Posts

Table of contents Introduction Understanding Pod Security Standards (PSS) Implementing Pod Security Admission (PSA) Configuring PSA at the Cluster Level Example Configuration Explanation Applying the Configuration Implementing PSA in Production Real-World Examples Step 1: Create Namespaces with PSA Labels Step 2: Deploy Example Pods Deployment in namespace-dev (Allowed) Deployment in namespace-prod (Blocked) Step 3: Fixing Security Issues in namespace-prod Conclusion Securing Kubernetes: Implementing Pod Security Admission (PSA) with Pod Security Standards (PSS) In Kubernetes version 1.31, managing pod security is achieved through the implementation of Pod Security Admission (PSA) and adherence to Pod Security Standards (PSS). These mechanisms ensure that pods comply with security best practices, enhancing the overall security posture of your cluster. ...

Table of contents Security before installation Disable Swap and Load Kernel Modules Install and Configure Containerd Add Kubernetes Package Repository Install Kubernetes Components (Kubeadm, kubelet & kubectl) Initialize Kubernetes Cluster Install Helm Install Calico Network Add-on Plugin Install Ingress-Nginx Install Load Balancer Test Kubernetes Installation Finally security Summary Security before installation It’s best practices to run only Kubernetes on a dedicated server. Running side applications or tuning applications that are used by the cluster may impact Kubernetes itself and is not recommended or supported. ...

Table of contents Install VirtualBox 7.1 Configure VirtualBox Install Ubuntu Update Ubuntu Set Static IP Generate a SSH Key Pair Connect with OpenSSH from you local environment Summary I will be using Ubuntu 24.04 LTS servers running on a Linux host with VirtualBox 7.1 to make a lab environment on my computer. This post will cover the following: Installing & configuring VirtualBox Installing & configuring a NAT Network between ctrlplane, node1 & node2 servers NAT Network address: 10.0.2.0/24 NAT Network default gateway: 10.0.2.2 3 virtual machines Setting also a Bridged adapter to the host for ctrlplane, node1 & node2, this is why my next post will be about Firewall management for each of them server ip addr given ram vcpu storage comment ctrlplane 10.0.2.20 2GB 2 25GB Kubernetes Control Plane server node1 10.0.2.21 2GB 2 25GB Kubernetes worker node 1 node2 10.0.2.22 2GB 2 25GB Kubernetes worker node 2 In case your computer doesn’t have more than 16GB in RAM, just don’t create the node2 machine. ...