Secure application communications with Mutual TLS and Istio
Member post originally published on Isto’s blog by Lin Sun and Yuval Kohavi Dive into securing application communications, mTLS and Istio to achieve end-to-end mTLS among your applications. One of the biggest reasons users adopt service mesh is…
Securing attacks targeted at user or kernel level for customer X with KubeArmor & AWS Bottlerocket
Member post by AccuKnox Introduction: In the realm of cybersecurity, ensuring that virtualized or cloud-based infrastructures security is paramount. One crucial aspect is safeguarding applications where most of our crown-jewel sits and are susceptible to dynamic changes. In…
CNCF On demand webinar: Keys to building trusted software in cloud native pipelines
You’ve started to shift security left in order to catch security issues earlier in development, but are you using trusted, verified open source software components when writing your code? Are you signing your code commits and image builds…
Keeping secrets secure on Kubernetes
Member post originally published on the CyberArk blog by John Walsh Handling secrets in cloud-native environments is a challenge for many organizations. Virtually any application requires some sort of secret, such as a database password, a service token,…
Kubernetes governance & the top 5 best practices of K8s deployment
Member post originally published on the Fairwinds blog by Joe Pelletier The widespread adoption of containerized applications has fundamentally changed how organizations develop, deploy, and manage their software infrastructure. Kubernetes is fundamental to this change, because it makes…
Introduction Harbor is a self-hosted cloud native registry that stores, scans, and signs content such as container images as well as OCI artifacts, including Helm charts. It extends the open source CNCF Distribution project and adds useful functionality,…
Guest post originally published on Weaveworks’ blog Overview Developed by Weaveworks in 2016, Flux CD is a GitOps continuous delivery tool used to streamline and automate application deployments. It started as a small, internal project; now it’s a CNCF-graduated project with a…
Introducing the Wasm landscape (in English and Chinese)
By Chris Aniszczyk, Vivian Hu and Michael Yuan “Containers are the new normal, and WebAssembly is the future.” — CNCF Annual Survey 2022 key findings. Originally created as a secure sandbox to run compiled C/C++ code in…
From chaos to consistency: a comprehensive approach to maintaining a drift-free infrastructure
Guest post originally published on Facets Cloud’s blog by Rohit Raveendran This article delves into the foundational triggers of infrastructure drift, its subsequent implications, and streamlined strategies to ensure a seamless and consistent infrastructure. In today’s rapidly evolving…
One-time pass codes for Kyverno
Community post originally published on Neon Mirrors by Chip Zoller In real life, imposed rules often have cases where exceptions may be required but on a case-by-case basis. Policy is really no different here. While prevention of objectively…