[
  {
    "path": "CODE_OF_CONDUCT.md",
    "content": "# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nIn the interest of fostering an open and welcoming environment, we as\ncontributors and maintainers pledge to making participation in our project and\nour community a harassment-free experience for everyone, regardless of age, body\nsize, disability, ethnicity, sex characteristics, gender identity and expression,\nlevel of experience, education, socio-economic status, nationality, personal\nappearance, race, religion, or sexual identity and orientation.\n\n## Our Standards\n\nExamples of behavior that contributes to creating a positive environment\ninclude:\n\n* Using welcoming and inclusive language\n* Being respectful of differing viewpoints and experiences\n* Gracefully accepting constructive criticism\n* Focusing on what is best for the community\n* Showing empathy towards other community members\n\nExamples of unacceptable behavior by participants include:\n\n* The use of sexualized language or imagery and unwelcome sexual attention or\n advances\n* Trolling, insulting/derogatory comments, and personal or political attacks\n* Public or private harassment\n* Publishing others' private information, such as a physical or electronic\n address, without explicit permission\n* Other conduct which could reasonably be considered inappropriate in a\n professional setting\n\n## Our Responsibilities\n\nProject maintainers are responsible for clarifying the standards of acceptable\nbehavior and are expected to take appropriate and fair corrective action in\nresponse to any instances of unacceptable behavior.\n\nProject maintainers have the right and responsibility to remove, edit, or\nreject comments, commits, code, wiki edits, issues, and other contributions\nthat are not aligned to this Code of Conduct, or to ban temporarily or\npermanently any contributor for other behaviors that they deem inappropriate,\nthreatening, offensive, or harmful.\n\n## Scope\n\nThis Code of Conduct applies both within project spaces and in public spaces\nwhen an individual is representing the project or its community. Examples of\nrepresenting a project or community include using an official project e-mail\naddress, posting via an official social media account, or acting as an appointed\nrepresentative at an online or offline event. Representation of a project may be\nfurther defined and clarified by project maintainers.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be\nreported by contacting the project team at contact@ibrahimjelliti.com. All\ncomplaints will be reviewed and investigated and will result in a response that\nis deemed necessary and appropriate to the circumstances. The project team is\nobligated to maintain confidentiality with regard to the reporter of an incident.\nFurther details of specific enforcement policies may be posted separately.\n\nProject maintainers who do not follow or enforce the Code of Conduct in good\nfaith may face temporary or permanent repercussions as determined by other\nmembers of the project's leadership.\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,\navailable at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html\n\n[homepage]: https://www.contributor-covenant.org\n\nFor answers to common questions about this code of conduct, see\nhttps://www.contributor-covenant.org/faq\n"
  },
  {
    "path": "LICENSE",
    "content": "MIT License\n\nCopyright (c) 2020 ibrahim Jelliti\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
  },
  {
    "path": "README.md",
    "content": "<p align=\"center\">\n  <img width=\"360\" src=\"kubernetes-security-specialist-logo.png\">\n</p>\n<p align=\"center\">\n  <img src=\"https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat\">\n  <img src=\"https://img.shields.io/badge/status-preview-brightgreen?style=flat\">\n  <img src=\"https://img.shields.io/github/issues-raw/ijelliti/CKSS-Certified-Kubernetes-Security-Specialist?style=flat\">\n  \n  <img src=\"https://img.shields.io/github/license/ijelliti/CKSS-Certified-Kubernetes-Security-Specialist?style=flat\">\n  <img src=\"https://img.shields.io/github/stars/ijelliti/CKSS-Certified-Kubernetes-Security-Specialist?style=social\">\n  <img src=\"https://img.shields.io/github/forks/ijelliti/CKSS-Certified-Kubernetes-Security-Specialist?style=social\">\n</p>\n\n\n# Certified Kubernetes Security Specialist - CKSS\nThis repository is a collection of resources to prepare for the Certified Kubernetes Security Specialist (CKSS) exam.\n> The given references and links below are just assumptions and ideas around the [CKSS curriculum](https://github.com/cncf/curriculum/blob/master/CKS_Curriculum_%20v1.19.pdf).\n\n## CKS Overview\nThe Kubernetes Security Specialist (CKS) certification ensure that the holder has the skills, knowledge, and competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime.\n\nThe certification is generally available to take from [here](https://training.linuxfoundation.org/certification/certified-kubernetes-security-specialist/) as anounced during the KubeCon NA20\n\n## CKS Outline\nThe CKS test will be online, proctored and performance-based with 15-20 hands-on performance based tasks, and candidates have 2 hours to complete the exam tasks.\n\nFrom the CKS Exam Curriculum repository, The exam will test domains and competencies including:\n1. **Cluster Setup (15%)**: Best practice configuration to control the environment's access, rights and platform conformity.\n2. **Cluster Hardening (15%)**: Protecting K8s API and utilize RBAC.\n3. **System Hardening (10%)**: Improve the security of OS & Network; restrict access through IAM\n4. **Minimize Microservice Vulnerabilities (20%)**: Utilizing on K8s various mechanisms to isolate, protect and control workload.\n5. **Supply Chain Security (20%)**: Container oriented security, trusted resources, optimized container images, CVE scanning.\n6. **Monitoring, Logging, and Runtime Security (20%)**: Analyse and detect threads.\n\n# CKS Exam Preparation\n\nIn order to take the CKS exam, you must have **Valid CKA certification** prior to attempting the CKS exam to demonstrate you possess sufficient Kubernetes expertise.\nA first good starting point for securing Kubernetes is the Task section [**Securing a Cluster**](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/) of the official K8s documentation.