Securing Kubernetes Deployments

This page summarizes the projects mentioned and recommended in the original post on dev.to

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • kubernetes

    Production-Grade Container Scheduling and Management

  • The first thing to check is that the manifests are formally correct — in other words, they follow the Kubernetes OpenAPI specification. We’ll introduce two tools for this: kubeval and kubeconform.

  • kube-score

    Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

  • apps/v1/Deployment semaphore-demo-ruby-kubernetes 💥 [CRITICAL] Container Resources · semaphore-demo-ruby-kubernetes -> CPU limit is not set Resource limits are recommended to avoid resource DDOS. Set resources.limits.cpu · semaphore-demo-ruby-kubernetes -> Memory limit is not set Resource limits are recommended to avoid resource DDOS. Set resources.limits.memory · semaphore-demo-ruby-kubernetes -> CPU request is not set Resource requests are recommended to make sure that the application can start and run without crashing. Set resources.requests.cpu · semaphore-demo-ruby-kubernetes -> Memory request is not set Resource requests are recommended to make sure that the application can start and run without crashing. Set resources.requests.memory [CRITICAL] Container Image Pull Policy · semaphore-demo-ruby-kubernetes -> ImagePullPolicy is not set to Always It's recommended to always set the ImagePullPolicy to Always, to make sure that the imagePullSecrets are always correct, and to always get the image you want. [CRITICAL] Pod NetworkPolicy · The pod does not have a matching NetworkPolicy Create a NetworkPolicy that targets this pod to control who/what can communicate with this pod. Note, this feature needs to be supported by the CNI implementation used in the Kubernetes cluster to have an effect. [CRITICAL] Pod Probes · Container is missing a readinessProbe A readinessProbe should be used to indicate when the service is ready to receive traffic. Without it, the Pod is risking to receive traffic before it has booted. It's also used during rollouts, and can prevent downtime if a new version of the application is failing. More information: https://github.com/zegl/kube-score/blob/master/README_PROBES.md [CRITICAL] Container Security Context · semaphore-demo-ruby-kubernetes -> Container has no configured security context Set securityContext to run the container in a more secure context. v1/Service semaphore-demo-ruby-kubernetes-lb ✅

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • semaphore-demo-ruby-kubernetes

    A Semaphore demo CI/CD pipeline for Kubernetes.

  • kubeconform

    A FAST Kubernetes manifests validator, with support for Custom Resources!

  • wget https://github.com/yannh/kubeconform/releases/download/v0.4.12/kubeconform-linux-amd64.tar.gz tar xf kubeconform-linux-amd64.tar.gz sudo cp kubeconform /usr/local/bin checkout kubeconform --summary deployment.yml

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Securing Git Repositories with Gittuf

    2 projects | news.ycombinator.com | 9 May 2024
  • Streamlining Deployments: Unveiling the Power of GitOps with Kubernetes

    1 project | dev.to | 30 Apr 2024
  • Building Llama as a Service (LaaS)

    14 projects | dev.to | 8 Apr 2024
  • Kubernetes and back – Why I don't run distributed systems

    1 project | news.ycombinator.com | 28 Mar 2024
  • Get a specific apiVersion manifest from k8s

    1 project | dev.to | 19 Mar 2024