Check resources configurations for policy compliance.| Kyverno
Container runtime security is the combination of measures and technology implemented to protect containerized applications at the runtime stage.| wiz.io
software, cloud, infosec, and miscellaneous other stuff.| smlx.dev
Providing better Pod security for service meshes with Kyverno.| Kyverno
Before starting with installation, make sure you meet all the requirements. In particular, you should pay attention to network addon compatibility. If you’re trying to run MetalLB on a cloud platform, you should also look at the cloud compatibility page and make sure your cloud platform can work with MetalLB (most cannot). There are three supported ways to install MetalLB: using plain Kubernetes manifests, using Kustomize, or using Helm. Preparation If you’re using kube-proxy in IPVS mode...| MetalLB, bare metal load-balancer for Kubernetes
A detailed look at the different policy levels defined in the Pod Security Standards.| Kubernetes
Production-Grade Container Orchestration| Kubernetes
Kubernetes reserves all labels, annotations and taints in the kubernetes.io and k8s.io namespaces. This document serves both as a reference to the values and as a coordination point for assigning values. Labels, annotations and taints used on API objects apf.kubernetes.io/autoupdate-spec Type: Annotation Example: apf.kubernetes.io/autoupdate-spec: "true" Used on: FlowSchema and PriorityLevelConfiguration Objects If this annotation is set to true on a FlowSchema or PriorityLevelConfiguration, ...| Kubernetes
Using Pod Security Admission with Kyverno for the best of both worlds.| Kyverno
Migrating from PodSecurityPolicy to Kyverno| Kyverno
Kyverno 1.8 is here.| Kyverno
As the Kubernetes API evolves, APIs are periodically reorganized or upgraded. When APIs evolve, the old API is deprecated and eventually removed. This page contains information you need to know when migrating from deprecated API versions to newer and more stable API versions. Removed APIs by release v1.32 The v1.32 release will stop serving the following deprecated API versions: Flow control resources The flowcontrol.apiserver.k8s.io/v1beta3 API version of FlowSchema and PriorityLevelConfigur...| Kubernetes
A security context defines privilege and access control settings for a Pod or Container. Security context settings include, but are not limited to: Discretionary Access Control: Permission to access an object, like a file, is based on user ID (UID) and group ID (GID). Security Enhanced Linux (SELinux): Objects are assigned security labels. Running as privileged or unprivileged. Linux Capabilities: Give a process some privileges, but not all the privileges of the root user.| Kubernetes
This page provides an overview of admission controllers. An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the resource, but after the request is authenticated and authorized. Several important features of Kubernetes require an admission controller to be enabled in order to properly support the feature. As a result, a Kubernetes API server that is not properly configured with the right set of admission controllers is an in...| Kubernetes