\nThe exam will be based on **the version of Kubernetes as specified by the CKS Curriculum doc in the [CNCF Curriculum repository](https://github.com/cncf/curriculum)**\n\n# Allowed resources to access during the CKS exam:\nAccording to the [LF docs](https://docs.linuxfoundation.org/tc-docs/certification/certification-resources-allowed#certified-kubernetes-security-specialist-cks), during the CKS exam the candidates may:\n- review the Exam content instructions that are presented in the command line terminal.\n- review Documents installed by the distribution (i.e. /usr/share and its subdirectories)\n- use the Firefox browser in the exam environment in order to access \n  - **Kubernetes Documentation:**\n    - https://kubernetes.io/docs/ and their subdomains\n    - https://kubernetes.io/blog/ and their subdomains\n    \n    This includes all available language translations of these pages (e.g. https://kubernetes.io/zh/docs/)\n  - **Tools**:\n    - Falco documentation https://falco.org/docs/\n    - Bom documentation https://kubernetes-sigs.github.io/bom/cli-reference/\n    - etcd documentation https://etcd.io/docs/\n    - NGINX Ingress Controller Documentation https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/\n    - Cilium Documentation https://docs.cilium.io/en/stable\n    - Istio Documentation https://istio.io/latest/docs/\n    \n  The allowed sites above may contain links that point to external sites. It is the responsibility of the candidate not to click any links to navigate to a domain that is not allowed but the exam environment is typically configured to block access to disallowed domains.\n\n## Cluster Setup (15%)\n<details><summary>Use Network security policies to restrict cluster level access</summary>\n  \n#### Allowed Ressources\n* [Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies)\n* [Securing a Cluster](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/)\n* [Declare Network Policy](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/)\n* [Enforcing Network Policies in Kubernetes](https://kubernetes.io/blog/2017/10/enforcing-network-policies-in-kubernetes/)\n#### 3rd Party Ressources\n* [Get started with Kubernetes network policy](https://docs.projectcalico.org/security/kubernetes-network-policy)\n* [kubernetes-network-policy-recipes](https://github.com/ahmetb/kubernetes-network-policy-recipes)\n* [Kubernetes Network Policies Best Practices](https://snyk.io/blog/kubernetes-network-policy-best-practices/)\n</details>\n\n<details><summary>Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)</summary>\n  \n#### 3rd Party Ressources\n* [CIS benchmark for Kubernetes](https://www.cisecurity.org/benchmark/kubernetes/)\n* [What is Center for Internet Security (CIS) Benchmarks](https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-cis-benchmark)\n* [Kube-bench](https://github.com/aquasecurity/kube-bench#running-kube-bench): A tool for running Kubernetes CIS Benchmark tests\n* [GKE: CIS Benchmarks for etcd & kubelet](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#default-values) \n</summary>\n</details>\n\n<details><summary>Properly set up Ingress objects with TLS</summary>\n\n#### Allowed Ressources\n* [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/)\n* [Ingress Controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/)\n* [NGINX Configuration](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/)\n* [secure an Ingress by specifying a Secret that contains a TLS private key and certificate](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls)\n#### 3rd Party Ressources\n* [How to deploy NGINX Ingress Controller](https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md)\n* [TLS/HTTPS](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/tls.md)\n</details>\n\n<details><summary>Protect node metadata and endpoints</summary>\n\n#### Allowed Ressources\n* [Restricting cloud metadata API access](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access)\n* [Kubelet authentication/authorization](https://kubernetes.io/docs/reference/access-authn-authz/kubelet-authn-authz/)\n#### 3rd Party Ressources\n* [Setting up secure endpoints in Kubernetes](https://blog.cloud66.com/setting-up-secure-endpoints-in-kubernetes/)\n* [GKE Protecting cluster metadata](https://cloud.google.com/kubernetes-engine/docs/how-to/protecting-cluster-metadata)\n* [Retrieving EC2 instance metadata](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html)\n* [EC2 Instance user data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html)\n</details>\n\n<details><summary>Verify platform binaries before deploying</summary>\n\n#### Allowed Ressources\n* [Kubernetes Binaries](https://kubernetes.io/releases/download/#binaries)\n* [Verify Signed Kubernetes Artifacts](https://kubernetes.io/docs/tasks/administer-cluster/verify-signed-artifacts/)\n</details>\n\n## Cluster Hardening (15%)\n<details><summary>Use Role Based Access Controls to minimize exposure</summary>\n\n#### Allowed Ressources\n* [Using RBAC Authorization](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)\n* [Authorization modes for Kubernetes API server](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#authorization-modules)\n#### 3rd Party Ressources\n* [Site for Kubernetes RBAC](https://rbac.dev/)\n* [Understand Role-Based Access Control in Kubernetes](https://www.youtube.com/watch?v=G3R24JSlGjY)\n* [RBAC Study Guide](https://github.com/David-VTUK/CKA-StudyGuide/blob/master/cka-study-guide/docs/revision-topics/01-architcture-installation-configuration.md)\n</details>\n\n<details><summary>Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones</summary>\n  \n#### Allowed Ressources\n* [Managing Service Accounts](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/)\n* [Default roles and role bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings)\n* [Authorization Modes](https://kubernetes.io/docs/reference/access-authn-authz/authorization/#authorization-modules)\n* [Configure Service Accounts for Pods](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/)\n#### 3rd Party Ressources\n* [Kubernetes should not mount default service account credentials by default](https://github.com/kubernetes/kubernetes/issues/57601)\n* [Kubernetes: Creating Service Accounts and Kubeconfigs](https://docs.armory.io/docs/armory-admin/manual-service-account/)\n* [Kubernetes Access Control: Exploring Service Accounts](https://thenewstack.io/kubernetes-access-control-exploring-service-accounts/)\n* [Disable