Managed
GKE¶
References¶
Link | Notes |
---|---|
GKE best practices | |
The Unofficial GKE Security Guide | Guide which aims to help prioritize and implement a security posture that meets your organization's needs while taking advantage of all the benefits of GKE |
Private clusters | |
Exposing GKE applications through Ingress and Services | Walk through of the different factors that should be considered when exposing applications on GKE, explain how they impact application exposure, and highlight which networking solutions each requirement will drive you toward |
Consuming Google Secret Manager secrets in GKE | 5 options to integrate GKE and GSM |
IAM¶
Link | Notes |
---|---|
Introducing Workload Identity: Better authentication for your GKE applications | The new, and now recommended, way for GKE applications to authenticate to and consume other Google Cloud services |
Making Sense of Kubernetes RBAC and IAM Roles on GKE | Relationship between Google Cloud IAM and Kubernetes RBAC |
Kubernetes Bound Service Account Tokens |
|
Federation¶
Link | Notes |
---|---|
Authenticating to GKE without gcloud | How to authenticate to GKE and deploying to it from headless environments like CI/CD |
Securely Access AWS Services from Google Kubernetes Engine (GKE) | Challenges and potential solutions for cross-cloud access |
Groups-GKE |
|
rbacsync |
|
EKS¶
References¶
Link | Notes |
---|---|
Amazon EKS Best Practices Guide for Security | Best practices guide for day 2 operations, including operational excellence, security, reliability, performance efficiency, and cost optimization |
Amazon EKS Workshop | Workshop exploring multiple ways to configure VPC, ALB, and EC2 Kubernetes workers |
AWS Controllers for Kubernetes (ACK) | ACK lets you directly manage AWS services from Kubernetes |
Kubernetes multi tenancy with Amazon EKS: Best practices and considerations | Some considerations for Kubernetes multi tenancy implementation using Amazon EKS, covering different perspectives around compute, networking, and storage. |
Hardening AWS EKS security with RBAC, secure IMDS, and audit logging | How small misconfigurations or unwanted side-effects may put clusters at risk |
Opinionated guides |
IAM¶
Link | Notes |
---|---|
EKS Pod Identity Webhook Deep-Dive | Deep dive on the EKS Pod Identity Webhook (gives IAM roles to pods) to understand how it works, specifically for non-EKS clusters |
IAM roles for Kubernetes service accounts - deep dive | How IAM and Kubernetes work together tallowing you to callg AWS services from your pods with no hussle |
iam-service-account-controller | Kubernetes controller that automatically manages AWS IAM roles for ServiceAccounts |
aws-iam-authenticator | Use AWS IAM credentials to authenticate to a Kubernetes cluster |
Attacking and securing cloud identities in managed Kubernetes | A deep dive into how Amazon EKS IAM works, and several attack vectors to pivot from an EKS cluster to an AWS environment |
AKS¶
Link | Notes |
---|---|
Monitoring Azure Kubernetes Service (AKS) with Azure Sentinel | How to use Azure Sentinel to monitor AKS clusters for security incidents |
Secure pods with Azure Policy | You can deny requests based on pod capabilities and audit for runtime violations |