Aqua Blog

Kubernetes Security

Kubernetes CVE-2019-1002100

Kubernetes API Server Patch DoS Vulnerability (CVE-2019-1002100)

A new medium severity vulnerability in the open source Kubernetes has been disclosed (CVE-2019-1002100) that can, if exploited, lead to a denial-of-service on the K8s API server, which in turn may lead to the cluster becoming inoperable.

The best mitigation is to remove the “patch” permissions from untrusted users, …

Continue reading ›
Istio Deployments

Istio: Canary Deployments, Dynamic Routing & Tracing

In this series of blog posts we had an introduction to Istio, and an overview of its security features. This post completes the series with a look at how we can leverage Istio’s traffic control features to provide increased observability and control over the operation and deployment of our applications.

Continue reading ›
Kubernetes Secrets

Protecting Kubernetes Secrets: A Practical Guide

While secrets are critical for the operation of production systems, exposing those secrets puts those systems at risk. Kubernetes does not provide robust mechanisms to encrypt, manage, and share secrets across a Kubernetes cluster. You will probably leverage secrets management solutions like Vault, but you’ll …

Continue reading ›
featured_kubesec_blog.png

Impressions from KubeSec, The First Enterprise Kubernetes Security Summit

On Monday, “day 0” of this year’s KubeCon/CloudNativeCon, we held our first KubeSec Enterprise Summit event, co-located with KubeCon under the auspices of the CNCF. Aqua hosted the event together with our partners Red Hat and AWS. The event was over-subscribed, and we had to make special allowance for late …

Continue reading ›
Istio-Security_BLOG650_315.png

Istio Security: Zero-Trust Networking

This is the second in our series of blog posts on Istio, and will focus on Istio’s security features: what they are, how they work and how they help protect your workloads and your data.

Building, deploying and maintaining secure, cloud native software requires multiple overlapping solutions at different stages of …

Continue reading ›
Severe-Privilege--BLOG-650_315.png

Severe Privilege Escalation Vulnerability in Kubernetes (CVE-2018-1002105)

Earlier this week, a severe vulnerability in Kubernetes (CVE-2018-1002105) was disclosed that allows an unauthenticated user to perform privilege escalation and gain full admin privileges on a cluster. The CVE was given the high severity score of 9.8 (out of 10) and it affects all Kubernetes versions from 1.0 …

Continue reading ›
Kubernetes security

Enterprise Kubernetes Security at KubeCon + CloudNativeCon

KubeCon + CloudNativeCon North America is just around the corner, and looks like it is going to break attendance records, becoming the largest gathering of the Kubernetes and cloud native community ever!

Such massive adoption by large organizations in their production deployments, brings with it security and …

Continue reading ›
PKS Security

Security for Pivotal PAS and PKS

After we made the Aqua Security Scanner for PCF announcement last spring, we started the process of supporting Pivotal Container Service (PKS).  Many Pivotal Cloud Foundry PAS customers have tested PKS and many are in production.  

Having been on the security infrastructure side of life for a couple decades, this …

Continue reading ›
Kubernetes security

Kube-hunter - an open source tool for Kubernetes penetration testing

Aqua released a free tool called kube-hunter to help with Kubernetes SecurityYou give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues - it’s like automated penetration testing. 

Continue reading ›
Runtime Security on GCP Marketplace

Aqua’s Container Runtime Security Solution on GCP Marketplace

We’re pleased to announce that the Aqua Container Security Platform is now available on the Google Cloud Marketplace. This is the industry’s first consumption-based security solution for containers, enabled for Kubernetes, providing full lifecycle container security from development to production.

Continue reading ›
AWS EKS Container Security

Creating and Securing an EKS Cluster: First Steps

Amazon’s managed Kubernetes service, EKS, recently went GA. Here are a few things I learnt spinning up an EKS cluster for the first time, and running the kube-bench tests on it.

Continue reading ›