (Page 2) — Supply Chain Security Blog | Safeguard