default service account by deployments in Kubernetes](https://stackoverflow.com/questions/52583497/how-to-disable-the-use-of-a-default-service-account-by-a-statefulset-deployments)\n* [Securing Kubernetes Clusters by Eliminating Risky Permissions](https://www.cyberark.com/resources/threat-research-blog/securing-kubernetes-clusters-by-eliminating-risky-permissions)\n* [Understand Role Based Access Control in Kubernetes](https://www.youtube.com/watch?v=G3R24JSlGjY)\n* [Cloud Native Short Take - Kubernetes: Roles-based Access Control RBAC](https://youtu.be/bFdK-zv-oJk)\n</details>\n\n<details><summary>Restrict access to Kubernetes API</summary>\n\n#### Allowed Ressources\n* [Controlling Access to the Kubernetes API](https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/)\n* [Certificate Signing Requests: Create Normal User](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user)\n* [Generate cluster certificates (easyrsa, openssl or cfssl)](https://kubernetes.io/docs/concepts/cluster-administration/certificates/)\n#### 3rd Party Ressources\n* [GKE: Hardening your cluster's security](https://cloud.google.com/anthos/gke/docs/on-prem/how-to/hardening-your-cluster)\n* [Kubernetes RBAC and TLS certificates – Kubernetes security guide](https://sysdig.com/blog/kubernetes-security-rbac-tls/)\n* [Securing Your Kubernetes API Server](https://tufin.medium.com/protecting-your-kubernetes-api-server-5eefeea4cf8a)\n</details>\n\n<details><summary>Upgrade Kubernetes to avoid vulnerabilities</summary>\n  \n#### Allowed Ressources\n* [kubeadm upgrade](https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-upgrade/)\n</details>\n\n## System Hardening (10%)\n<details><summary>Minimize host OS footprint (reduce attack surface)</summary>\n\n#### Allowed Ressources\n* [Preventing containers from loading unwanted kernel modules](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#preventing-containers-from-loading-unwanted-kernel-modules)\n#### 3rd Party Ressources\n* [Reduce Kubernetes Attack Surfaces](https://blog.sonatype.com/kubesecops-kubernetes-security-practices-you-should-follow#:~:text=Reduce%20Kubernetes%20Attack%20Surfaces)\n* [CIS Benchmark Ubuntu Linux](https://www.cisecurity.org/benchmark/ubuntu_linux/)\n* [CIS Benchmark RedHat](https://www.cisecurity.org/benchmark/red_hat_linux/)\n* [CIS Benchmark Debian](https://www.cisecurity.org/benchmark/debian_linux/)\n* [CIS Benchmark SUSE](https://www.cisecurity.org/benchmark/suse_linux/)\n* [CIS Benchmark Oracle](https://www.cisecurity.org/benchmark/oracle_linux/)\n</details>\n\n<details><summary>Using least-privilege identity and access management</summary>\n\n#### 3rd Party Ressources\n* [What is the Principle of Least Privilege (POLP)?](https://digitalguardian.com/blog/what-principle-least-privilege-polp-best-practice-information-security-and-compliance)\n* [IAM Grant least privilege](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege)\n</details>\n\n<details><summary>Minimize external access to the network</summary>\n\n#### Allowed Ressources\n* [K8s quotas (services.loadbalancers)](https://kubernetes.io/docs/concepts/policy/resource-quotas/)\n#### 3rd Party Ressources\n* [Admission control plugin: ResourceQuota](https://github.com/kubernetes/design-proposals-archive/blob/main/resource-management/admission_control_resource_quota.md)\n* [Secure hosts with OS-level firewall (ufw)](https://help.replicated.com/community/t/managing-firewalls-with-ufw-on-kubernetes/230)\n* [Configure firewall with ufw](https://www.linode.com/docs/security/firewalls/configure-firewall-with-ufw/)\n* [Use security groups to secure network (Azure)](https://docs.microsoft.com/en-us/azure/aks/concepts-security#azure-network-security-groups)\n* [Amazon EKS security group considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html)\n* [Amazon EC2 security groups for Linux instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html)\n</details>\n\n<details><summary>Appropriately use kernel hardening tools such as AppArmor, seccomp</summary>\n\n#### Allowed Ressources\n* [Restrict a Container's Access to Resources with AppArmor](https://kubernetes.io/docs/tutorials/clusters/apparmor/)\n* [Restrict a Container's Syscalls with Seccomp](https://kubernetes.io/docs/tutorials/clusters/seccomp/)\n#### 3rd Party Ressources\n* [NSA, CISA Kubernetes Hardening Guide](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF)\n* [Container Security: Fundamental Technology Concepts that Protect Containerized Application by Liz Rice](https://cdn2.hubspot.net/hubfs/1665891/Assets/Container%20Security%20by%20Liz%20Rice%20-%20OReilly%20Apr%202020.pdf)\n</details>\n\n## Minimize Microservice Vulnerabilities (20%)\n<details><summary>Use appropriate pod security standards</summary>\n\n#### Allowed Ressources\n* [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/)\n* [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/)\n* [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)\n* [OPA Gatekeeper: Policy and Governance for Kubernetes](https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/)\n\n#### 3rd Party Ressources\n* [Kubernetes security context, security policy, and network policy – Kubernetes security guide (part 2)](https://sysdig.com/blog/kubernetes-security-psp-network-policy/)\n* [Open Policy Agent Introduction](https://www.youtube.com/watch?v=Yup1FUc2Qn0)\n* [Enforce policies on Kubernetes objects with OPA](https://www.openpolicyagent.org/docs/kubernetes)\n</details>\n\n<details><summary>Manage kubernetes secrets</summary>\n\n#### Allowed Ressources\n* [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/)\n* [Encrypting Secret Data at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/)\n* [Using a KMS provider for data encryption](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/)\n#### 3rd Party Ressources\n* [Secrets Store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver)\n* [How to Manage Secrets in Kubernetes](https://spacelift.io/blog/kubernetes-secrets)\n</details>\n\n<details><summary>Understand and implement isolation techniques (multi-tenancy, sandboxed containers, etc.)