-
Since Debian 12 Distroless is available, as well as, the latest releases of Kubernetes and many of the Kubernetes related projects have moved to Debian 12, we would request that external-resizer move …
-
WIP
# Summary
NIC is currently (3.x) required to run as a privileged POD with added capabilities. This is not ideal from a security perspective and not aligned with best practice container secur…
-
**Is your feature request related to a problem? Please describe.**
Many clients require that the security settings for Kubernetes deployments are very strict. One example is setting the Pod Security …
-
### What happened?
I'd like to suggest a couple of improvements to the securityContext in the StatefulSet of standalone memgraph helm chart. I've successfully tested these in our installation with …
-
**What happened**:
Non-existent Kustomize version is shown when `kubectl version` is used
```
/ # kubectl version
Client Version: v1.28.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf…
-
# Best Practices to keeping Kubernetes Clusters Secure - devopstales
[https://devopstales.github.io/kubernetes/k8s-security/](https://devopstales.github.io/kubernetes/k8s-security/)
-
### Application contact emails
feynmanzhou@microsoft.com, yizha1@microsoft.com, luisdlp@microsoft.com, sajaya@microsoft.com
### Project Summary
A verification engine on Kubernetes which enabl…
-
I couldn't find the file to edit for this text:
https://kubesec.io/basics/metadata-annotations-seccomp-security-alpha-kubernetes-io-pod/
This will result in a deprecation warning on currently supp…
-
**Describe the bug**:
I think that RBAC and PSP applied to logging-operator, fluent-bit and fluentd are **too permissive**.
**Proposal**:
I propose following RBAC and PSP to restrict as much as p…
-
**What happened:**
On the first boot, no CNI binary is on the node, and so k8s creates the /var/run/azure-vnet directory with 0755 permissions automatically because it is a mount part of the azure-c…