Defensive Tools

  • aws-iam-authenticator - A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
  • cert-manager - Automatically provision and manage TLS certificates in Kubernetes
  • guard - Kubernetes Authentication WebHook Server
  • kube2iam - kube2iam provides different AWS IAM roles for pods running on Kubernetes
  • kube-lego - Automatically request certificates for Kubernetes Ingress resources from Let’s Encrypt

Security Tools

  • kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
  • kube-hunter - Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments.
  • KubiScan - A tool for scanning Kubernetes cluster for risky permissions in Kubernetes’s Role-based access control (RBAC) authorization model.
  • kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls
Edit me on Github