OWASP has created the OWASP Kubernetes Top 10, which helps identify the most likely risks.| Sysdig
GitLab product documentation.| docs.gitlab.com
Learn how to expose your Kubernetes cluster to your Tailscale network.| Tailscale
Pods are the smallest deployable units of computing that you can create and manage in Kubernetes. A Pod (as in a pod of whales or pea pod) is a group of one or more containers, with shared storage and network resources, and a specification for how to run the containers. A Pod's contents are always co-located and co-scheduled, and run in a shared context. A Pod models an application-specific "logical host": it contains one or more application containers which are relatively tightly coupled.| Kubernetes
Kubernetes volumes provide a way for containers in a pod to access and share data via the filesystem. There are different kinds of volume that you can use for different purposes, such as: populating a configuration file based on a ConfigMap or a Secret providing some temporary scratch space for a pod sharing a filesystem between two different containers in the same pod sharing a filesystem between two different pods (even if those Pods run on different nodes) durably storing data so that it s...| Kubernetes
Pod is a collection of containers that can run on a host.| Kubernetes
Kubernetes' 'allowPrivilegeEscalation' is a useful but poorly understood security hardening setting. Let's dive into how it works and debunk some common myths about it.| Christophe Tafani-Dereeper
Configure AWS-specific settings with EC2NodeClasses| karpenter.sh
A detailed look at the different policy levels defined in the Pod Security Standards.| Kubernetes
An overview of the Pod Security Admission Controller, which can enforce the Pod Security Standards.| Kubernetes
This post describes a breaking change in runc v1.0.0-rc93, that has subsequently had a workaround implemented that will presumably be included in v1.0.0-rc94. Thanks to @haircommander for talking through the issue with me and implementing the subsequent workaround, and to @mattomata for his consultation on the distroless/static:nonroot behavior. If you are not interested in the background of the issue, you can skip reading this post and take a look at my detailed testing scenarios on the Cros...| danielmangum.com
