Safeguard
Tag

kubernetes-security

Safeguard articles tagged "kubernetes-security" — guides, analysis, and best practices for software supply chain and application security.

125 articles

Container Security

How to encrypt Kubernetes secrets at rest

A step-by-step guide to encrypting Kubernetes secrets at rest: choosing a KMS provider, configuring etcd encryption, re-encrypting existing secrets, and verifying it worked.

Feb 17, 20268 min read
Industry Analysis

How to automate TLS certificates with Let's Encrypt

A step-by-step guide to automating TLS certificates with Let's Encrypt using certbot and cert-manager, plus verification steps so renewals never silently fail.

Feb 9, 20268 min read
Container Security

How to set up OPA Gatekeeper for Kubernetes admission con...

A step-by-step guide to OPA Gatekeeper Kubernetes admission control: install, write constraint templates, roll out safely, and verify enforcement.

Feb 8, 20267 min read
Container Security

What is Admission Control (Kubernetes)

Admission control is the last checkpoint in Kubernetes before an object is written to etcd — here's how webhooks, PSA, and policy engines enforce it.

Jan 31, 20267 min read
Cloud Security

What is Runtime Protection

Runtime protection catches what pre-deployment scanning can't — live attacks like the XZ Utils backdoor and Log4Shell exploitation, detected only in production.

Jan 31, 20266 min read
Cloud Security

What is Drift Detection

Drift detection catches unauthorized config changes in real time. See how it works, why it fails in most orgs, and real breaches it could have stopped.

Jan 31, 20267 min read
Container Security

Hardening Amazon EKS clusters against common attack paths

A step-by-step guide to EKS security best practices: lock down IAM, enforce pod security standards, segment networks, and verify every control.

Jan 20, 20268 min read
Container Security

How Microsoft Defender for Containers protects AKS and AC...

Defender for Containers scans ACR images and monitors AKS clusters in real time — but it can't see what happens before a build reaches the registry. Here's what it covers and what it misses.

Jan 15, 20267 min read
AI Security

Enforcing container compliance with Azure Policy

How Azure Policy enforces container compliance on AKS—registry restriction, regulatory mapping, and where admission-time policy alone falls short.

Jan 14, 20268 min read
Container Security

Enforcing signed and attested container images with Binar...

A step-by-step guide to enforcing signed, attested container images in GKE with Binary Authorization — from attestor setup to policy enforcement and troubleshooting.

Jan 12, 20268 min read
Container Security

Comparing security models of GKE Autopilot versus Standar...

GKE Autopilot security vs Standard clusters draw the shared-responsibility line very differently. Here's what changes for pod security and hardening.

Jan 9, 20267 min read
Vulnerability Analysis

runc container escape via file descriptor overwrite (CVE-2019-5736)

CVE-2019-5736 let malicious containers overwrite the host runc binary and gain root — here's the mechanism, affected versions, and how to remediate it.

Jan 9, 20267 min read
kubernetes-security (Page 7) — Safeguard Blog