Managed

GKE¶

Link	Notes
GKE best practices	Day 0 Day 2
The Unofficial GKE Security Guide	Guide which aims to help prioritize and implement a security posture that meets your organization's needs while taking advantage of all the benefits of GKE
Private clusters	Standard cluster architecture Autopilot cluster architecture Private clusters Adding authorized networks for control plane access
Exposing GKE applications through Ingress and Services	Walk through of the different factors that should be considered when exposing applications on GKE, explain how they impact application exposure, and highlight which networking solutions each requirement will drive you toward
Consuming Google Secret Manager secrets in GKE	5 options to integrate GKE and GSM

Link	Notes
Introducing Workload Identity: Better authentication for your GKE applications	The new, and now recommended, way for GKE applications to authenticate to and consume other Google Cloud services
Making Sense of Kubernetes RBAC and IAM Roles on GKE	Relationship between Google Cloud IAM and Kubernetes RBAC
Kubernetes Bound Service Account Tokens	Bound service account tokens are becoming the default format in Kubernetes 1.21 This will ultimately enhance the authentication layer, but you may need to modify your applications to take advantage of the new security capabilities

Link	Notes
Authenticating to GKE without gcloud	How to authenticate to GKE and deploying to it from headless environments like CI/CD
Securely Access AWS Services from Google Kubernetes Engine (GKE)	Challenges and potential solutions for cross-cloud access
Groups-GKE	Google Groups for GKE Allows to grant roles to the members of a GSuite Google Group
rbacsync	Automatically sync groups into Kubernetes RBAC (blog post) Provides a Kubernetes controller to synchronize RoleBindings and ClusterRoleBindings, used in Kubernetes RBAC, from group membership sources using consolidated configuration objects The provided configuration objects allow you to define "virtual" groups that result in the creation of RoleBindings and ClusterRoleBindings that directly reference all users in the group

Link	Notes
Amazon EKS Best Practices Guide for Security	Best practices guide for day 2 operations, including operational excellence, security, reliability, performance efficiency, and cost optimization
Amazon EKS Workshop	Workshop exploring multiple ways to configure VPC, ALB, and EC2 Kubernetes workers
AWS Controllers for Kubernetes (ACK)	ACK lets you directly manage AWS services from Kubernetes
Kubernetes multi tenancy with Amazon EKS: Best practices and considerations	Some considerations for Kubernetes multi tenancy implementation using Amazon EKS, covering different perspectives around compute, networking, and storage.
Hardening AWS EKS security with RBAC, secure IMDS, and audit logging	How small misconfigurations or unwanted side-effects may put clusters at risk
Opinionated guides	Hardening AWS EKS security with RBAC, secure IMDS, and audit logging Four steps for hardening Amazon EKS security Guide to Designing EKS Clusters for Better Security

Link	Notes
EKS Pod Identity Webhook Deep-Dive	Deep dive on the EKS Pod Identity Webhook (gives IAM roles to pods) to understand how it works, specifically for non-EKS clusters
IAM roles for Kubernetes service accounts - deep dive	How IAM and Kubernetes work together tallowing you to callg AWS services from your pods with no hussle
iam-service-account-controller	Kubernetes controller that automatically manages AWS IAM roles for ServiceAccounts
aws-iam-authenticator	Use AWS IAM credentials to authenticate to a Kubernetes cluster
Attacking and securing cloud identities in managed Kubernetes	A deep dive into how Amazon EKS IAM works, and several attack vectors to pivot from an EKS cluster to an AWS environment

Link	Notes
Monitoring Azure Kubernetes Service (AKS) with Azure Sentinel	How to use Azure Sentinel to monitor AKS clusters for security incidents
Secure pods with Azure Policy	You can deny requests based on pod capabilities and audit for runtime violations