Scanning Kubernetes config

It is pretty easy to configure application clusters in Kubernetes. The issue is how not to make a mistake by missing something. How to avoid the situation where your configuration is “Vulnerable by design”?

I’ve looked into a couple of tools recently:

Rewrite libraries are meant for more than just Kubernetes (think Java, Spring). It is a tool to easily refactor your code and make sure you use the best practices. As far as I saw, you must use one of the build tools to run it, e.g., Gradle. I managed to come up with a simple example to prove its worth: ivarprudnikov/openrewrite-kubernetes-example

Checkov, on the other hand, is a standalone tool that is focused on infrastructure as code. There are many ways to install and run it. It does not depend on your build pipeline. I did do two examples to see how it works:

Both tools are great and fit different use cases.

Older post

Testing Prometheus alerts

September 8, 2021
So you have your Prometheus set up; it scraped time-series data. Now you want to get notified when servers will reach some usage thresholds.
Continue reading