Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Jul 22

Jul 22 Kubernetes Scheduler

Overview

This is the building block that handles pods scheduling based upon resource constraints, requirements, tolerances, governance, and other policies. The scheduler’s pod spec and kubeconfig file permissions should be restricted and only accessible over HTTPS. Please bind to localhost because it exposes sensitive metrics and health data that doesn’t require authentication by default.

CIS Benchmark

1.4.1 Ensure that the --profiling argument is set to false (Automated)

1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)

Jul 23 Kubernetes Kubelet

Jul 16 Kubernetes Add-Ons (3rd party integrations)