Certified Kubernetes Security Specialist (CKS) Preparation Part 7 — Supply Chain Security

  • Light-weight Image as base
  • Multi-stage Build
  • Use specific package versions
  • Do not run as root
  • Make file system read only
  • Remove shell access
docker run ghcr.io/aquasecurity/trivy:latest image nginx
docker run ghcr.io/aquasecurity/trivy:latest image nginx | grep CRITICAL
- kubectl get pods -n kube-system | grep api
- kubectl get pods kube-apiserver-cks-master -n kube-system -o yaml | grep image
docker run ghcr.io/aquasecurity/trivy:latest image k8s.gcr.io/kube-apiserver:v1.20.2
sudo nano /etc/kubernetes/manifests/kube-apiserver.yaml
Error from server (Forbidden): pods "test" is forbidden: Post "https://xxxx:xxxx/xxxx?timeout=30s": dial tcp:....

--

--

--

Learning new things about Kubernetes every day. Hopefully, the learning notes could help people on the same journey!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Loading Scenes in Unity

Firebase Test Lab with Gitlab Continuous Integration

Install & run MongoDB in Amazon EC2 and run shell commands on EC2 from a lambda function

Basic overview of some datatypes

Be standard in your development process

On Testing Culture in GitHub Projects

Enterprise Knowledge Graph 2020

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jonathan

Jonathan

Learning new things about Kubernetes every day. Hopefully, the learning notes could help people on the same journey!

More from Medium

Case Study in Security hardening of a Red Hat OpenShift Operator

How kubectl apply command works?

How To Pass Certified Kubernetes Security Specialist (CKS)?

Fix Kubernetes / k3s DNS on Oracle Cloud