Kubernetes

Learning Kubernetes network policy can be challenging for new platform engineers. Generative AI provides an excellent way to help generate and understand network policy, and in this article, I look at how we can teach an AI model to create network policy using InstructLab.

Recently I've been involved in a project to run a healthcare data service on OpenShift. It's been really interesting learning about FHIR, SNOMED CT, and all manner of health-related application protocols and frameworks.

Phishing-resistant multi-factor authentication is a critical security control in 2024, and this article takes you through configuring it for OpenShift with Keycloak

A detailed look at my OpenShift Virtualization lab build.

Can you install OpenShift and OpenShift Virtualization in your home lab? The answer is a definitive *yes*

Over the last few months I have been busily building out the Kacti open source project. This is an intro to the project, its goals and roadmap, and a quick-start tutorial.

The Center for Internet Security (CIS) Benchmarks provide a system hardening profile for servers and applications. What parts of the benchmark apply to containers? And how do we use them?

Core to any DevSecOps program is measurement and metrics. How many releases did we perform this week? How did that compare with last week? What was the lead time for changes? In this article I want to introduce a new metric for DevSecOps adoption, and how we can start to measure this throughout the cloud-native application lifecycle.

A couple of months ago I wrote an article on StackRox and another open source project, GTFOBins. The first article looked at identifying GTFOBins components during development, and this article looks at identifying GTFOBins execution inside containers at runtime.

Recently I picked up a QMK-compatible keyboard, and wanted to see how I could modify my OpenShift development workflows to suit.

The OpenShift release image is a critical component of the software supply-chain for OpenShift. In this article I want to take a closer look at the release image, and how it's verified.

A few weeks I wrote an article on 'Living off the Land' and containers. GTFOBins is an open source project tracking binaries that could be used to support a 'Living off the Land' strategy, and this article explores integrations with StackRox.

Sigstore and StackRox are open source projects helping to address security challenges. Sigstore looks at the software supply chain, and StackRox at Kubernetes-native security models - what do they look like together?

A recent Microsoft threat intelligence report called attention to "living off the land" techniques. I thought it would be interesting to see how containers and containerised applications inherently help to mitigate these techniques.

Sigstore is an open source project enabling anyone to sign and validate software releases, including container images. This article takes a closer look at Sigstore and some of the innovation happening around the project.

Many organisations take the same approach to securing virtual machines, which I call 'Access & Agents'. While effective for virtual machines and other legacy infrastructure, this approach doesn't translate across to containers and Kubernetes, and this article looks at why.

Did you know that you can scan the internal OpenShift registry for security issues? Read on to find out how.

A quick guide on how to integrate a Kubernetes-native security platform with quay.io private repositories

What does it mean to be "Kubernetes-native"? And what does Kubernetes-native security look like?

Application control seems to be one of those elusive security controls that organisations spend years chasing. How can we validate which processes are authorised to run on a system, and then enforce this?