azure-policy
Certified-Kubernetes-Security-Specialist
Our great sponsors
azure-policy | Certified-Kubernetes-Security-Specialist | |
---|---|---|
9 | 5 | |
1,430 | 1,916 | |
2.0% | - | |
8.1 | 2.1 | |
8 days ago | 2 months ago | |
Open Policy Agent | AGS Script | |
MIT License | Creative Commons Attribution Share Alike 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
azure-policy
- VMSS Azure Policy Compliance
-
Automation as key to cloud adoption success
Reference: https://github.com/Azure/azure-policy
-
Favorite cloud provider governance tips and tricks?
I just came across this post over in the Azure subreddit and it gave me a good idea on one way to deal with rogue Azure subscriptions - just have them default into a Management Group where a policy is in-place that basically denies use of any and all services.
-
How can we stop random users in our on-prem AD from creating new Azure subscriptions?
Oooo, that's a nice trick for the use of the root management group which usually has best practice to leave empty. I like that a lot! Could maybe pair that with the "deny all resource types" policy sample, and then even if someone does create a new subscription it's pretty much 100% neutered until someone pulls it out of the root management group and places it somewhere else.
-
Architecture on Decommission huge list of old Azure servers
Found a 2018 Github article - https://github.com/Azure/azure-policy/issues/102
-
Public assets
MS Repo https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions
-
How can I resolve this Security center recommendation: "Replace a process level token"
I can see here that is expecting azure-policy/AzureWindowsBaseline.mof at master · Azure/azure-policy · GitHub: "LOCAL SERVICE, NETWORK SERVICE". However, that would exclude the web app pools.
-
Iron Dome = 'Security Policies' at scale for your Multi-Cloud accounts
Azure shared with us a GitHub repository contains built-in samples of Azure Policies that can be used as reference for creating and assigning policies to your subscriptions and resource groups.
-
Compliance with policy or blueprints?
The only real way you'll be able to do this is via an Azure Policy, alongside a deny effect - where your policy would restrict based on the type field, with the values passed in via an array parameter (example)
Certified-Kubernetes-Security-Specialist
- Resources to pass the CKS exam?
-
CKS - I passed the exam on the weekend. Just some thoughts if it can be helpful to someone.
This repo https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist was immensely helpful (suggested by killer.sh). One thing to note is that PSP has been deprecated; so you need to be studying the PodSecurity admission controller. I didn't use any other resources.
-
What after Kubernetes CKA certification?
CKS Repo by Walid Shaari - https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist
-
All about Kubernetes Certifications – CKA/CKAD/CKS
Also prepration repository by Walid Shaari -> https://github.com/walidshaari/Certified-Kubernetes-Security...
-
#8 DevOps Diary: No more Docker?
Adding to #7 of this newsletter; some amazing people have started collections of free resources on GitHub to help you prepare for the CNCF Certified Kubernetes Security Specialist - CKS (or just to learn cool stuff about security)
What are some alternatives?
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
shellharden - The corrective bash syntax highlighter
Kubernetes-Certified-Administrator - Online resources that will help you prepare for taking the CNCF CKA 2020 "Kubernetes Certified Administrator" Certification exam. with time, This is not likely the comprehensive up to date list - please make a pull request if there something that should be added here.
balanced-employee-ip-agreement - GitHub's employee intellectual property agreement, open sourced and reusable
extending-falco-outputs-with-falcosidekick - Demonstrating how you can send Falco alerts to the slack with the make use of falcosidekick
opal - Fork of https://github.com/permitio/opal
kube-bench-exporter - :whale: :rocket: Helps you to export your kube-bench reports to multiple targets like Amazon S3 buckets with ease.
Community-Policy - This repo is for Microsoft Azure customers and Microsoft teams to collaborate in making custom policies.
k-rail - Kubernetes security tool for policy enforcement
AKS - Azure Kubernetes Service
awesome-falco - A curated list of Falco related tools, frameworks, blogs, podcasts, and articles