secur8

A collection of sensible defaults for Kubernetes security. Most of these, I've seen recommended everywhere and should be minimally invasive:

kube-bench cronjob for scanning for vulnerabilities.
kube-hunter cronjob for scanning for vulnerabilities. I've got this one disabled as I'm not sure about whether it's useful.
kyverno-policies to ensure security good practices. This could be improved upon but I've found it pretty useful to prevent some careless mistakes.
network-policies: Actually this one is pretty invasive. A default network policy to forbid all traffic. Allowing only:
- kubelet-to-pod traffic. Otherwise probes won't work.
- pod-to-dns traffic. Minimally dangerous and widely necessary.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
kube-bench		kube-bench
kube-hunter		kube-hunter
kyverno-policies		kyverno-policies
network-policies		network-policies
README.md		README.md
TODO.md		TODO.md
helmfile.yaml		helmfile.yaml
testing-nginx-deployment.yaml		testing-nginx-deployment.yaml

Provide feedback