</summary>\n\n#### Allowed Ressources\n* [container runtime](https://kubernetes.io/docs/concepts/containers/runtime-class/)\n* [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/)\n#### 3rd Party Ressources\n* [container runtime sandboxes examples](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/585-runtime-class/README.md#examples)\n* [What is gVisor?](https://gvisor.dev/docs/)\n* [Cluster multi-tenancy](https://cloud.google.com/kubernetes-engine/docs/concepts/multitenancy-overview)\n* [Use gVisor to run Kubernetes pods](https://gvisor.dev/docs/user_guide/quick_start/kubernetes/)\n* [Implementing secure Containers using Google’s gVisor](https://thenewstack.io/how-to-implement-secure-containers-using-googles-gvisor/)\n* [Kata containers and Kubernetes: How they fit together?](https://platform9.com/blog/kata-containers-docker-and-kubernetes-how-they-all-fit-together/)\n* [How to use Kata Containers with Kubernetes?](https://github.com/kata-containers/documentation/blob/master/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md)\n</details>\n\n<details><summary>Implement Pod-to-Pod encryption (Cilium, Istio)</summary>\n  \n#### Allowed Ressources\n* [Manage TLS Certificates in a Cluster](https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/)\n* [Cilium Network Policy](https://docs.cilium.io/en/stable/security/policy/#network-policy)\n* [Istio PeerAuthentication](https://istio.io/latest/docs/reference/config/security/peer_authentication/)\n* [Using Istio to improve end-to-end security](https://istio.io/latest/blog/2017/0.1-auth/)\n#### 3rd Party Ressources\n* [A Kubernetes engineer’s guide to mTLS](https://www.buoyant.io/mtls-guide)\n* [Secure communication between services in Istio with mutual TLS](https://developer.ibm.com/tutorials/istio-security-mtls/)\n* [Mutual TLS Authentication (mTLS) De-Mystified](https://codeburst.io/mutual-tls-authentication-mtls-de-mystified-11fa2a52e9cf)\n* [Traffic encryption using mTLS](https://www.istioworkshop.io/11-security/01-mtls/)\n</details>\n\n## Supply Chain Security (20%)\n\n<details><summary>Minimize base image footprint</summary>\n\n#### 3rd Party Ressources\n* [Why build small container images in Kubernetes](https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-how-and-why-to-build-small-container-images)\n* [7 best practices for building containers](https://cloud.google.com/blog/products/gcp/7-best-practices-for-building-containers)\n* [distroless containers](https://github.com/GoogleContainerTools/distroless)\n* [Docker Hardened Images](https://www.docker.com/products/hardened-images/)\n* [SlimToolkit](https://slimtoolkit.org/)\n* [Docker multi-stage builds](https://docs.docker.com/develop/develop-images/multistage-build/)\n* [Tips to Reduce Docker Image Sizes](https://hackernoon.com/tips-to-reduce-docker-image-sizes-876095da3b34)\n* [3 simple tricks for smaller Docker images](https://learnk8s.io/blog/smaller-docker-images)\n* [Docker multi-stage build with Go](https://youtu.be/wQDkLxj9ALs)\n</details>\n\n<details><summary>Secure your supply chain (permitted registries, sign and validate artifacts, etc.)</summary>\n\n#### Allowed Ressources\n* [Using Admission Controllers](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/)\n* [Dynamic Admission Control](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/)\n* [A Guide to Kubernetes Admission Controllers](https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/)\n#### 3rd Party Ressources\n* [Ensure images only from approved sources are run](https://github.com/kubernetes/kubernetes/issues/22888)\n* [How to reject docker registries in Kubernetes?](https://stackoverflow.com/questions/54463125/how-to-reject-docker-registries-in-kubernetes)\n* [Restrict pulling images from Registry](https://www.openpolicyagent.org/docs/kubernetes)\n* [Sign and verify container images with Sigstore Cosign](https://docs.sigstore.dev/cosign/)\n</details>\n\n<details><summary>Perform static analysis of user workloads and container images (e.g. Kubesec, KubeLinter)</summary>\n\n#### Allowed Ressources\n* [11 Ways (Not) to Get Hacked: statically-analyse-yaml](https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/#7-statically-analyse-yaml)\n\n#### 3rd Party Ressources\n* [Trivy](https://github.com/aquasecurity/trivy)\n* [Static analysis with KubeLinter](https://docs.kubelinter.io/)\n* [Static analysis with Kube-score](https://kube-score.com/)\n* [kubesec](https://kubesec.io/)\n* [Kubernetes static code analysis with Checkov](https://www.checkov.io/)\n</details>\n\n<details><summary>Understand your supply chain (e.g. SBOM, CI/CD, artifact repositories)</summary>\n  \n#### Allowed Ressources\n* [Check artifacts against SPDX manifests with bom](https://kubernetes-sigs.github.io/bom/cli-reference/bom_validate/)\n#### 3rd Party Ressources\n* [What is a software bill of materials (SBOM)?](https://github.com/resources/articles/what-is-an-sbom-software-bill-of-materials)\n* [Linux Foundation: SPDX tools](https://spdx.dev/use/spdx-tools/)\n</details>\n\n## Monitoring, Logging and Runtime Security (20%)\n\n<details><summary>Perform behavioral analytics to detect malicious activities</summary>\n\n#### Allowed Ressources\n* [Restrict a Container's Syscalls with Seccomp](https://kubernetes.io/docs/tutorials/clusters/seccomp/)\n* [An Introduction to Kubernetes Security using Falco](https://falco.org/blog/intro-k8s-security-monitoring/)\n* [Falco Rules](https://falco.org/docs/reference/rules/)\n#### 3rd Party Ressources\n* [Kubernetes Security monitoring at scale](https://medium.com/@SkyscannerEng/kubernetes-security-monitoring-at-scale-with-sysdig-falco-a60cfdb0f67a)\n</details>\n\n<details><summary>Detect threats within physical infrastructure, apps, networks, data, users and workloads</summary>\n\n#### 3rd Party Ressources\n* [Common Kubernetes config security threats](https://www.cncf.io/blog/2020/08/07/common-kubernetes-config-security-threats/)\n* [A guidance on Kubernetes threat modeling](https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/guidance-on-kubernetes-threat-modeling)\n* [A Deep Dive Into Kubernetes Threat Modeling](https://www.trendmicro.com/vinfo/us/security/news/security-technology/a-deep-dive-into-kubernetes-threat-modeling)\n* [Threat matrix for Kubernetes](https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/)\n</details>\n\n<details><summary>Investigate and identify phases of attack and bad actors within the environment</summary>\n\n#### 3rd Party Ressources\n* [Anatomy of a Kubernetes attack – How untrusted Docker images fails us](https://www.optiv.com/explore-optiv-insights/source-zero/anatomy-kubernetes-attack-how-untrusted-docker-images-fail-us)\n* [The seven phases of a cyber