cluster-security
Safeguard articles tagged "cluster-security" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Best practices for securing Kubernetes ConfigMaps
ConfigMaps store plaintext in etcd with no size guardrail beyond 1 MiB — teams that drop credentials in them expose secrets to a far bigger RBAC audience.
Running Multiple Custom Controllers Without RBAC or CRD Collisions
Kubernetes CRDs are singletons by group and kind, and RBAC has no tenant concept — two facts that quietly break most multi-controller clusters.
Designing Least-Privilege Kubernetes RBAC: A Practical Guide
CVE-2018-1002105 (CVSS 9.8) let an unauthenticated request reach cluster-admin through pod exec endpoints — most RBAC breaches since trace back to the same handful of over-broad bindings.
What is Kubernetes RBAC
Kubernetes RBAC controls who can do what in your cluster. Here's how Roles, Bindings, and ClusterRoles work — and where they commonly fail.