kube-lock sits as an intermediary between you and kubectl, allowing you to lock and unlock contexts.
It prevents misfires to production / high-value Kubernetes clusters that you might have strong IAM privileges on.
More: https://github.com/chaosinthecrd/kube-lock
It prevents misfires to production / high-value Kubernetes clusters that you might have strong IAM privileges on.
More: https://github.com/chaosinthecrd/kube-lock
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Credit Karma
💰 $190K to $270K a year
🏠 From the office in Oakland, CA, USA
→ https://kube.careers/t/2399bd1d-f5f3-4ac2-bdf8-e2d75b45348e?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 658 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Credit Karma
💰 $190K to $270K a year
🏠 From the office in Oakland, CA, USA
→ https://kube.careers/t/2399bd1d-f5f3-4ac2-bdf8-e2d75b45348e?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 658 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
In this episode, Jen, a Technical Marketing Engineer at Tigera, discusses the complexities of adopting network policies.
She shares her initial struggles due to a lack of familiarity, highlighting the learning curve of implementing something new.
From her experience, Jennifer notes that network policies can initially seem daunting but become manageable with experience and a proper organizational setup.
Watch the full episode: https://kube.fm/network-observability-jen
She shares her initial struggles due to a lack of familiarity, highlighting the learning curve of implementing something new.
From her experience, Jennifer notes that network policies can initially seem daunting but become manageable with experience and a proper organizational setup.
Watch the full episode: https://kube.fm/network-observability-jen
The article discusses using OAuth2 Proxy with Traefik in Kubernetes.
The process involves configuring Traefik and OAuth2 Proxy and using Traefik's forwardAuth middleware.
More: https://medium.com/@mike.schouw/how-to-run-oauth2-proxy-with-traefik-in-kubernetes-using-helm-and-terraform-85c39dddcd44
The process involves configuring Traefik and OAuth2 Proxy and using Traefik's forwardAuth middleware.
More: https://medium.com/@mike.schouw/how-to-run-oauth2-proxy-with-traefik-in-kubernetes-using-helm-and-terraform-85c39dddcd44
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start next week: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start next week: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
This article explores Azure security, using a use case of Azure File share mount on AKS as an example.
The author shares valuable insights gleaned from troubleshooting and comprehending Azure's complex security mechanisms.
More: https://medium.com/@connectwithneeraj/decoding-azure-security-with-an-interesting-use-case-azure-file-share-mount-on-aks-workloads-2cb50bcf1c8a
The author shares valuable insights gleaned from troubleshooting and comprehending Azure's complex security mechanisms.
More: https://medium.com/@connectwithneeraj/decoding-azure-security-with-an-interesting-use-case-azure-file-share-mount-on-aks-workloads-2cb50bcf1c8a
k8s-cluster-checker is a bundle of Python noscripts which can be used to analyze:
- OS version(supports flatcar OS, coreOS & Ubuntu only)
- Kubernetes version
- Docker version
- Admission Controllers
- Security context
- Health probes
And more.
More: https://github.com/dguyhasnoname/k8s-cluster-checker
- OS version(supports flatcar OS, coreOS & Ubuntu only)
- Kubernetes version
- Docker version
- Admission Controllers
- Security context
- Health probes
And more.
More: https://github.com/dguyhasnoname/k8s-cluster-checker
This tutorial covers setting up GitHub workflows to deploy to GKE with Terraform and Workload Identity Federation to avoid service account keys.
More: https://medium.com/@alexey.inkin/making-github-workflows-to-deploy-to-gke-with-terraform-and-workload-identity-federation-074ac83b899c
More: https://medium.com/@alexey.inkin/making-github-workflows-to-deploy-to-gke-with-terraform-and-workload-identity-federation-074ac83b899c
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
💯 Managing 100s of Kubernetes clusters using Cluster API
🚫 When Kubernetes and Go don't work well together
🐓 What we learned from launching edge compute from enterprise architecture
🩺 Kubernetes probes done wrong
ƛ Lambda versus containers
Read it now: https://learnk8s.io/issues/89
🌟 What if you could visualize and map the traffic before enforcing Network Policies?
Then, you should check out the sponsor of this issue: Otterize. Otterize helps you automate Network Policies, Kafka ACLs, certificates and AWS IAMs https://otterize.com/?utm_medium=newsletter&utm_source=learnk8s
💯 Managing 100s of Kubernetes clusters using Cluster API
🚫 When Kubernetes and Go don't work well together
🐓 What we learned from launching edge compute from enterprise architecture
🩺 Kubernetes probes done wrong
ƛ Lambda versus containers
Read it now: https://learnk8s.io/issues/89
🌟 What if you could visualize and map the traffic before enforcing Network Policies?
Then, you should check out the sponsor of this issue: Otterize. Otterize helps you automate Network Policies, Kafka ACLs, certificates and AWS IAMs https://otterize.com/?utm_medium=newsletter&utm_source=learnk8s
Inclavare Containers is a container runtime with a novel approach for launching protected containers in hardware-assisted Trusted Execution Environments, which can prevent an untrusted entity from accessing sensitive and confidential assets.
