DevOps Blog Archive

A practical guide to securing the Kubernetes container image supply chain: scan images for vulnerabilities, sign with Cosign, enforce admission policies with Kyverno, and verify provenance from build to runtime.

Kubernetes Secrets need encryption, strict RBAC, rotation, and external secret stores before they are safe for production clusters.

Admission and network policies are not enough. Falco adds runtime detection for suspicious shells, file access, and process activity in Kubernetes.

GitOps needs cluster-side trust checks. Admission control, signed images, and provenance can stop risky manifests before production.

Kubernetes can isolate LLM infrastructure, but prompt injection, retrieval leakage, and tool misuse require application-layer AI security controls.