Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start on Jul 25: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start on Jul 25: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
Forwarded from LearnKube news
This article discusses setting up a Validating Admission Webhook in Kubernetes to ensure system resource validity.
It covers configuring the webhook, deploying to Kubernetes, and testing the setup using Nginx containers.
More: https://adil.medium.com/how-to-set-up-a-validating-admission-webhook-on-kubernetes-bd0733bfcb51
It covers configuring the webhook, deploying to Kubernetes, and testing the setup using Nginx containers.
More: https://adil.medium.com/how-to-set-up-a-validating-admission-webhook-on-kubernetes-bd0733bfcb51
The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password.
The operator also handles auto-restarting deployments when 1Password items are updated.
More: https://github.com/1Password/onepassword-operator
The operator also handles auto-restarting deployments when 1Password items are updated.
More: https://github.com/1Password/onepassword-operator
This article provides a guide on creating a secure supply chain in Kubernetes using the Supply Chain Levels for Software Artifacts (SLSA) framework.
More: https://medium.com/@jp-gouin/how-to-create-a-multi-clusters-secure-supply-chain-slsa-3-in-10min-oss-edition-2059aa39790b
More: https://medium.com/@jp-gouin/how-to-create-a-multi-clusters-secure-supply-chain-slsa-3-in-10min-oss-edition-2059aa39790b
While experimenting with Open Cluster Manager, Andy inadvertently deleted the cluster-admin ClusterRole and ClusterRoleBinding.
Learn how he recovered from this unfortunate situation.
More: https://clubanderson.medium.com/dont-delete-cluster-admin-clusterrole-and-clusterrolebinding-uggh-too-late-5b83daeacc4f
Learn how he recovered from this unfortunate situation.
More: https://clubanderson.medium.com/dont-delete-cluster-admin-clusterrole-and-clusterrolebinding-uggh-too-late-5b83daeacc4f
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🕵️ Inside EKS networking: decoding the service IP journey
🥊 Argo CD vs Flux CD
🔫 Kubernetes silent pod killer
🤗 Embracing cgroup V2: best practices for migrating Kubernetes clusters to AlmaLinux
🔝 BGP ,Cilium, and FRR: top of rack for all!
Read it now: https://learnk8s.io/issues/87
🙏 Many thanks to SideroLabs for supporting our work and sponsoring this issue. Make sure to check out Omni to manage Kubernetes on bare metal, virtual machines, or in a cloud https://www.siderolabs.com/platform/saas-for-kubernetes?utm_source=learnk8s
🕵️ Inside EKS networking: decoding the service IP journey
🥊 Argo CD vs Flux CD
🔫 Kubernetes silent pod killer
🤗 Embracing cgroup V2: best practices for migrating Kubernetes clusters to AlmaLinux
🔝 BGP ,Cilium, and FRR: top of rack for all!
Read it now: https://learnk8s.io/issues/87
🙏 Many thanks to SideroLabs for supporting our work and sponsoring this issue. Make sure to check out Omni to manage Kubernetes on bare metal, virtual machines, or in a cloud https://www.siderolabs.com/platform/saas-for-kubernetes?utm_source=learnk8s
MKAT is an all-in-one auditing toolkit for identifying common security issues within managed Kubernetes environments.
More: https://github.com/DataDog/managed-kubernetes-auditing-toolkit
More: https://github.com/DataDog/managed-kubernetes-auditing-toolkit
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 438 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 438 Kubernetes jobs on Kube Careers https://kube.careers
The article discusses configuring users and groups in Kubernetes, the role-based access control (RBAC) mechanism, and using kubectl to check API access.
More: https://blog.adityasamant.dev/users-groups-roles-and-api-access-in-kubernetes
More: https://blog.adityasamant.dev/users-groups-roles-and-api-access-in-kubernetes
vals-operator syncs secrets from any secrets store supported by vals into Kubernetes.
It works similarly to secrets-manager, but it supports more secret stores other than HashiCorp Vault.
More: https://github.com/digitalis-io/vals-operator
It works similarly to secrets-manager, but it supports more secret stores other than HashiCorp Vault.
More: https://github.com/digitalis-io/vals-operator
Forwarded from LearnKube news
This media is not supported in your browser
VIEW IN TELEGRAM
How do you choose the best instance type for your Kubernetes cluster?
When using an 8 GB/2vCPU instance, are all the memory and CPU available to pods?
The Kubernetes instance calculator answers those questions and a lot more! https://learnk8s.io/kubernetes-instance-calculator
This is what you can do:
💰 Estimate costs for your workloads based on requests and instance sizes.
🔝 Explore instance overcommitment and efficiency.
📈 Identify over and underspending by model error rates on your actual memory and CPU usage.
⚖️ Compare instances between different cloud providers.
You can find the Kubernetes instance calculator here: https://learnk8s.io/kubernetes-instance-calculator
When using an 8 GB/2vCPU instance, are all the memory and CPU available to pods?
The Kubernetes instance calculator answers those questions and a lot more! https://learnk8s.io/kubernetes-instance-calculator
This is what you can do:
💰 Estimate costs for your workloads based on requests and instance sizes.
