KUBERNETES SECURITY - Aqua Cloud Native Security, Container Security & Serverless Security Mon, 18 Nov 2024 12:21:33 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 The History of Kubernetes https://www.aquasec.com/blog/kubernetes-history-how-it-conquered-cloud-native-orchestration/ Thu, 25 Jul 2024 04:13:34 +0000 https://www.aquasec.com/?p=21211 The History of KubernetesDid you know that Kubernetes originally had no built-in features for managing user permissions, or that support for storing data persistently didn’t appear until Kubernetes was four years old? If not, you might enjoy a dive into the history of Kubernetes on the tenth anniversary of the open source container orchestration system. This article highlights …]]> Kubernetes Secrets: How to Create, Use, and Secure Them https://www.aquasec.com/blog/managing-kubernetes-secrets/ Mon, 15 Apr 2024 12:27:00 +0000 https://www.aquasec.com/?p=15886 Kubernetes Secrets: How to Create, Use, and Secure ThemIf you deploy applications using Kubernetes – a platform that 96 percent of companies today report either using or considering – you’ll inevitably need to manage secrets securely inside Kubernetes. In some ways, this is a challenging task. Although Kubernetes provides some built-in capabilities to help manage secrets securely, these features have their limitations – …]]> Introducing KBOM – Kubernetes Bill of Materials https://www.aquasec.com/blog/introducing-kbom-kubernetes-bill-of-materials/ Thu, 29 Jun 2023 08:57:48 +0000 https://www.aquasec.com/?p=14376 Introducing KBOM – Kubernetes Bill of MaterialsSBOM (Software Bill of Materials) is an accepted best practice to map the components and dependencies of your applications in order to better understand your applications’ risks. SBOMs are used as a basis for vulnerability assessment, licensing compliance, and more. There are plenty of available tools, such as Aqua Trivy, that help you easily generate …]]> Kubernetes Version 1.26: An Overview https://www.aquasec.com/blog/kubernetes-version-1-26-an-overview/ Thu, 08 Dec 2022 15:00:00 +0000 https://www.aquasec.com/?p=14533 Kubernetes Version 1.26: An OverviewKubernetes Version 1.26 was released with 37 new enhancements including 11 Stable, 10 Beta, 16 Alpha, and 12 features deprecated or removed. In this blog, we will highlight its most notable features and show how using Trivy will help you find deprecated Kubernetes resources. registry.k8s.io, Generally Available The container image registry has changed from k8s.gcr.io …]]> What’s New in Kubernetes Version 1.24 https://www.aquasec.com/blog/kubernetes-1-24/ Mon, 25 Apr 2022 09:30:00 +0000 https://www.aquasec.com/?p=14831 What’s New in Kubernetes Version 1.24With another Kubernetes release upon us, there are, as ever, a load of new features to consider. These include features to help companies use Windows containers securely and improvements in Kubernetes’ supply chain security. In this post, we’ll take a look at some of the more significant features of this release. Dockershim deprecation Undoubtedly, the …]]> Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing https://www.aquasec.com/blog/kubernetes-rbac-privilige-escalation/ Wed, 06 Apr 2022 09:30:00 +0000 https://www.aquasec.com/?p=14889 Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate SigningFollowing on from our previous post on the risks of privilege escalation in Kubernetes via the node/proxy resource, we’re going to take a look at how users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster. In addition to …]]> Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC https://www.aquasec.com/blog/privilege-escalation-kubernetes-rbac/ Thu, 03 Mar 2022 11:30:00 +0000 https://www.aquasec.com/?p=14960 Privilege Escalation from Node/Proxy Rights in Kubernetes RBACOne of the side effects of Kubernetes’ rich API and extensive functionality is that sometimes there are security implications to granting users permissions. Security architects should be aware of these side effects when designing platforms that use Kubernetes. In recent research with Iain Smart of NCC Group, we looked at how granting rights to node/proxy …]]> RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins https://www.aquasec.com/blog/kubernetes-verbs/ Mon, 31 Jan 2022 15:30:00 +0000 https://www.aquasec.com/?p=14985 RBAC Virtual Verbs: Teaching Kubernetes to Educate DolphinsKubernetes’ role-based access control (RBAC) system is a cornerstone of cluster security. Most clusters use RBAC to determine which users have access to specific operations, and its core elements are well covered in the Kubernetes documentation. However, there are some less well-known features that could be relevant when creating or using tools designed to ensure …]]> Protecting Cloud Native Workloads on GKE Autopilot https://www.aquasec.com/blog/gke-autopilot-security/ Tue, 14 Dec 2021 14:14:18 +0000 https://www.aquasec.com/?p=15045 Protecting Cloud Native Workloads on GKE AutopilotGKE Autopilot is a new mode of operation in Google Kubernetes Engine (GKE) launched earlier this year to help DevOps teams focus their time and resources on building applications on Kubernetes, rather than on managing the infrastructure that the applications run on. As Aqua Security is a GKE selected security partner, customers can now run the Aqua platform seamlessly on a GKE Autopilot cluster. This can allow them to address …]]> Kubernetes Version 1.23: What’s New for Security?  https://www.aquasec.com/blog/kubernetes-version-1-23-security-features/ Tue, 07 Dec 2021 12:21:47 +0000 https://www.aquasec.com/?p=15054 Kubernetes Version 1.23: What’s New for Security? Like clockwork, a new Kubernetes release is upon us, with loads of interesting new features. A couple of the key features in Kubernetes 1.23 are hitting the beta level and will be enabled by default. In this post, we’ll explain what they mean for security, both in terms of improving cluster security and what you …]]>