Author:Boris Kurktchiev

Kubernetes Policy Driven Resource Optimization with Kyverno

  Introduction As organizations increasingly turn to Kubernetes to deploy and manage containerized applications, they face unique challenges in efficiently allocating resources. The dynamic nature of Kubernetes often leads to inefficient defaults, underperforming applications, and inflated cloud bills. While Kubernetes and the CNCF ecosystem provide…

0

Rapid Mitigation of CVE-2023-2878 with Kyverno and Nirmata Policy Manager

A recently discovered vulnerability (CVE-2023-2878) in the secrets-store-csi-driver component of Kubernetes poses a significant security risk. If exploited, this vulnerability could result in the disclosure of sensitive service account tokens. Service account tokens function as authentication credentials, allowing applications operating within a Kubernetes cluster to…

0

Locked Doors, Untrusted Keys: Securing Containers in the Wake of Leaky Vessel Vulnerabilities

The recent buzz surrounding the actively exploited runc vulnerabilities “Leaky Vessels”  (CVE-2024-21626) serves as a timely reminder of two essential container security principles: image trust and comprehensive patching. Let’s delve into why these aspects are crucial for your containerized environments. Trustworthy Images are Foundational: It…

0

Mitigating the Latest Kubernetes NGINX Ingress Controller CVEs

Recently, a few new vulnerabilities for Kubernetes Nginx Ingress controllers have made their way across industry channels, showcasing how much of a challenge securely configuring Kubernetes can be. The vulnerabilities, tracked as CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886, were disclosed on October 27, and are listed as…

0