Engineering

Generating Kubernetes ValidatingAdmissionPolicies from Kyverno Policies

In the previous blog post, we discussed writing Common Expression Language (CEL) expressions in Kyverno policies for resource validation. CEL was first introduced to Kubernetes for the Validation rules for CustomResourceDefinitions, and then it was used by Kubernetes ValidatingAdmissionPolicies in 1.26. ValidatingAdmissionPolicies offer a declarative,…

0

Mitigating the Latest Kubernetes NGINX Ingress Controller CVEs

Recently, a few new vulnerabilities for Kubernetes Nginx Ingress controllers have made their way across industry channels, showcasing how much of a challenge securely configuring Kubernetes can be. The vulnerabilities, tracked as CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886, were disclosed on October 27, and are listed as…

0

Enforcing Amazon EKS Security Best Practices Using Kyverno

Amazon Elastic Kubernetes Service (EKS) is a popular managed service for building cloud-native applications due to its feature-rich offerings and seamless integration with other AWS services. However, Kubernetes itself is considered insecure by default, prioritizing functionality over security. Although AWS provides several recommendations to secure…

0