Ctrlk

1. Cluster Setup and Hardening
2. System Hardening
3. Minimize Microservice Vulnerabilities
4. Supply Chain Security
5. Monitoring, Logging and Runtime Security
Kubernetes Documentation
Security Summary
Overview of Cloud Native Security
Securing a Cluster
Tips and Tricks
Authentication
Glossary
Exam Curriculum

Powered by GitBook

On this page

Falco
CIS Benchmark
Open Policy Agent and Gatekeeper
Kyverno https://kyverno.io/
gVisor
trivy
Static Analysis CI/CD

Security Summary

Falco

Falco, an open-source cloud-native runtime security project, is the de facto Kubernetes threat detection engine.

Other tools you might have to be familiar with are sysdig or tracee

For all available fields, we can check https://falco.org/docs/rules/supported-fields

CIS Benchmark

Tools:

kube-bench
(docker bench)

Open Policy Agent and Gatekeeper

restrict images

kube-mgmt

Kyverno https://kyverno.io/

gVisor

trivy

trivy binary https://github.com/aquasecurity/trivy/releases/latest/
trivy docs https://github.com/aquasecurity/trivy/blob/main/docs/getting-started/installation.md
trivy operator
kubectl apply -f https://raw.githubusercontent.com/aquasecurity/trivy-operator/v0.12.0/deploy/static/trivy-operator.yaml

Static Analysis CI/CD

Pod Security Policy / OPA

PreviousKubernetes Documentation NextOverview of Cloud Native Security

Last updated 2 years ago