Cloud Operations Sandbox is an open source tool that helps practitioners to learn Service Reliability Engineering practices from Google and apply them on their cloud services using Cloud Operations suite of tools.

Stars: ✭ 191 (+334.09%)

Mutual labels: cloud-native

Awesome Kubernetes Notes

awesome-kubernetes-notes 🎉

Stars: ✭ 249 (+465.91%)

Mutual labels: cloud-native

Spring Cloud Vault

Configuration Integration with HashiCorp Vault

Stars: ✭ 210 (+377.27%)

Mutual labels: cloud-native

Spring Cloud Kubernetes

Kubernetes integration with Spring Cloud Discovery Client, Configuration, etc...

Stars: ✭ 2,894 (+6477.27%)

Mutual labels: cloud-native

Mojo

✨ Mojolicious - Perl real-time web framework

Stars: ✭ 2,298 (+5122.73%)

Mutual labels: cloud-native

Lens

Lens - The way the world runs Kubernetes

Stars: ✭ 16,471 (+37334.09%)

Mutual labels: cloud-native

Akka Management

Akka Management is a suite of tools for operating Akka Clusters.

Stars: ✭ 218 (+395.45%)

Mutual labels: cloud-native

Spring Cloud Azure

Spring Cloud integration with Azure services

Stars: ✭ 197 (+347.73%)

Mutual labels: cloud-native

Netcorekit

💗 A crafted toolkit for building cloud-native apps on the .NET platform

Stars: ✭ 248 (+463.64%)

Mutual labels: cloud-native

Product Microgateway

A cloud native, developer centric and decentralized API gateway for microservices

Stars: ✭ 194 (+340.91%)

Mutual labels: cloud-native

Almond Cloud

Almond As A Service and Thingpedia

Stars: ✭ 215 (+388.64%)

Mutual labels: cloud-native

slidefiles

[WIP] 整理过去的分享，从零开始的Kubernetes攻防 🧐

Stars: ✭ 2,033 (+4520.45%)

Mutual labels: cloud-native

Krakend Ce

KrakenD Community Edition. Make your binary of KrakenD API Gateway

Stars: ✭ 245 (+456.82%)

Mutual labels: cloud-native

Jina

Cloud-native neural search framework for 𝙖𝙣𝙮 kind of data

Stars: ✭ 12,618 (+28577.27%)

Mutual labels: cloud-native

View All Similar Projects ➔

Anchore Image Validator

Anchore Image Validator lets you automatically detect or block security issues just before a Kubernetes pod starts.

This repository contains an admission webhook server that can be configured as a ValidatingWebhook in a k8s cluster. Kubernetes will send requests to the admission server when a Pod creation is initiated. The server checks the image defined in the pod specification using the configured Anchore-engine API. If the result indicates that the image does not comply with the defined policy, k8s will reject the Pod creation request.

If an image is not valid, the release can be added to a whitelist resource (CRD) to bypass the blocking.
The results of image checks are stored as an audit resource (CRD) in a sructured format.

Installing

Helm install

Install from banzaicloud-stable repository

Add repository

$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com/
$ helm repo update

Install chart

$ helm install --set externalAnchore.anchoreHost=<my.anchore.host>  --set externalAnchore.anchoreUser=<username> --set externalAnchore.anchorePass=<password> banzaicloud-stable/anchore-policy-validator

Manual install

For manual install you need to define the following environment variables

ENV	Descripton
ANCHORE_ENGINE_USERNAME	Anchore-engine username
ANCHORE_ENGINE_PASSWORD	Anchore-engine password
ANCHORE_ENGINE_URL	Anchore-engine URL

Accessing banzaicloud security features via Kubernetes api:

$ curl http://<k8s apiserver>/apis/security.banzaicloud.com/v1alpha1

{
  "kind": "APIResourceList",
  "apiVersion": "v1",
  "groupVersion": "security.banzaicloud.com/v1alpha1",
  "resources": [
    {
      "name": "whitelistitems",
      "singularName": "whitelistitem",
      "namespaced": false,
      "kind": "WhiteListItem",
      "verbs": [ ... ],
      "shortNames": [
        "wl"
      ]
    },
    {
      "name": "audits",
      "singularName": "audit",
      "namespaced": false,
      "kind": "Audit",
      "verbs": [ ... ]
    }
  ]
}

Resources accessible via `kubectl` command:

$ kubectl get whitelist
$ kubectl get audit

Example whitelist:

apiVersion: security.banzaicloud.com/v1alpha1
kind:  WhiteListItem
metadata:
  name: <name of helm release>
spec:
  reason: <whitelisting reason>
  creator: <creator>
  [regexp:] <optional>

Example audit:

apiVersion: security.banzaicloud.com/v1alpha1
kind:  Audit
metadata:
  name: <name of audit (generated from Pod OwnerReference)>
  ownerReferences:
  - <scanned Pod OwnerReference>
spec:
  releaseName: <helm release name>
  resource: pod
  image:
    - imageName": "docker.io/image-name1",
      imageTag": "latest",
      imageDigest": "sha256:abcd1",
      lastUpdated": "2018-11-11T14:35:38Z"
    - imageName": "docker.io/image-name2",
      imageTag": "latest",
      imageDigest": "sha256:abcd2",
      lastUpdated": "2018-11-11T14:35:38Z"
  result:
    - <docker.io/image-name1 scan result>
    - <docker.io/image-name1 scan result>
  action: <allow or reject>
status:
  [state:] <optional>

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

banzaicloud / anchore-image-validator

Programming Languages

Labels

Projects that are alternatives of or similar to anchore-image-validator

Anchore Image Validator

Installing

Helm install

Manual install

Accessing banzaicloud security features via Kubernetes api:

Resources accessible via `kubectl` command:

Example whitelist:

Example audit:

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

banzaicloud / anchore-image-validator

Programming Languages

Labels

Projects that are alternatives of or similar to anchore-image-validator

Anchore Image Validator

Installing

Helm install

Manual install

Accessing banzaicloud security features via Kubernetes api:

Resources accessible via kubectl command:

Example whitelist:

Example audit:

Resources accessible via `kubectl` command: