Skip to content

Managed

GKE

References

Link Notes
GKE best practices
The Unofficial GKE Security Guide
  • Guide which aims to help prioritize and implement a security posture that meets your organization's needs while taking advantage of all the benefits of GKE
Private clusters
Exposing GKE applications through Ingress and Services
  • Walk through of the different factors that should be considered when exposing applications on GKE, explain how they impact application exposure, and highlight which networking solutions each requirement will drive you toward
Consuming Google Secret Manager secrets in GKE
  • 5 options to integrate GKE and GSM

IAM

Link Notes
Google Kubernetes Engine IAM Roles
  • What separates the GKE IAM Roles Kubernetes Engine Developer from Kubernetes Engine Admin?
Making Sense of Kubernetes RBAC and IAM Roles on GKE
  • Relationship between Google Cloud IAM and Kubernetes RBAC

Federation

Link Notes
Authenticating to GKE without gcloud
  • How to authenticate to GKE and deploying to it from headless environments like CI/CD
Securely Access AWS Services from Google Kubernetes Engine (GKE)
  • Challenges and potential solutions for cross-cloud access
Groups-GKE
  • Google Groups for GKE
  • Allows to grant roles to the members of a GSuite Google Group
rbacsync
  • Automatically sync groups into Kubernetes RBAC (blog post)
  • Provides a Kubernetes controller to synchronize RoleBindings and ClusterRoleBindings, used in Kubernetes RBAC, from group membership sources using consolidated configuration objects
  • The provided configuration objects allow you to define "virtual" groups that result in the creation of RoleBindings and ClusterRoleBindings that directly reference all users in the group

EKS

References

Link Notes
Amazon EKS Best Practices Guide for Security Best practices guide for day 2 operations, including operational excellence, security, reliability, performance efficiency, and cost optimization
Amazon EKS Workshop Workshop exploring multiple ways to configure VPC, ALB, and EC2 Kubernetes workers
AWS Controllers for Kubernetes (ACK) ACK lets you directly manage AWS services from Kubernetes
Kubernetes multi tenancy with Amazon EKS: Best practices and considerations Some considerations for Kubernetes multi tenancy implementation using Amazon EKS, covering different perspectives around compute, networking, and storage.
Hardening AWS EKS security with RBAC, secure IMDS, and audit logging How small misconfigurations or unwanted side-effects may put clusters at risk
Opinionated guides

IAM

Link Notes
EKS Pod Identity Webhook Deep-Dive Deep dive on the EKS Pod Identity Webhook (gives IAM roles to pods) to understand how it works, specifically for non-EKS clusters
iam-service-account-controller Kubernetes controller that automatically manages AWS IAM roles for ServiceAccounts

AKS

Link Notes
Monitoring Azure Kubernetes Service (AKS) with Azure Sentinel How to use Azure Sentinel to monitor AKS clusters for security incidents
Secure pods with Azure Policy You can deny requests based on pod capabilities and audit for runtime violations
Back to top