Aqua Blog

Kubernetes Security

What's New in Kubernetes 1.17

Kubernetes 1.17 Features and Enhancements

Kubernetes 1.17 is here, and includes new features, fixes, and improvements. In this post, we will focus on several new features that Kubernetes 1.17 offers, including the Topology Aware Service routing, the Pod shared PID Namespace, scalability improvements by a new endpoint API, and more.

Continue reading ›
KubeSec Enterprise Summit San Diego 2019

Impressions from KubeSec, Our Third Enterprise Summit for K8s Security

Yesterday more than 300 cloud native professionals assembled for KubeSec, what has now become a fixture as a “day zero” event for KubeCon/CloudNativeCon. As with previous events, the emphasis was on end-user organizations’ experiences in securing production environments. While many technical aspects and best …

Continue reading ›
aqua open source security

Aqua Celebrates Open Source at Hacktoberfest

It’s that time of the year again - for some people October is a month of beer, and for others (like us) it’s hacking time! Hacktoberfest, named after the famous German festival Oktoberfest, is a wonderful initiative that invites developers from around the world to participate and contribute to Open Source. At Aqua, …

Continue reading ›
Kubernetes Security

DNS Spoofing on Kubernetes Clusters

In this post I’ll describe how an attacker, who manages to run malicious code on a cluster can, with no special permissive permissions, successfully spoof DNS responses to all the applications running on the cluster, and from there execute a MITM (Man In The Middle) on all network traffic of pods.Before we get into …

Continue reading ›

Kubernetes Pod Escape Using Log Mounts

Kubernetes has many moving parts, and sometimes combining them in certain ways can create unexpected security flaws. In this post you’ll see how a pod running as root and with a mount point to the node’s /var/log directory can expose the entire contents of its host filesystem to any user who has access to its logs. …

Continue reading ›
Hybrid Cloud security

Securing Hybrid Cloud Workloads on Google Anthos

There are major shifts happening around container technology. We have seen ongoing improvements in automation tooling and changes as fully containerized workloads move into production. Companies are often running more than one production Kubernetes cluster at a time.  DevOps and operations teams, subsequently, have …

Continue reading ›
Kubernetes Security

CVE-2019-11246: Another kubectl Path Traversal Vulnerability Disclosed

A new vulnerability (CVE-2019-11246) was disclosed that enables path traversal in kubectl, the popular command line interface for running commands on Kubernetes clusters. What’s interesting about this CVE is that we’ve already seen two previous variations of the same vulnerability disclosed and patched. Read on to …

Continue reading ›
Kubernetes RBAC

Kubernetes RBAC: Asking for Forgiveness or Getting Permission

This blog is dedicated to my Mum. She was a leading psychiatrist who loved learning and traveling. She was a huge inspiration to me. I think she would be proud that I’m pursuing my passion of traveling around the world teaching what I love.

I want to start with a quote attributed to another inspiring woman, Grace …

Continue reading ›
Attending-KubeCon-Blog-650_315_1

Real-World Enterprise Security Experience at KubeSec Summit

For the second time, Aqua will host the KubeSec Enterprise Summit next week, together with our co-hosts AWS, Google Cloud, Microsoft Azure, and Red Hat. The event is co-located with KubeCon/CloudNativeCon in Barcelona and will take place on Monday, May 20th. Unlike other co-located events, this full day program …

Continue reading ›
Kubernetes operator

Aqua Operator: Automating Security for Kubernetes

Aqua recently developed a Kubernetes Operator that was successfully tested and validated by Red Hat standards for integration and supportability. Before we tell you about our new OpenShift-certified Operator, let’s get some context about what an Operator is.

Continue reading ›
Knative_blog_post_5

Knative: The Serverless Environment for Kubernetes Fans

Knative is the newest member of serverless environments that is gaining significant interest and generating a great deal of hype in the Kubernetes/Cloud Native community. It’s an open source framework that was designed to enable the development and deployment of container-based serverless applications that are easy …

Continue reading ›