ABOUT THE AUTHOR

Marcin Szumilak

Senior DevOps Engineer

Marcin is a DevOps with a background in AWS, Kubernetes and database. He likes SciFi and classical literature, music (classical, rock, heavy metal), good movies and cartoons, but cars are his biggest passion.

Marcin Szumilak

Recent posts by Marcin:

Thumbnail of an article about Security in Kubernetes — overview of admission webhooks
CLOUD

Security in Kubernetes — overview of admission webhooks

This blog post is a continuation of two previous posts on security mechanisms in Kubernetes. If you have not yet read them, click here for part 1 and part 2 to see how you can provide an adequate level of security in Kubernetes deployments. Existing admission controllers are very useful, as they allow you to validate or modify requests to a Kubernetes API server. However, they have two limitations: They have to be compiled into an API server and can be configured only on the API server startup. The flexibility of admission webhooks helps solve these problems.Once enabled, their behavior depends on the special application running inside the Kubernetes cluster.
Marcin Szumilak

Marcin Szumilak

on Jun 23, 2019
Thumbnail of an article about How to make your Kubernetes cluster secure
CLOUD

How to make your Kubernetes cluster secure

In the last couple of years Kubernetes (K8s) has become one of the most popular tools for running containerized applications. Many cloud companies, major ones among them, have adopted it to orchestrate their container-based workloads. Given its popularity, the problem of K8s security is becoming even more pressing. Read our two-part blog post series on how to make a Kubernetes cluster secure. Part one provides a brief history of virtualization, presents admission controllers and how they work and shows how Pod Security Policies, a powerful admission controller, can help you manage user actions on Kubernetes cluster.
Marcin Szumilak

Marcin Szumilak

on Jun 11, 2019
Thumbnail of an article about The benefits of Pod Security Policy — a use case
CLOUD

The benefits of Pod Security Policy — a use case

In the previous post I looked at how security is handled in Kubernetes. Let’s now see how it works in practice. One of the most powerful controllers is the Pod Security Policy admission controller (PSP). PSP is a cluster-level security mechanism that enables control over sensitive aspects of pod specification. It allows you to define a set of conditions a pod must meet in order to be accepted into the system.The following use case illustrates how it works. Let’s assume that we have a shared file system
Marcin Szumilak

Marcin Szumilak

on Jun 11, 2019