From 52d02cea63133e15a2679389681560c465128fe2 Mon Sep 17 00:00:00 2001 From: Ali Yazdani Date: Wed, 16 Oct 2019 14:45:42 +0200 Subject: [PATCH] Update readme.md Add some related security tools. --- Kubernetes/readme.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Kubernetes/readme.md b/Kubernetes/readme.md index 8ab713b..7971af2 100644 --- a/Kubernetes/readme.md +++ b/Kubernetes/readme.md @@ -1,4 +1,4 @@ -Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google, and is now maintained by the Cloud Native Computing Foundation. +> Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google, and is now maintained by the Cloud Native Computing Foundation. ### API addresses that you should know *(External network visibility)* --- @@ -31,3 +31,12 @@ curl -k https://:10250/pods ``` curl -k https://:10255 ``` +---- +### Tools for detecting misconfigurations in Kubernetes: +--- + +* [kubeaudit](https://github.com/Shopify/kubeaudit). kubeaudit is a command line tool to audit Kubernetes clusters for various different security concerns: run the container as a non-root user, use a read only root filesystem, drop scary capabilities, don't add new ones, don't run privileged, ... +* [kubesec.io](https://kubesec.io/). Security risk analysis for Kubernetes resources. +* [kube-bench](https://github.com/aquasecurity/kube-bench). kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/). + +* [katacoda](https://katacoda.com/courses/kubernetes). Learn Kubernetes using interactive broser-based scenarios.