attack](https://www.dnv.com/cyber/insights/articles/recognizing-the-seven-stages-of-a-cyber-attack/)\n* [Threat matrix for Kubernetes](https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/)\n* [MITRE ATT&CK framework for container runtime security with Falco](https://sysdig.com/blog/mitre-attck-framework-for-container-runtime-security-with-sysdig-falco/)\n* [Mitigating Kubernetes attacks](https://www.youtube.com/watch?v=HWv8ZKLCawM)\n</details>\n\n<details><summary>Ensure immutability of containers at runtime</summary>\n\n#### Allowed Ressources\n* [\"ReadOnlyRootFilesystem\" (securityContext)](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)\n* [\"readOnly\" volume mount](https://kubernetes.io/docs/concepts/storage/volumes/#read-only-mounts)\n* [Principles of Container-based Application Design](https://kubernetes.io/blog/2018/03/principles-of-container-app-design/)\n#### 3rd Party Ressources\n* [Leverage Kubernetes to ensure that containers are immutable](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/container_security_guide/keeping_containers_fresh_and_updateable#leveraging_kubernetes_and_openshift_to_ensure_that_containers_are_immutable)\n* [Why I think we should all use immutable Docker images](https://medium.com/sroze/why-i-think-we-should-all-use-immutable-docker-images-9f4fdcb5212f)\n</details>\n\n<details><summary>Use Kubernetes audit logs to monitor access</summary>\n\n#### Allowed Ressources\n* [Kubernetes Audit](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/)\n#### 3rd Party Ressources\n* [Kubernetes Audit logging](https://docs.sysdig.com/en/kubernetes-audit-logging.html)\n* [How to monitor Kubernetes audit logs?](https://www.datadoghq.com/blog/monitor-kubernetes-audit-logs/)\n* [Kubernetes Audit: Making Log Auditing a Viable Practice Again](https://www.cncf.io/blog/2019/12/03/kubernetes-audit-making-log-auditing-a-viable-practice-again/)\n</details>\n\n# Related Kubernetes security resources\n* [FREE CKS self-study course](https://rx-m.com/cks-self-study-course/)\n* [Kubernetes Security Essentials (LFS260) video course](https://training.linuxfoundation.org/training/kubernetes-security-essentials-lfs260/)\n* [Cloud Native Security Tutorial](https://tutorial.kubernetes-security.info/)\n* [Killer Shell CKS Simulator](https://killer.sh/cks)\n* [Killer Coda CKS Simulator](https://killercoda.com/killer-shell-cks)\n* [Sysdig Kubernetes Security Guide](https://www.sysdig.com/s-kubernetes-security-guide)\n* [Kubernetes Security Best Practices - Ian Lewis, Google](https://youtu.be/wqsUfvRyYpw)\n* [Kubernetes security concepts and demos](https://youtu.be/VjlvS-qiz_U)\n* [Tutorial: Getting Started With Cloud Native Security - Liz Rice, Aqua Security & Michael Hausenblas](https://youtu.be/MisS3wSds40)\n* [11 Ways (Not) to Get Hacked](https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/)\n* [Kubernetes Goat](https://github.com/madhuakula/kubernetes-goat)\n* [Kubernetes CTF on vagrant environment (archived)](https://github.com/NodyHub/k8s-ctf-rocks)\n* [CKS 5-day Boot Camp (live, instructor-led)](https://rx-m.com/training/certified-kubernetes-security-specialist-cks-boot-camp/)\n* [CKS 1-day Exam Prep (live, instructor-led)](https://rx-m.com/training/certified-kubernetes-security-specialist-cks-exam-prep/)\n* [Certified Kubernetes Security Specialist 2026 video course](https://www.udemy.com/course/certified-kubernetes-security-specialist-certification/)\n* [NSA/CISA Kubernetes Hardening Guidance 08/2022](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF)\n### White Papers\n* [CNCF cloud-native security white paper v2 May 2022](https://github.com/cncf/tag-security/blob/main/community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf)\n\n# Keep Updating\n* LIVING DOCUMENT - I WILL UPDATE IT FREQUENTLY WHEN I HAVE NEW INFORMATIONS\n* PRs are always welcome so star, fork and contribute\n  * please make a pull request if you would like to add or update \n\n\nIbrahim Jelliti © 2020\n\n"
  },
  {
    "path": "bookmarks_CKSS.html",
    "content": "<!DOCTYPE NETSCAPE-Bookmark-file-1>\r\n<!-- This is an automatically generated file.\r\n     It will be read and overwritten.\r\n     DO NOT EDIT! -->\r\n<META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=UTF-8\">\r\n<TITLE>Bookmarks</TITLE>\r\n<H1>Bookmarks</H1>\r\n<DL><p>\r\n    <DT><H3 ADD_DATE=\"1605426893\" LAST_MODIFIED=\"0\" PERSONAL_TOOLBAR_FOLDER=\"true\">Bookmarks bar</H3>\r\n    <DL><p>\r\n        <DT><H3 ADD_DATE=\"1605426915\" LAST_MODIFIED=\"1605429146\">CKSS</H3>\r\n        <DL><p>\r\n            <DT><H3 ADD_DATE=\"1605426915\" LAST_MODIFIED=\"1605428873\">Network</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/services-networking/network-policies/\" ADD_DATE=\"1605427888\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Network Policies | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/\" ADD_DATE=\"1605427888\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Securing a Cluster | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/\" ADD_DATE=\"1605427888\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Declare Network Policy | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/blog/2017/10/enforcing-network-policies-in-kubernetes/\" ADD_DATE=\"1605427888\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Enforcing Network Policies in Kubernetes | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/policy/resource-quotas/\" ADD_DATE=\"1605428852\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Resource Quotas | Kubernetes</A>\r\n                <DT><A HREF=\"https://v1-17.docs.kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service\" ADD_DATE=\"1605428858\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Configure Your Cloud Provider&#39;s Firewalls - Kubernetes</A>\r\n                <DT><A HREF=\"https://github.com/kubernetes/community/blob/master/contributors/design-proposals/resource-management/admission_control_resource_quota.md\" ADD_DATE=\"1605428859\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACrElEQVQ4jW2SzWucVRTGf+fe9847SW2n+WioIdZkJkzGWLMsQvBjpRv1H1BcqSB166aUbgQXLkpEEGnF7ty5Edw0orULtS5DjNOZ5qvEKkMzEUuS6bz33tPFvCNj6LM653LO8/A85wpHUJmbW0QKbwMvAU8BCHpXkZshhK+2mmu3BudloC5UagsfI7wvIsOooqoKID2gqvuqfLFeX7kAdPsEBmZdea74beLcKxoj+R4iPf7BXozBZ9n1jdudN+BOZgEtV5/8pJAW3/JZ90ZU/UiF0yAnVbWpUVvAMLASo7+oUYuFQvrqiRFT2NttLctUtXouleIN62whZNm19dur7wLFiZmzpdbmahvQyWr15L2Dg312dg5n5s5+6lzhvPfZQ59lLyapce+IkSGNkSjaASzQaW2udvrh3Gs07ud2LUqmMVhrzLA4+55RNS+IqsYYO91u+AwIvVz+F3C/DkEffh5i3FdFwSwaEaYUBKT950Z9Ox+MgA4QaL+/22xuCWzl708bwGkv6mMj5XLxiPJRCJOTRYXx3pw6A9wRVRUjpZIZej5Xso+xkAB65lhp0YhM5H9k3ajqrxgD8MAm5sp0tVrLczhqwZ+ZfXbeJckSoGJEUH42MYQvUZXgw5Kq3nRu+I/KMwvLM9X5c/3tqXLtuUpt4WuXyC+CzANRo4audq/Yf9r3d0pjp0atTT7M/OGbxpg9VE5nofPNv+32HsDQ+MgTqXVXRSRV5dAmNo3eL2036tekf7JKbeEngbEY/QcKDzYba7/9Z2B6ulhJj2+LkQljLD5k1zfq8XVY8yY/WVivr7wcNf5oE/e9Mcmt0dnZE/398TR1COMi4n3wlzfqq6/BWheIdiCouLfb+u742KllVP/+q+l/gHYAONgdkdHRxIbgL202fr+aiwLwCG7VPT6fvRxuAAAAAElFTkSuQmCC\">community/admission_control_resource_quota.md