security

Running Vault on Podman This post explains how to run a local Vault deployment on Podman for non-production use. I typically use this setup for my lab environments. This setup was tested with: Podman v4.7.2 Podman-compose v1.0.6 Vault v1.15.2 Prerequisites Install the vault client, you can get the binary for your O.S here. curl -L https://releases.hashicorp.com/vault/1.15.2/vault_1.15.2_linux_amd64.zip -o /tmp/vault.zip unzip /tmp/vault.zip && rm -f /tmp/vault.zip sudo mv vault /usr/local/bin/ Generate folder for storing the configs, data, and certs....

User Certificates in OpenShift 4 Attention The information described in this blog post may not be a supported configuration for OpenShift 4. Please, refer to the official docs for supported documentation. In this blog we will see how we can create OpenShift Users using client certificates and how to configure the API Server, so we can create client certificates using custom CAs. The information described in this blog was last tested with OpenShift 4....

Working with Pod Security Standards In Kubernetes v1.25 Pod Security admission has moved to stable, replacing Pod Security Policy admission. This feature has been in beta and enabled by default since Kubernetes v1.23 in this post we are going to cover what’s new with Pod Security Admission (PSA) and how it affects the workloads being deployed in our clusters. Note For this post I’ll be running a Kubernetes v1.25 cluster. If you want to try this in your own environment you can use your favorite tool to get a K8s cluster up and running, I’ll be using kcli....

Container Security - Linux Capabilities and Secure Compute Profiles In this post we are going to see two security mechanisms used in Linux Containers in order to provide a security layer for our workloads. We will see how Linux Capabilities and Secure Compute Profiles can be used for limiting the attack surface for our containers. The first part of the blog post will be an introduction to Linux Capabilities and Secure Compute Profiles, second part will show how these technologies work through the use of demos....