Where to begin your dev centric cloud infosec journey
This document summarizes a workshop about using EnRoute and Open Policy Agent (OPA) to enforce policies at the ingress level. It includes an overview of EnRoute and OPA, a system diagram, differences between EnRoute and other ingress controllers, how OPA can be used for attribute-based access control (ABAC). It then demonstrates configuring EnRoute with OPA integration, installing an example workload secured with JWT, enforcing JWT claims using an OPA policy, and verifying the policy is applied.
1. An air-gapped Kubernetes environment restricts internet access to increase security by preventing downloads of malicious data and attacks from outside entities. 2. Implementing an air-gapped Kubernetes cluster is more difficult than a standard one and requires additional effort for maintenance, but provides protections such as preventing data exfiltration by third parties. 3. Deploying components like the ELK stack in an air-gapped environment requires manually downloading, transferring, and installing charts and images due to the lack of access to external registries and repositories. Processes and permissions must be tightly controlled to maintain security.
Copy of OTel Me All About OpenTelemetry The Current & Future State, Navigating the Project, and Getting Involved (2).pdf
OTel Me All About OpenTelemetry The Current & Future State, Navigating the Project, and Getting Involved
1. This document provides a step-by-step guide to establishing an internal developer platform to help teams build applications more efficiently. 2. It recommends treating the platform as a product with a product owner, roadmap, and user interviews. Prioritize components based on how much developer and operations time they save. 3. Agree on core technologies like containers and Kubernetes as the minimum standard. Identify evangelistic teams to pilot the initial platform offerings.
The document discusses a presentation by Joey Lei and Anders Eknert on data protection guardrails using Open Policy Agent (OPA). It provides background on the speakers and an overview of OPA, including how it works, the Rego policy language, and OPA's open source community. It then discusses how data protection policies can be enforced as code using OPA to provide guardrails for infrastructure-as-code deployments and prevent misconfigurations that could compromise availability, integrity or confidentiality of data. Examples of policy checks for recovery objectives, retention, backup strategies and exfiltration protection are provided.
This document summarizes a presentation about securing Windows workloads in a hybrid Kubernetes cluster. It begins with an overview of Calico and describes what a hybrid cluster is. It then discusses running Windows containers and the need to choose container base images wisely. The presentation covers how to secure Windows workloads using Calico for networking and policy enforcement. It concludes with information about demo resources and links for further reading.
This document summarizes a presentation about securing Windows workloads in a hybrid Kubernetes cluster. It begins with an overview of Calico and describes what a hybrid cluster is. It then discusses running Windows containers and the need to choose container base images wisely. The presentation covers how Calico can be used to secure Windows workloads by providing networking and policy enforcement capabilities. It concludes with information about demo environments and resources for working with Windows and Kubernetes.
This document summarizes Azure Workload Identity, a new solution for providing managed identities to Kubernetes workloads. It discusses the limitations of the existing AAD Pod Identity solution and introduces the motivations and architecture of Azure Workload Identity. Key points include that it eliminates identity assignment wait times, dependencies on Kubernetes custom resource definitions and the IMDS, and supports non-Azure Kubernetes clusters and non-Linux nodes. Integrations, the roadmap, and resources are also outlined.