Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
amicontained
Container introspection tool. Find out what container runtime is being used as well as features available.
Mergeable Ingress Types were created for this exact purpose: https://github.com/nginxinc/kubernetes-ingress/tree/main/examples/mergeable-ingress-types
Now I'm working on adding Apparmor profiles to my deployments. I'm running on Ubuntu, which doesn't have a lot of profiles by default to my surprise. I've attempted to use this Git repository to add support for more profiles to properly secure my server, unfortunately it seems to break initramfs generation. Luckily, it seems to be the only thing it breaks, so I may look into it to see if I can fix it. Also, these two articles seem interesting for Nextcloud: article1 article2. Maybe this one to.
I'm looking into SECCOMP profiles as well, but so far is seems a lot of pain for little gain. This series by Paulo Gomes is my starting point. part2 part3 testing-container.
I'm currently also testing the Ubuntu CIS on a VM, it works great with Ubuntu 22.04. Just add 22.04 to the check in the first playbook. When proper testing verifies it's working, I'll run the playbook against my actual server (Kubernetes single-node).