More: https://github.com/inclavare-containers/inclavare-containers
More: https://github.com/inclavare-containers/inclavare-containers
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with CVS Health
💰 $185.4K to $376K a year
🏠🏃🏻♂️🌎 Woonsocket, RI, USA
→ https://kube.careers/t/2dfd9c01-e497-4597-acc1-5a552840ef94?s=55
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
👉 Browse all 931 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with CVS Health
💰 $185.4K to $376K a year
🏠🏃🏻♂️🌎 Woonsocket, RI, USA
→ https://kube.careers/t/2dfd9c01-e497-4597-acc1-5a552840ef94?s=55
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
👉 Browse all 931 Kubernetes jobs on Kube Careers https://kube.careers
The article discusses using Kyverno for Kubernetes policy management.
It covers different types of policies, including validate, mutate, generate, and verify image rules.
The author also provides examples of how these policies can be implemented.
More: https://devopsforyou.com/kyverno-for-kubernetes-policy-management-part-2-186599f82bf
It covers different types of policies, including validate, mutate, generate, and verify image rules.
The author also provides examples of how these policies can be implemented.
More: https://devopsforyou.com/kyverno-for-kubernetes-policy-management-part-2-186599f82bf
This article provides a step-by-step guide to securing a Kubernetes cluster with OPA Gatekeeper.
You will learn how to install it, enforce policies, and monitor constraint status.
More: https://itnext.io/securing-kubernetes-with-opa-gatekeeper-4f2e05c441a4
You will learn how to install it, enforce policies, and monitor constraint status.
More: https://itnext.io/securing-kubernetes-with-opa-gatekeeper-4f2e05c441a4
Seccomp and AppArmor are common Linux security modules which Kubernetes supports to limit container workload exposure to the kernel.
Learn how to configure them in this article.
More: https://medium.com/@noah_h/kubernetes-security-tools-seccomp-apparmor-586fdc61e6d9
Learn how to configure them in this article.
More: https://medium.com/@noah_h/kubernetes-security-tools-seccomp-apparmor-586fdc61e6d9
Tugger is Kubernetes Admission webhook to enforce pulling of docker images from private registries.
More: https://github.com/jainishshah17/tugger
More: https://github.com/jainishshah17/tugger
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
👩⚕️ How to monitor containerd
🐾 Tracing Kubernetes Services
🤔 How the CSI (container storage interface) works
😈 The hater's guide to Kubernetes
🤯 Demystified node surge upgrade in GKE
Read it now: https://learnk8s.io/issues/90
🌟 LoxiLB turns Kubernetes network load balancing into high-speed, flexible and programmable Load Balancer services. LoxiLB is open source and is also the sponsor of this newsletter. You can check out the project here: https://www.loxilb.io/?utm_source=learnk8s&utm_medium=newsletter
👩⚕️ How to monitor containerd
🐾 Tracing Kubernetes Services
🤔 How the CSI (container storage interface) works
😈 The hater's guide to Kubernetes
🤯 Demystified node surge upgrade in GKE
Read it now: https://learnk8s.io/issues/90
🌟 LoxiLB turns Kubernetes network load balancing into high-speed, flexible and programmable Load Balancer services. LoxiLB is open source and is also the sponsor of this newsletter. You can check out the project here: https://www.loxilb.io/?utm_source=learnk8s&utm_medium=newsletter
This article discusses implementing authentication and authorization using Istio and OPA.
It also explains how to integrate with Helm so that developers can self-serve.
More: https://medium.com/@oryan.peer_72893/authentication-and-authorization-with-istio-and-opa-on-kubernetes-d4452508897c
It also explains how to integrate with Helm so that developers can self-serve.
More: https://medium.com/@oryan.peer_72893/authentication-and-authorization-with-istio-and-opa-on-kubernetes-d4452508897c
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Trace3
💰 $240K to $290K a year
👨💻 Remote from the United States
→ https://kube.careers/t/d8c90922-9fb6-4a53-bf4d-0e4ac006bed0?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
👉 Browse all 1163 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Trace3
💰 $240K to $290K a year
👨💻 Remote from the United States
→ https://kube.careers/t/d8c90922-9fb6-4a53-bf4d-0e4ac006bed0?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
👉 Browse all 1163 Kubernetes jobs on Kube Careers https://kube.careers
Dealing with security issues in containers and Kubernetes is an essential engineering skill.
In this article, you will learn how to use a simulator to practice DevSecOps for free and in an engaging manner.
More: https://blog.palark.com/kubernetes-security-practical-training-simulator
In this article, you will learn how to use a simulator to practice DevSecOps for free and in an engaging manner.
More: https://blog.palark.com/kubernetes-security-practical-training-simulator
Forwarded from Kube Architect
helm-secrets is a Helm plugin for decrypting encrypted Helm value files on the fly.
- Use SOPS to encrypt value files and store them in git.
- Store your secrets in a cloud native secret manager and inject them inside value files or templates.
More: https://github.com/jkroepke/helm-secrets
- Use SOPS to encrypt value files and store them in git.
- Store your secrets in a cloud native secret manager and inject them inside value files or templates.
More: https://github.com/jkroepke/helm-secrets
This tutorial demonstrates how to protect an application using Istio, from initial setup to adding security features to the ingress gateway.
More: https://medium.com/@marc.guerrini/diy-istio-validate-jwt-1ffbd488b1f3
More: https://medium.com/@marc.guerrini/diy-istio-validate-jwt-1ffbd488b1f3