It started with a misconfigured CI runner. A developer had a Jenkins pipeline building Docker images. The container ran as root. A dependency had a known RCE vulnerability. When the exploit landed, the attacker had root inside the container, and because that process was root, they also had root on the host. They pivoted to the secrets store, grabbed credentials, and spent three weeks inside the network before anyone noticed. ...
Container Networking Deep Dive: From Network Namespaces to Kubernetes Note: This guide is based on the Linux kernel networking documentation, Docker networking documentation (v24+), Kubernetes networking model documentation (v1.28+), and CNI specification v1.0. All examples use documented networking primitives and follow production container networking patterns. Container networking is fundamental to modern cloud-native applications. Understanding how packets flow from pod to pod, how services load-balance traffic, and how network policies enforce security requires knowledge of Linux networking primitives, Container Network Interface (CNI) plugins, and Kubernetes networking abstractions. ...
Update (January 2026): The package versions in this tutorial were current as of March 2024. While the concepts and approach remain valid, you should check for newer versions of the tools mentioned (Hadolint, Terrascan, pre-commit hooks, etc.). Most importantly, update actions/checkout@v3 to actions/checkout@v4 in your workflows - v3 uses deprecated Node.js 16. As I continue this series on CI/CD pipeline security, it is time to now work on securely building and deploying our application. This post picks up where my Build Secure Python Pipelines: Adding Tests and Hooks in Action post left off. ...
After writing my From Scattered to Splunk: Bringing Order to Your Kubernetes Logs post, a buddy of mine Danny Ansell (oh by the way he does work for Cribl and used to work for Splunk) suggested that I could always import my logs into Cribl as well. I’m madly in love with Splunk and do so love one of their tag lines Splunk Rhymes with Drunk, but I’m always on the hunt for kicking the tires on new technology. In this post, I plan to configure the Cribl splunk_hec for Kubernetes logs. ...
In my Silence Not Golden: Fixing the Mute Button on Tetragon Logs post, I realized that I was an idiot. I also realized that I needed to get all of my Kubernetes into one place for a number of reasons. I’m most familiar with Splunk so it makes sense to centralize my Kubernetes logs with Splunk. In this post, I’m going to walk through configuring Splunk and Kubernetes so that all of my logs are in a central location. I’m not going to include setting up a Splunk instance so I’ll assume that you have deployed Splunk in Cloud or some version of Enterprise. ...