🔝 Explore instance overcommitment and efficiency.
📈 Identify over and underspending by model error rates on your actual memory and CPU usage.
⚖️ Compare instances between different cloud providers.
You can find the Kubernetes instance calculator here: https://learnk8s.io/kubernetes-instance-calculator
The article highlights the criticality of whitelisting image registries for cluster security, emphasizing trusted images from secure sources like DockerHub, Redhat Catalog, and GitHub Container Registry.
More: https://medium.com/@alparslanuysal/whitelisting-image-registries-44150c86c4ac
More: https://medium.com/@alparslanuysal/whitelisting-image-registries-44150c86c4ac
Reflector is a Kubernetes addon designed to monitor changes to resources (Secrets and ConfigMaps) and reflect changes to mirror resources in the same or other namespaces.
More: https://github.com/emberstack/kubernetes-reflector
More: https://github.com/emberstack/kubernetes-reflector
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🧮 Kubernetes instance calculator
💰 Kubernetes cost benchmark report 2024
📕 Practical guide to Kubernetes API
🛟 ETCD: DR solution
📉 How to massively reduce Prometheus load and cardinality by only using Istio labels you need
🙉 ConfigMap conundrum: subtleties of dynamic updates in Kubernetes configurations
Read it now: https://learnk8s.io/issues/88
🧮 Kubernetes instance calculator
💰 Kubernetes cost benchmark report 2024
📕 Practical guide to Kubernetes API
🛟 ETCD: DR solution
📉 How to massively reduce Prometheus load and cardinality by only using Istio labels you need
🙉 ConfigMap conundrum: subtleties of dynamic updates in Kubernetes configurations
Read it now: https://learnk8s.io/issues/88
kube-lock sits as an intermediary between you and kubectl, allowing you to lock and unlock contexts.
It prevents misfires to production / high-value Kubernetes clusters that you might have strong IAM privileges on.
More: https://github.com/chaosinthecrd/kube-lock
It prevents misfires to production / high-value Kubernetes clusters that you might have strong IAM privileges on.
More: https://github.com/chaosinthecrd/kube-lock
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Credit Karma
💰 $190K to $270K a year
🏠 From the office in Oakland, CA, USA
→ https://kube.careers/t/2399bd1d-f5f3-4ac2-bdf8-e2d75b45348e?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 658 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Credit Karma
💰 $190K to $270K a year
🏠 From the office in Oakland, CA, USA
→ https://kube.careers/t/2399bd1d-f5f3-4ac2-bdf8-e2d75b45348e?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 658 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
In this episode, Jen, a Technical Marketing Engineer at Tigera, discusses the complexities of adopting network policies.
She shares her initial struggles due to a lack of familiarity, highlighting the learning curve of implementing something new.
From her experience, Jennifer notes that network policies can initially seem daunting but become manageable with experience and a proper organizational setup.
Watch the full episode: https://kube.fm/network-observability-jen
She shares her initial struggles due to a lack of familiarity, highlighting the learning curve of implementing something new.
From her experience, Jennifer notes that network policies can initially seem daunting but become manageable with experience and a proper organizational setup.
Watch the full episode: https://kube.fm/network-observability-jen
The article discusses using OAuth2 Proxy with Traefik in Kubernetes.
The process involves configuring Traefik and OAuth2 Proxy and using Traefik's forwardAuth middleware.
More: https://medium.com/@mike.schouw/how-to-run-oauth2-proxy-with-traefik-in-kubernetes-using-helm-and-terraform-85c39dddcd44
The process involves configuring Traefik and OAuth2 Proxy and using Traefik's forwardAuth middleware.
More: https://medium.com/@mike.schouw/how-to-run-oauth2-proxy-with-traefik-in-kubernetes-using-helm-and-terraform-85c39dddcd44
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start next week: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start next week: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
This article explores Azure security, using a use case of Azure File share mount on AKS as an example.
The author shares valuable insights gleaned from troubleshooting and comprehending Azure's complex security mechanisms.
More: https://medium.com/@connectwithneeraj/decoding-azure-security-with-an-interesting-use-case-azure-file-share-mount-on-aks-workloads-2cb50bcf1c8a
The author shares valuable insights gleaned from troubleshooting and comprehending Azure's complex security mechanisms.
More: https://medium.com/@connectwithneeraj/decoding-azure-security-with-an-interesting-use-case-azure-file-share-mount-on-aks-workloads-2cb50bcf1c8a
k8s-cluster-checker is a bundle of Python noscripts which can be used to analyze:
- OS version(supports flatcar OS, coreOS & Ubuntu only)
- Kubernetes version
- Docker version
- Admission Controllers
- Security context
- Health probes
And more.
More: https://github.com/dguyhasnoname/k8s-cluster-checker
- OS version(supports flatcar OS, coreOS & Ubuntu only)
- Kubernetes version
- Docker version
- Admission Controllers
- Security context
- Health probes
And more.
More: https://github.com/dguyhasnoname/k8s-cluster-checker