OpenShift blog

    July 14, 2020

    Protecting Kubernetes Against MITRE ATT&CK: Persistence

    This is part three of a nine-part blog series where we examine each of the nine Kubernetes threat vectors across 40 attack techniques and provide actionable advice to mitigate these threats.  Part ...

    Wei Lien Dang

    July 2, 2020

    Protecting Kubernetes Against MITRE ATT&CK: Execution

    We recently published the first part of our nine-part blog series where we take a deep dive into each of the nine Kubernetes threat vectors across 40 attack techniques and provide actionable advice ...

    Wei Lien Dang

    June 25, 2020

    Protecting Kubernetes Against MITRE ATT&CK: Initial Access

    In the past five years, modern application architecture and compute infrastructure have been dramatically transformed by Kubernetes, the production-grade, open-source container orchestration system ...

    Wei Lien Dang

    June 2, 2020

    Cryptojacking Attacks in Kubernetes: How to Stop Them

    We recently published a blog post - the first of a nine-part series - on the Kubernetes attack matrix and the representative threat vectors that organizations must consider to adequately secure their ...

    Wei Lien Dang

    May 20, 2020

    Better Kubernetes Security with Open Policy Agent (OPA) - Part 2

    In Part 1 of this series on the Open Policy Agent (OPA), we gave a brief rundown of why you might want to use the OPA Gatekeeper controller for policy enforcement in your Kubernetes clusters. We also ...

    Karen Bruner

    May 16, 2020

    Kubernetes Autoscaling - 3 Common Methods Explained

    One of the strengths of Kubernetes as a container orchestrator lies in its ability to manage and respond to dynamic environments. One example is Kubernetes’ native capability to perform effective ...

    Karen Bruner

    April 29, 2020

    Better Kubernetes Security with Open Policy Agent (OPA) - Part 1

    As the adoption of Kubernetes spreads, users have begun to look for additional options to control and secure their Kubernetes clusters. Cluster administrators tend to focus on restricting what can ...

    Karen Bruner

    April 8, 2020

    Container Image Security: Beyond Vulnerability Scanning

    Container images constitute the standard application delivery format in cloud-native environments. The wide distribution and deployment of these container images requires a new set of best practices ...

    Karen Bruner

    November 26, 2019

    12 Kubernetes Configuration Best Practices

    By now most of us have heard about the role human error plays in causing data breaches. Many security incidents that can be traced back to a misconfigured infrastructure or security setting. As ...

    Ajmal Kohgadai

    November 26, 2019

    How to Make Istio Work with Your Apps

    This post is a companion to the talk I gave at Cloud Native Rejekts NA ’19 in San Diego on how to work around common issues when deploying applications with the Istio service mesh in a Kubernetes ...

    Karen Bruner

    September 24, 2019

    Guide to Anomaly Detection with Containers and Kubernetes

    As the container ecosystem has matured, Kubernetes has emerged as the de facto orchestrator for running applications. The advent of declarative and immutable workloads has paved the way for an ...

    Connor Gilbert

    September 4, 2019

    5 Kubernetes RBAC Mistakes You Must Avoid

    If you run workloads in Kubernetes, you know how much important data is accessible through the Kubernetes API—from details of deployments to persistent storage configurations to secrets. The ...

    Connor Gilbert