Curiefense 🦏

On episode 13 of The Kubelist Podcast, I was joined by Tzury Bar Yochay and Justin Dorfman from Reblaze to talk about Curiefense. This project was added to the CNCF Sandbox recently, and is unique in the ecosystem. Curiefense is an Envoy-proxy based web application firewall that you can run in your own cluster. Give the podcast episode a listen today; Tzury and Justin do a great job explaining what a WAF is and how Curiefense operates. I’m excited to see more high quality security-focused projects in the CNCF ecosystem!

Issue #124

Starting out today with a link to the project. Episode 13 of the podcast is all about Curiefense. Scroll down and look at that Grafana dashboard! While this is a new CNCF project, there’s a lot of maturity here. On the podcast, Tzury dives into the background of the project to explain how such an early project has so many features.

There’s an informative three-part series on the Curiefense blog describing how to think about API security, and how Curiefense can help. Part 3 talks about packet inspection, bot detection, and more; and is a really good primer on the subject. Make sure to start with part 1 and part 2, as they are packed with best practices and pro tips! 🛡

There are a lot of good podcasts for folks building in the CNCF world. This is a great one from Justin, one of my guests on episode 13. This is a fun podcast because it talks about what it’s like to manage a CNCF project. It’s less about the tech, and more about the process. ☁️

A cool, hosted, Katacoda powered environment to play around with Curiefense without needing to install or configure anything. This is a playground with a few scenarios to help you learn, and you can dive in and start experimenting with a functioning installation. 🐱

Also on the Curiefense blog, there is a post that talks about the details of how to configure Curiefense. On the podcast we talked a lot about how and why, but this post has some screenshots and shows details of the process. 🔒

The obligatory “getting started” guide. This is a newer project, so there’s a chance you don’t yet have it installed and running. If you try it out, let the folks at Curiefense know. One of the challenges of running an open source project is just knowing if people are using it. You don’t have to share, but it’s awesome to hear about success stories. 🥳️

This has been in the works for a while, but in case you haven’t seen it there’s a formal proposal to change the Kubernetes release cadence from 4 times per year down to 3. If you have any thoughts on it, get involved in the conversation!