at master · kubernetes/community · GitHub</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605426915\" LAST_MODIFIED=\"1605428374\">Ingress</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/services-networking/ingress/\" ADD_DATE=\"1605427946\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Ingress | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/\" ADD_DATE=\"1605427952\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Ingress Controllers | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/\" ADD_DATE=\"1605427953\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Set up Ingress on Minikube with the NGINX Ingress Controller | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/services-networking/ingress/#tls\" ADD_DATE=\"1605427954\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Ingress | Kubernetes</A>\r\n                <DT><A HREF=\"https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md\" ADD_DATE=\"1605427955\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACrElEQVQ4jW2SzWucVRTGf+fe9847SW2n+WioIdZkJkzGWLMsQvBjpRv1H1BcqSB166aUbgQXLkpEEGnF7ty5Edw0orULtS5DjNOZ5qvEKkMzEUuS6bz33tPFvCNj6LM653LO8/A85wpHUJmbW0QKbwMvAU8BCHpXkZshhK+2mmu3BudloC5UagsfI7wvIsOooqoKID2gqvuqfLFeX7kAdPsEBmZdea74beLcKxoj+R4iPf7BXozBZ9n1jdudN+BOZgEtV5/8pJAW3/JZ90ZU/UiF0yAnVbWpUVvAMLASo7+oUYuFQvrqiRFT2NttLctUtXouleIN62whZNm19dur7wLFiZmzpdbmahvQyWr15L2Dg312dg5n5s5+6lzhvPfZQ59lLyapce+IkSGNkSjaASzQaW2udvrh3Gs07ud2LUqmMVhrzLA4+55RNS+IqsYYO91u+AwIvVz+F3C/DkEffh5i3FdFwSwaEaYUBKT950Z9Ox+MgA4QaL+/22xuCWzl708bwGkv6mMj5XLxiPJRCJOTRYXx3pw6A9wRVRUjpZIZej5Xso+xkAB65lhp0YhM5H9k3ajqrxgD8MAm5sp0tVrLczhqwZ+ZfXbeJckSoGJEUH42MYQvUZXgw5Kq3nRu+I/KMwvLM9X5c/3tqXLtuUpt4WuXyC+CzANRo4audq/Yf9r3d0pjp0atTT7M/OGbxpg9VE5nofPNv+32HsDQ+MgTqXVXRSRV5dAmNo3eL2036tekf7JKbeEngbEY/QcKDzYba7/9Z2B6ulhJj2+LkQljLD5k1zfq8XVY8yY/WVivr7wcNf5oE/e9Mcmt0dnZE/398TR1COMi4n3wlzfqq6/BWheIdiCouLfb+u742KllVP/+q+l/gHYAONgdkdHRxIbgL202fr+aiwLwCG7VPT6fvRxuAAAAAElFTkSuQmCC\">ingress-nginx/index.md at master · kubernetes/ingress-nginx · GitHub</A>\r\n                <DT><A HREF=\"https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/tls.md\" ADD_DATE=\"1605427956\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACrElEQVQ4jW2SzWucVRTGf+fe9847SW2n+WioIdZkJkzGWLMsQvBjpRv1H1BcqSB166aUbgQXLkpEEGnF7ty5Edw0orULtS5DjNOZ5qvEKkMzEUuS6bz33tPFvCNj6LM653LO8/A85wpHUJmbW0QKbwMvAU8BCHpXkZshhK+2mmu3BudloC5UagsfI7wvIsOooqoKID2gqvuqfLFeX7kAdPsEBmZdea74beLcKxoj+R4iPf7BXozBZ9n1jdudN+BOZgEtV5/8pJAW3/JZ90ZU/UiF0yAnVbWpUVvAMLASo7+oUYuFQvrqiRFT2NttLctUtXouleIN62whZNm19dur7wLFiZmzpdbmahvQyWr15L2Dg312dg5n5s5+6lzhvPfZQ59lLyapce+IkSGNkSjaASzQaW2udvrh3Gs07ud2LUqmMVhrzLA4+55RNS+IqsYYO91u+AwIvVz+F3C/DkEffh5i3FdFwSwaEaYUBKT950Z9Ox+MgA4QaL+/22xuCWzl708bwGkv6mMj5XLxiPJRCJOTRYXx3pw6A9wRVRUjpZIZej5Xso+xkAB65lhp0YhM5H9k3ajqrxgD8MAm5sp0tVrLczhqwZ+ZfXbeJckSoGJEUH42MYQvUZXgw5Kq3nRu+I/KMwvLM9X5c/3tqXLtuUpt4WuXyC+CzANRo4audq/Yf9r3d0pjp0atTT7M/OGbxpg9VE5nofPNv+32HsDQ+MgTqXVXRSRV5dAmNo3eL2036tekf7JKbeEngbEY/QcKDzYba7/9Z2B6ulhJj2+LkQljLD5k1zfq8XVY8yY/WVivr7wcNf5oE/e9Mcmt0dnZE/398TR1COMi4n3wlzfqq6/BWheIdiCouLfb+u742KllVP/+q+l/gHYAONgdkdHRxIbgL202fr+aiwLwCG7VPT6fvRxuAAAAAElFTkSuQmCC\">ingress-nginx/tls.md at master · kubernetes/ingress-nginx · GitHub</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#restricting-cloud-metadata-api-access\" ADD_DATE=\"1605428365\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Securing a Cluster | Kubernetes</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605426915\" LAST_MODIFIED=\"1605428878\">Cluster</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://github.com/ibrahimjelliti/CKSS-Certified-Kubernetes-Security-Specialist/blob/master/README.md\" ADD_DATE=\"1605428374\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACrElEQVQ4jW2SzWucVRTGf+fe9847SW2n+WioIdZkJkzGWLMsQvBjpRv1H1BcqSB166aUbgQXLkpEEGnF7ty5Edw0orULtS5DjNOZ5qvEKkMzEUuS6bz33tPFvCNj6LM653LO8/A85wpHUJmbW0QKbwMvAU8BCHpXkZshhK+2mmu3BudloC5UagsfI7wvIsOooqoKID2gqvuqfLFeX7kAdPsEBmZdea74beLcKxoj+R4iPf7BXozBZ9n1jdudN+BOZgEtV5/8pJAW3/JZ90ZU/UiF0yAnVbWpUVvAMLASo7+oUYuFQvrqiRFT2NttLctUtXouleIN62whZNm19dur7wLFiZmzpdbmahvQyWr15L2Dg312dg5n5s5+6lzhvPfZQ59lLyapce+IkSGNkSjaASzQaW2udvrh3Gs07ud2LUqmMVhrzLA4+55RNS+IqsYYO91u+AwIvVz+F3C/DkEffh5i3FdFwSwaEaYUBKT950Z9Ox+MgA4QaL+/22xuCWzl708bwGkv6mMj5XLxiPJRCJOTRYXx3pw6A9wRVRUjpZIZej5Xso+xkAB65lhp0YhM5H9k3ajqrxgD8MAm5sp0tVrLczhqwZ+ZfXbeJckSoGJEUH42MYQvUZXgw5Kq3nRu+I/KMwvLM9X5c/3tqXLtuUpt4WuXyC+CzANRo4audq/Yf9r3d0pjp0atTT7M/OGbxpg9VE5nofPNv+32HsDQ+MgTqXVXRSRV5dAmNo3eL2036tekf7JKbeEngbEY/QcKDzYba7/9Z2B6ulhJj2+LkQljLD5k1zfq8XVY8yY/WVivr7wcNf5oE/e9Mcmt0dnZE/398TR1COMi4n3wlzfqq6/BWheIdiCouLfb+u742KllVP/+q+l/gHYAONgdkdHRxIbgL202fr+aiwLwCG7VPT6fvRxuAAAAAElFTkSuQmCC\">Restricting cloud metadata API access</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/#preventing-containers-from-loading-unwanted-kernel-modules\" ADD_DATE=\"1605428790\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Securing a Cluster | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tutorials/clusters/apparmor/\" ADD_DATE=\"1605428873\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Restrict a Container&#39;s Access to Resources with AppArmor | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tutorials/clusters/seccomp/\" ADD_DATE=\"1605428878\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Restrict a Container&#39;s Syscalls with Seccomp | Kubernetes</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605428439\" LAST_MODIFIED=\"1605428617\">authentication/authorization</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/\" ADD_DATE=\"1605428441\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Kubelet authentication/authorization</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/security/controlling-access/\" ADD_DATE=\"1605428596\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Controlling Access to the Kubernetes API</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user\" ADD_DATE=\"1605428617\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Certificate Signing Requests</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605428469\" LAST_MODIFIED=\"1605428481\">K8S Dashboard</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/\" ADD_DATE=\"1605428475\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Web UI (Dashboard) | Kubernetes</A>\r\n                <DT><A HREF=\"https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/README.md\" ADD_DATE=\"1605428480\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACrElEQVQ4jW2SzWucVRTGf+fe9847SW2n+WioIdZkJkzGWLMsQvBjpRv1H1BcqSB166aUbgQXLkpEEGnF7ty5Edw0orULtS5DjNOZ5qvEKkMzEUuS6bz33tPFvCNj6LM653LO8/A85wpHUJmbW0QKbwMvAU8BCHpXkZshhK+2mmu3BudloC5UagsfI7wvIsOooqoKID2gqvuqfLFeX7kAdPsEBmZdea74beLcKxoj+R4iPf7BXozBZ9n1jdudN+BOZgEtV5/8pJAW3/JZ90ZU/UiF0yAnVbWpUVvAMLASo7+oUYuFQvrqiRFT2NttLctUtXouleIN62whZNm19dur7wLFiZmzpdbmahvQyWr15L2Dg312dg5n5s5+6lzhvPfZQ59lLyapce+IkSGNkSjaASzQaW2udvrh3Gs07ud2LUqmMVhrzLA4+55RNS+IqsYYO91u+AwIvVz+F3C/DkEffh5i3FdFwSwaEaYUBKT950Z9Ox+MgA4QaL+/22xuCWzl708bwGkv6mMj5XLxiPJRCJOTRYXx3pw6A9wRVRUjpZIZej5Xso+xkAB65lhp0YhM5H9k3ajqrxgD8MAm5sp0tVrLczhqwZ+ZfXbeJckSoGJEUH42MYQvUZXgw5Kq3nRu+I/KMwvLM9X5c/3tqXLtuUpt4WuXyC+CzANRo4audq/Yf9r3d0pjp0atTT7M/OGbxpg9VE5nofPNv+32HsDQ+MgTqXVXRSRV5dAmNo3eL2036tekf7JKbeEngbEY/QcKDzYba7/9Z2B6ulhJj2+LkQljLD5k1zfq8XVY8yY/WVivr7wcNf5oE/e9Mcmt0dnZE/398TR1COMi4n3wlzfqq6/BWheIdiCouLfb+u742KllVP/+q+l/gHYAONgdkdHRxIbgL202fr+aiwLwCG7VPT6fvRxuAAAAAElFTkSuQmCC\">dashboard/README.md at master · kubernetes/dashboard · GitHub</A>\r\n                <DT><A HREF=\"https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md\" ADD_DATE=\"1605428481\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACrElEQVQ4jW2SzWucVRTGf+fe9847SW2n+WioIdZkJkzGWLMsQvBjpRv1H1BcqSB166aUbgQXLkpEEGnF7ty5Edw0orULtS5DjNOZ5qvEKkMzEUuS6bz33tPFvCNj6LM653LO8/A85wpHUJmbW0QKbwMvAU8BCHpXkZshhK+2mmu3BudloC5UagsfI7wvIsOooqoKID2gqvuqfLFeX7kAdPsEBmZdea74beLcKxoj+R4iPf7BXozBZ9n1jdudN+BOZgEtV5/8pJAW3/JZ90ZU/UiF0yAnVbWpUVvAMLASo7+oUYuFQvrqiRFT2NttLctUtXouleIN62whZNm19dur7wLFiZmzpdbmahvQyWr15L2Dg312dg5n5s5+6lzhvPfZQ59lLyapce+IkSGNkSjaASzQaW2udvrh3Gs07ud2LUqmMVhrzLA4+55RNS+IqsYYO91u+AwIvVz+F3C/DkEffh5i3FdFwSwaEaYUBKT950Z9Ox+MgA4QaL+/22xuCWzl708bwGkv6mMj5XLxiPJRCJOTRYXx3pw6A9wRVRUjpZIZej5Xso+xkAB65lhp0YhM5H9k3ajqrxgD8MAm5sp0tVrLczhqwZ+ZfXbeJckSoGJEUH42MYQvUZXgw5Kq3nRu+I/KMwvLM9X5c/3tqXLtuUpt4WuXyC+CzANRo4audq/Yf9r3d0pjp0atTT7M/OGbxpg9VE5nofPNv+32HsDQ+MgTqXVXRSRV5dAmNo3eL2036tekf7JKbeEngbEY/QcKDzYba7/9Z2B6ulhJj2+LkQljLD5k1zfq8XVY8yY/WVivr7wcNf5oE/e9Mcmt0dnZE/398TR1COMi4n3wlzfqq6/BWheIdiCouLfb+u742KllVP/+q+l/gHYAONgdkdHRxIbgL202fr+aiwLwCG7VPT6fvRxuAAAAAElFTkSuQmCC\">dashboard/creating-sample-user.md at master · kubernetes/dashboard · GitHub</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605428549\" LAST_MODIFIED=\"1605428596\">kubernetes</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://github.com/kubernetes/kubernetes/releases\" ADD_DATE=\"1605428552\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACrElEQVQ4jW2SzWucVRTGf+fe9847SW2n+WioIdZkJkzGWLMsQvBjpRv1H1BcqSB166aUbgQXLkpEEGnF7ty5Edw0orULtS5DjNOZ5qvEKkMzEUuS6bz33tPFvCNj6LM653LO8/A85wpHUJmbW0QKbwMvAU8BCHpXkZshhK+2mmu3BudloC5UagsfI7wvIsOooqoKID2gqvuqfLFeX7kAdPsEBmZdea74beLcKxoj+R4iPf7BXozBZ9n1jdudN+BOZgEtV5/8pJAW3/JZ90ZU/UiF0yAnVbWpUVvAMLASo7+oUYuFQvrqiRFT2NttLctUtXouleIN62whZNm19dur7wLFiZmzpdbmahvQyWr15L2Dg312dg5n5s5+6lzhvPfZQ59lLyapce+IkSGNkSjaASzQaW2udvrh3Gs07ud2LUqmMVhrzLA4+55RNS+IqsYYO91u+AwIvVz+F3C/DkEffh5i3FdFwSwaEaYUBKT950Z9Ox+MgA4QaL+/22xuCWzl708bwGkv6mMj5XLxiPJRCJOTRYXx3pw6A9wRVRUjpZIZej5Xso+xkAB65lhp0YhM5H9k3ajqrxgD8MAm5sp0tVrLczhqwZ+ZfXbeJckSoGJEUH42MYQvUZXgw5Kq3nRu+I/KMwvLM9X5c/3tqXLtuUpt4WuXyC+CzANRo4audq/Yf9r3d0pjp0atTT7M/OGbxpg9VE5nofPNv+32HsDQ+MgTqXVXRSRV5dAmNo3eL2036tekf7JKbeEngbEY/QcKDzYba7/9Z2B6ulhJj2+LkQljLD5k1zfq8XVY8yY/WVivr7wcNf5oE/e9Mcmt0dnZE/398TR1COMi4n3wlzfqq6/BWheIdiCouLfb+u742KllVP/+q+l/gHYAONgdkdHRxIbgL202fr+aiwLwCG7VPT6fvRxuAAAAAElFTkSuQmCC\">kubernetes Releases</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605428638\" LAST_MODIFIED=\"1605429116\">Certificates</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/cluster-administration/certificates/\" ADD_DATE=\"1605428640\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">generate certificate</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/\" ADD_DATE=\"1605429109\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Manage TLS Certificates in a Cluster | Kubernetes</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605428687\" LAST_MODIFIED=\"1605428708\">RBAC</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/reference/access-authn-authz/authorization/#authorization-modules\" ADD_DATE=\"1605428691\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Authorization Overview </A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/reference/access-authn-authz/rbac/\" ADD_DATE=\"1605428708\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Using RBAC Authorization | Kubernetes</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605428726\" LAST_MODIFIED=\"1605428790\">Service Accounts</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/\" ADD_DATE=\"1605428734\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Managing Service Accounts | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings\" ADD_DATE=\"1605428739\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Using RBAC Authorization | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/\" ADD_DATE=\"1605428743\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Configure Service Accounts for Pods | Kubernetes</A>\r\n                <DT><A HREF=\"https://github.com/kubernetes/kubernetes/issues/57601\" ADD_DATE=\"1605428746\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACrElEQVQ4jW2SzWucVRTGf+fe9847SW2n+WioIdZkJkzGWLMsQvBjpRv1H1BcqSB166aUbgQXLkpEEGnF7ty5Edw0orULtS5DjNOZ5qvEKkMzEUuS6bz33tPFvCNj6LM653LO8/A85wpHUJmbW0QKbwMvAU8BCHpXkZshhK+2mmu3BudloC5UagsfI7wvIsOooqoKID2gqvuqfLFeX7kAdPsEBmZdea74beLcKxoj+R4iPf7BXozBZ9n1jdudN+BOZgEtV5/8pJAW3/JZ90ZU/UiF0yAnVbWpUVvAMLASo7+oUYuFQvrqiRFT2NttLctUtXouleIN62whZNm19dur7wLFiZmzpdbmahvQyWr15L2Dg312dg5n5s5+6lzhvPfZQ59lLyapce+IkSGNkSjaASzQaW2udvrh3Gs07ud2LUqmMVhrzLA4+55RNS+IqsYYO91u+AwIvVz+F3C/DkEffh5i3FdFwSwaEaYUBKT950Z9Ox+MgA4QaL+/22xuCWzl708bwGkv6mMj5XLxiPJRCJOTRYXx3pw6A9wRVRUjpZIZej5Xso+xkAB65lhp0YhM5H9k3ajqrxgD8MAm5sp0tVrLczhqwZ+ZfXbeJckSoGJEUH42MYQvUZXgw5Kq3nRu+I/KMwvLM9X5c/3tqXLtuUpt4WuXyC+CzANRo4audq/Yf9r3d0pjp0atTT7M/OGbxpg9VE5nofPNv+32HsDQ+MgTqXVXRSRV5dAmNo3eL2036tekf7JKbeEngbEY/QcKDzYba7/9Z2B6ulhJj2+LkQljLD5k1zfq8XVY8yY/WVivr7wcNf5oE/e9Mcmt0dnZE/398TR1COMi4n3wlzfqq6/BWheIdiCouLfb+u742KllVP/+q+l/gHYAONgdkdHRxIbgL202fr+aiwLwCG7VPT6fvRxuAAAAAElFTkSuQmCC\">Kubernetes should not mount default service account credentials by default · Issue #57601 · kubernetes/kubernetes · GitHub</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605428901\" LAST_MODIFIED=\"1605429244\">Pod Security</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/policy/pod-security-policy/\" ADD_DATE=\"1605428907\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Pod Security Policies | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\" ADD_DATE=\"1605428912\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Configure a Security Context for a Pod or Container | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/\" ADD_DATE=\"1605428913\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">OPA Gatekeeper: Policy and Governance for Kubernetes | Kubernetes</A>\r\n                <DT><A HREF=\"https://v1-16.docs.kubernetes.io/docs/tasks/debug-application-cluster/falco/\" ADD_DATE=\"1605429180\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Auditing with Falco - Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems\" ADD_DATE=\"1605429214\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Pod Security Policies | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/blog/2018/03/principles-of-container-app-design/\" ADD_DATE=\"1605429231\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Principles of Container-based Application Design | Kubernetes</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605428936\" LAST_MODIFIED=\"1605428948\">Secrets</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/configuration/secret/\" ADD_DATE=\"1605428944\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Secrets | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/\" ADD_DATE=\"1605428947\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Encrypting Secret Data at Rest | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/\" ADD_DATE=\"1605428948\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Using a KMS provider for data encryption | Kubernetes</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605429005\" LAST_MODIFIED=\"1605429109\">container runtime</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity\" ADD_DATE=\"1605429086\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Assigning Pods to Nodes | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/concepts/policy/\" ADD_DATE=\"1605429044\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">tenant isolation with LimitRanges, Ressource quotas and pod policies</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605429141\" LAST_MODIFIED=\"1605429180\">Admission Controllers</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/\" ADD_DATE=\"1605429146\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Using Admission Controllers | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/\" ADD_DATE=\"1605429151\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Dynamic Admission Control | Kubernetes</A>\r\n                <DT><A HREF=\"https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/\" ADD_DATE=\"1605429152\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">A Guide to Kubernetes Admission Controllers | Kubernetes</A>\r\n                <DT><A HREF=\"https://github.com/kubernetes/kubernetes/issues/22888\" ADD_DATE=\"1605429153\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACrElEQVQ4jW2SzWucVRTGf+fe9847SW2n+WioIdZkJkzGWLMsQvBjpRv1H1BcqSB166aUbgQXLkpEEGnF7ty5Edw0orULtS5DjNOZ5qvEKkMzEUuS6bz33tPFvCNj6LM653LO8/A85wpHUJmbW0QKbwMvAU8BCHpXkZshhK+2mmu3BudloC5UagsfI7wvIsOooqoKID2gqvuqfLFeX7kAdPsEBmZdea74beLcKxoj+R4iPf7BXozBZ9n1jdudN+BOZgEtV5/8pJAW3/JZ90ZU/UiF0yAnVbWpUVvAMLASo7+oUYuFQvrqiRFT2NttLctUtXouleIN62whZNm19dur7wLFiZmzpdbmahvQyWr15L2Dg312dg5n5s5+6lzhvPfZQ59lLyapce+IkSGNkSjaASzQaW2udvrh3Gs07ud2LUqmMVhrzLA4+55RNS+IqsYYO91u+AwIvVz+F3C/DkEffh5i3FdFwSwaEaYUBKT950Z9Ox+MgA4QaL+/22xuCWzl708bwGkv6mMj5XLxiPJRCJOTRYXx3pw6A9wRVRUjpZIZej5Xso+xkAB65lhp0YhM5H9k3ajqrxgD8MAm5sp0tVrLczhqwZ+ZfXbeJckSoGJEUH42MYQvUZXgw5Kq3nRu+I/KMwvLM9X5c/3tqXLtuUpt4WuXyC+CzANRo4audq/Yf9r3d0pjp0atTT7M/OGbxpg9VE5nofPNv+32HsDQ+MgTqXVXRSRV5dAmNo3eL2036tekf7JKbeEngbEY/QcKDzYba7/9Z2B6ulhJj2+LkQljLD5k1zfq8XVY8yY/WVivr7wcNf5oE/e9Mcmt0dnZE/398TR1COMi4n3wlzfqq6/BWheIdiCouLfb+u742KllVP/+q+l/gHYAONgdkdHRxIbgL202fr+aiwLwCG7VPT6fvRxuAAAAAElFTkSuQmCC\">Ensuring only images are from approved sources are run · Issue #22888 · kubernetes/kubernetes · GitHub</A>\r\n            </DL><p>\r\n            <DT><H3 ADD_DATE=\"1605429255\" LAST_MODIFIED=\"1605429255\">Audit</H3>\r\n            <DL><p>\r\n                <DT><A HREF=\"https://kubernetes.io/docs/tasks/debug-application-cluster/audit/\" ADD_DATE=\"1605429244\" ICON=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADbElEQVQ4jW2TS2xUdRjFz/f/35k7z86LAcaWBlDSEtBWSgUbUiIYTRtQ6yNRHkZDJBFNBMSNBq0kuNCYaAl1IbJwYcBqFETFKgmMEbAxausQpdQOpsVhOoxt58773v/9XNQ2LPytvvMl56zOAf6DmeXcDRBPDT2WL1tfF8rWCc79/ABugpkF/g/uhsbTg49nctap9/sNs7N7krsOTvNH5/KVXNH8jHO/dTFAN3vmBOevbM1Yi3d8esG85+SAhd+Thr0oKm1lM1JZJZsbgvTgXcBDba5vAtbIB+Rv7JsLYC7v6/tRf+vtvkmkMkUV8hFfy1ryyXt9KFcZfd8XEQtLNVVgWnqLV+59JIjNd1aeJ+k6TPxVh/732s8vdHYXmxb4y1bFJG0qr2j7Ri/aV7qgFPDtryUcO1fEwqBkm9k0TI/zi/3us7Ee530amncvSSTNJUa+RE31mmNDkwsNdU4MDJfpH0OhXGXMDwi891yYR9MWnfml5Lg4XMLQqFwe23Y4JuCrXZOcIB/B5rNDFXjdktc2OimeqPDEtM1jNxQPDFe5/XYXMTPil6oAK4ykOYzI6hYNet3KkbSmmYrNZbUObX5AYN2+63zkhQgFfQIOQbi7UUf7Sym8uSPM9VFJY1lLjaY1J3zLVojJqrfl8liJBUFEayR7dUGb1njg0QlfDhRxZrAEv5vQ0ermgIcoXCMgQPgzZXG25F2lJdPmusRowb6/xS3alutYFJUIeYmOx4u8p8tPlgLe+DjHty6UNC8guXO1GxE/yXjC4KvXAxtoMq8Gn+3N33EpaahyFWLXJj8KZYbLyVQxwQGPQCZnUcSvMQAcOmlAd5Jqvi2g9ex09Iug+cdTB7f7Uj6PLnQH2Uf786iLSrz4cACaBAnB1L01hKBP4MjpPJwOUkG/W3v1CT0RMuLPzBTJuPLoD+NLj+18d4Irpk2bW3W5YrFuG0VFAOB1Sb48XhEnLpaVx+XEoV3BwvrYTx0UaTuvMbMkok+4lDnw8pYFr+/uHTeLVaD3VI6uZW0bAGojglobdGWUwPu3BbX19X/toZq288wsaXZdRGSzVTja0+95+sPTacwLOiDlzDSVDdyYMrFlYxR7O3MHyBF6bdYzG0AEgHFVhx17x6jIVRazmnkzSJCtMaTfZX9HUn+FmYmIGAD+BaUao0aOmMfpAAAAAElFTkSuQmCC\">Auditing | Kubernetes</A>\r\n            </DL><p>\r\n        </DL><p>\r\n    </DL><p>\r\n</DL><p>\r\n"
  }
]