Safeguard
Tag

kubernetes

Safeguard articles tagged "kubernetes" — guides, analysis, and best practices for software supply chain and application security.

125 articles

Container Security

How to Enforce Cosign Signatures in Kubernetes Admission

A hands-on tutorial for blocking unsigned container images at the Kubernetes admission layer using Cosign, Sigstore policy-controller, and keyless verification.

Feb 15, 20245 min read
Container Security

OpenShift Security Context Constraints: A Guide

SCCs predate Pod Security Admission by a decade and are more powerful. That power is also why OpenShift newcomers find them confusing.

Dec 6, 20237 min read
Container Security

Container Escape Techniques in 2023: What's Changed and What Hasn't

Container escapes remain a real threat in multi-tenant environments. A look at the latest techniques, CVEs, and defenses as container security matures in 2023.

Nov 5, 20235 min read
Kubernetes Security

Kubernetes Network Policies Deep Dive: From Zero Trust to Microsegmentation

By default, every pod can talk to every other pod. Network policies change that, but most implementations are incomplete. Here is how to build real microsegmentation in Kubernetes.

Aug 18, 20237 min read
Kubernetes Security

Kubernetes Ingress Security Configuration: Getting It Right

Ingress controllers are the front door to your Kubernetes cluster. Misconfigurations here expose everything behind them.

Aug 12, 20234 min read
Container Security

Kubernetes 1.27 Security Highlights

Kubernetes 1.27 graduated seccomp default, introduced in-place pod resize, and cleaned up admission. Here is what actually matters for cluster security.

Aug 11, 20235 min read
Tool Reviews

Aqua Security Platform Review: Cloud Native Security Done Right

An in-depth review of the Aqua Security platform covering container security, runtime protection, Kubernetes scanning, and how it fits into a modern DevSecOps workflow.

Jul 20, 20235 min read
Kubernetes Security

Calico Network Policy Best Practices for Production Kubernetes

Calico is the most widely deployed Kubernetes network plugin. Its policy model is powerful but has gotchas that trip up even experienced teams.

Apr 12, 20236 min read
Container Security

Kubernetes RBAC Security Best Practices for Supply Chain Protection

Misconfigured Kubernetes RBAC is a common path to supply chain compromise. Here's how to lock down permissions in your clusters.

Mar 5, 20236 min read
Kubernetes Security

Cilium Network Security in Kubernetes: Beyond Basic Network Policies

Cilium uses eBPF to provide network security that standard Kubernetes NetworkPolicies cannot match. Here is what it adds and how to configure it.

Dec 12, 20225 min read
Kubernetes Security

Kubernetes Pod Security Standards: From PodSecurityPolicy to the New Admission Controller

PodSecurityPolicy is dead. Pod Security Standards replaced it. Here is what changed, what the three levels mean, and how to migrate without breaking your clusters.

Dec 8, 20226 min read
DevSecOps

Tekton Pipeline Security Guide

Securing Tekton CI/CD pipelines on Kubernetes with task isolation, supply chain verification, and least-privilege service accounts.

Oct 22, 20225 min read
kubernetes (Page 10) — Safeguard Blog