security hardening

- [ ] 1. Adopt operator for setting the policies: https://github.com/nirmata/kyverno/blob/master/samples/README.md
- [ ] 2. Add additional flags at kubeadm installation time/post install, based on https://www.stackrox.com/post/2019/09/12-kubernetes-configuration-best-practices/
- [ ] 3. Post deploy security tests: https://github.com/aquasecurity/kube-bench
- [ ] 4. https://blog.sighup.io/announcing-gatekeeper-policy-manager/ viewer
```
kubectl delete --ignore-not-found --all --now ns aqua-kube-bench
sleep 1
kubectl create ns aqua-kube-bench
kubectl -n aqua-kube-bench apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/master/job.yaml
kubectl -n aqua-kube-bench logs -f $(kubectl -n aqua-kube-bench get po -o jsonpath='{.items[0].metadata.name}')
```

- [ ] 5. when https://github.com/kubernetes/kubeadm/issues/1602 will be fixed, update metrics-server helm flags (v1.19)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

security hardening #84

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

security hardening #84

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions