Over 900k Kubernetes exposures were observed across the internet during a routine threat-hunting exercise.

While this does not imply that all exposed instances are vulnerable to attacks, it still makes them a target.

You can learn more in this report.

More: https://blog.cyble.com/2022/06/27/exposed-kubernetes-clusters

All unpatched versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server.

More: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31036

operator-lifecycle-manager is a management framework for extending Kubernetes with Operators.

OLM extends Kubernetes to provide a declarative way to install, manage, and upgrade Operators and their dependencies in a cluster.

More: https://github.com/operator-framework/operator-lifecycle-manager

Octopilot is a CLI tool designed to help you automate your Gitops workflow, by automatically creating and merging GitHub Pull Requests to update specific content in Git repositories.

More: https://dailymotion-oss.github.io/octopilot

When your Kubernetes cluster runs low on resources, the Cluster Autoscaler provision a new node and adds it to the cluster.

The cloud provider has to create a virtual machine from scratch, provision it and connect it to the cluster.

The process could take more than a few minutes from start to end.

But there's an alternative: you can proactively create nodes that are already provisioned when you need them.

In this webinar, Chris will demo live how you can configure Pod Priorities and a placeholder pod to pre-warm node instances for quicker scaling.

You can register here (it's free): https://kube.events/t/f60e2777-059f-4ef7-a11e-5d71150f956f

The following post will describe the necessary steps to host your Helm charts on the GitHub Container Registry.

More: https://niklasmtj.de/blog/use-ghcr-to-host-helm-charts

All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site noscripting (XSS) bug allowing a malicious user to inject a javanoscript: link in the UI.

More: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31035

xlskubectl integrates Google Spreadsheet with Kubernetes.

You can finally administer your cluster from the same spreadsheet that you use to track your expenses.

More: https://github.com/learnk8s/xlskubectl

In this article, you will learn how to build your own Kubernetes cost explorer dashboard using Prometheus and Grafana.

More: https://medium.com/empathyco/cloud-finops-part-4-kubernetes-cost-report-b4964be02dc3

kapp enables users to group a set of resources (resources with the same label) as an application.

In this tutorial, you will learn how to deploy a front-end and backend app with Redis as a single unit with kapp.

More: https://thecloudblog.net/post/managing-applications-in-kubernetes-with-the-carvel-kapp-controller

This article focuses on how Teleport can be used to give developers secure access to a Kubernetes cluster.

More: https://edidiongasikpo.com/how-to-give-developers-secure-access-to-kubernetes-clusters

One interesting challenge with Kubernetes is deploying workloads across several regions.

While you can technically have a cluster with several nodes located in different regions, this is generally regarded as something you should avoid due to the extra latency.

Another popular alternative is to deploy a cluster for each region and find a way to orchestrate them.

In this webinar, Daniele will demo live how to create, connect and operate three Kubernetes clusters in different regions.

You can register here (it's free): https://kube.events/t/a35a3a6f-2d32-458b-aca4-61bb9d8bb1ce

In this article, you will learn how to automatically rollout ConfigMap changes in your GitOps workflows using Argo CD and Kustomize.

More: https://codefresh.io/blog/using-argo-cd-and-kustomize-for-configmap-rollouts

In this tutorial, you'll learn how to use Kyverno to automatically configure annotations that enable access logs for an AWS Network Load Balancer (NLB) to be forwarded to an S3 bucket for a service of type LoadBalancer.

More: https://silvr.medium.com/using-kyverno-to-enforce-aws-load-balancer-annotations-for-centralized-logging-to-s3-af5dc1f1f3e0

djkube is a tool for Django developers to set up a full stack EKS Kubernetes cluster with all necessary tools including devsecops in 40 minutes.

More: https://github.com/rebataur/djkube

You're probably familiar with Kubernetes but do you know what operators are, how they work, and how to build one?

In this tutorial, you'll learn how to create a basic Kubernetes operator.

More: https://medium.com/@leovct/build-a-kubernetes-operator-in-10-minutes-4d5c4c717fd5

Goldilocks is a utility that can help you identify a starting point for resource requests and limits in Kubernetes.

More: https://github.com/FairwindsOps/goldilocks

In this blog tutorial, you'll learn how to deploy RabbitMQ with High Availability in a Kubernetes cluster with the Messaging Topology Operator.

More: https://infracloud.io/blogs/setup-rabbitmq-ha-mode-kubernetes-operator

Learn how Mercedes-Benz runs a massive fleet of Kubernetes clusters (900) across four global data centers using OpenStack to support a wide range of project teams around the world.

More: https://infoworld.com/article/3664052/why-mercedes-benz-runs-on-900-kubernetes-clusters.html

In this walkthrough, you will run a basic Helm chart in Docker Desktop and try to identify the connection between that Helm chart, the Docker image used, and the service included in that Docker image.

More: https://anujarosha.medium.com/reverse-engineering-of-a-helm-chart-f912b97a255

In this article, you will discuss some common themes on the most cost-effective and frictionless ways of running containers, inside a Kubernetes cluster or not, offering a landscape view of what is available to get there.

More: https://dnastacio.medium.com/are-you-spending-too-much-on-kubernetes-179d703ec5c5