kubernetes
Safeguard articles tagged "kubernetes" — guides, analysis, and best practices for software supply chain and application security.
125 articles
How to Enforce Cosign Signatures in Kubernetes Admission
A hands-on tutorial for blocking unsigned container images at the Kubernetes admission layer using Cosign, Sigstore policy-controller, and keyless verification.
OpenShift Security Context Constraints: A Guide
SCCs predate Pod Security Admission by a decade and are more powerful. That power is also why OpenShift newcomers find them confusing.
Container Escape Techniques in 2023: What's Changed and What Hasn't
Container escapes remain a real threat in multi-tenant environments. A look at the latest techniques, CVEs, and defenses as container security matures in 2023.
Kubernetes Network Policies Deep Dive: From Zero Trust to Microsegmentation
By default, every pod can talk to every other pod. Network policies change that, but most implementations are incomplete. Here is how to build real microsegmentation in Kubernetes.
Kubernetes Ingress Security Configuration: Getting It Right
Ingress controllers are the front door to your Kubernetes cluster. Misconfigurations here expose everything behind them.
Kubernetes 1.27 Security Highlights
Kubernetes 1.27 graduated seccomp default, introduced in-place pod resize, and cleaned up admission. Here is what actually matters for cluster security.
Aqua Security Platform Review: Cloud Native Security Done Right
An in-depth review of the Aqua Security platform covering container security, runtime protection, Kubernetes scanning, and how it fits into a modern DevSecOps workflow.
Calico Network Policy Best Practices for Production Kubernetes
Calico is the most widely deployed Kubernetes network plugin. Its policy model is powerful but has gotchas that trip up even experienced teams.
Kubernetes RBAC Security Best Practices for Supply Chain Protection
Misconfigured Kubernetes RBAC is a common path to supply chain compromise. Here's how to lock down permissions in your clusters.
Cilium Network Security in Kubernetes: Beyond Basic Network Policies
Cilium uses eBPF to provide network security that standard Kubernetes NetworkPolicies cannot match. Here is what it adds and how to configure it.
Kubernetes Pod Security Standards: From PodSecurityPolicy to the New Admission Controller
PodSecurityPolicy is dead. Pod Security Standards replaced it. Here is what changed, what the three levels mean, and how to migrate without breaking your clusters.
Tekton Pipeline Security Guide
Securing Tekton CI/CD pipelines on Kubernetes with task isolation, supply chain verification, and least-privilege service accounts.