DevSecOps - Kubernetes DevOps & Security

DevSecOps Pipeline

Section 3 Topics

Welcome to Section 3! In this lesson, we’ll strengthen our CI/CD workflow by:

  • Connecting GitHub for source control
  • Adding unit and integration testing stages
  • Running vulnerability scans
  • Performing dynamic application security testing (DAST)

The image outlines a DevSecOps pipeline, detailing sections on introduction, a simple DevOps pipeline, adding security, and Kubernetes security, with specific tasks and tools listed under each section.

Prerequisites

Ensure you have a GitHub repository connected and a Jenkins server with the Kubernetes plugin installed.

DevSecOps Pipeline Overview

Below is a high-level breakdown of each stage in our DevSecOps pipeline:

StagePurposeTool(s)
Source ControlHost and version application codeGitHub
Unit TestingValidate individual functions and modulesJUnit, pytest
Integration TestingTest interactions between servicesPostman, Selenium
Vulnerability ScanningIdentify security flaws in code and dependenciesOWASP Dependency-Check
Dynamic Application Security TestingSimulate real-world attacks against the running appOWASP ZAP

3.1 Verify Kubernetes Rollout Status

After deploying to Kubernetes, confirm that your pods have rolled out successfully:

kubectl rollout status deployment/<your-deployment-name> -n <namespace>

If the rollout stalls or fails, troubleshoot with:

kubectl describe deployment/<your-deployment-name> -n <namespace>
kubectl logs deployment/<your-deployment-name> -n <namespace>

3.2 Configure Jenkins for Slack Notifications

Keep your team informed by sending build alerts to Slack. Add the following to your Jenkinsfile:

pipeline {
  agent any
  stages {
    stage('Build') { /* build steps */ }
    stage('Test')  { /* test steps */ }
    // ... other stages ...
  }
  post {
    success {
      slackSend(
        channel: '#ci-cd', 
        message: "✅ Build successful: ${env.JOB_NAME} #${env.BUILD_NUMBER}"
      )
    }
    failure {
      slackSend(
        channel: '#ci-cd', 
        message: "❌ Build failed: ${env.JOB_NAME} #${env.BUILD_NUMBER}"
      )
    }
  }
}

Slack Setup

Make sure the Slack plugin is installed in Jenkins and you have configured your Incoming Webhook URL under Manage Jenkins → Configure System → Slack.

Next Steps

In Section 4, we’ll focus on Kubernetes security best practices: pod hardening, network policies, and runtime protection.

Watch Video

Watch video content

Previous
Demo Kubernetes Deployment