This article explores Azure security, using a use case of Azure File share mount on AKS as an example.
The author shares valuable insights gleaned from troubleshooting and comprehending Azure's complex security mechanisms.
More: https://medium.com/@connectwithneeraj/decoding-azure-security-with-an-interesting-use-case-azure-file-share-mount-on-aks-workloads-2cb50bcf1c8a
The author shares valuable insights gleaned from troubleshooting and comprehending Azure's complex security mechanisms.
More: https://medium.com/@connectwithneeraj/decoding-azure-security-with-an-interesting-use-case-azure-file-share-mount-on-aks-workloads-2cb50bcf1c8a
k8s-cluster-checker is a bundle of Python noscripts which can be used to analyze:
- OS version(supports flatcar OS, coreOS & Ubuntu only)
- Kubernetes version
- Docker version
- Admission Controllers
- Security context
- Health probes
And more.
More: https://github.com/dguyhasnoname/k8s-cluster-checker
- OS version(supports flatcar OS, coreOS & Ubuntu only)
- Kubernetes version
- Docker version
- Admission Controllers
- Security context
- Health probes
And more.
More: https://github.com/dguyhasnoname/k8s-cluster-checker
This tutorial covers setting up GitHub workflows to deploy to GKE with Terraform and Workload Identity Federation to avoid service account keys.
More: https://medium.com/@alexey.inkin/making-github-workflows-to-deploy-to-gke-with-terraform-and-workload-identity-federation-074ac83b899c
More: https://medium.com/@alexey.inkin/making-github-workflows-to-deploy-to-gke-with-terraform-and-workload-identity-federation-074ac83b899c
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
💯 Managing 100s of Kubernetes clusters using Cluster API
🚫 When Kubernetes and Go don't work well together
🐓 What we learned from launching edge compute from enterprise architecture
🩺 Kubernetes probes done wrong
ƛ Lambda versus containers
Read it now: https://learnk8s.io/issues/89
🌟 What if you could visualize and map the traffic before enforcing Network Policies?
Then, you should check out the sponsor of this issue: Otterize. Otterize helps you automate Network Policies, Kafka ACLs, certificates and AWS IAMs https://otterize.com/?utm_medium=newsletter&utm_source=learnk8s
💯 Managing 100s of Kubernetes clusters using Cluster API
🚫 When Kubernetes and Go don't work well together
🐓 What we learned from launching edge compute from enterprise architecture
🩺 Kubernetes probes done wrong
ƛ Lambda versus containers
Read it now: https://learnk8s.io/issues/89
🌟 What if you could visualize and map the traffic before enforcing Network Policies?
Then, you should check out the sponsor of this issue: Otterize. Otterize helps you automate Network Policies, Kafka ACLs, certificates and AWS IAMs https://otterize.com/?utm_medium=newsletter&utm_source=learnk8s
Inclavare Containers is a container runtime with a novel approach for launching protected containers in hardware-assisted Trusted Execution Environments, which can prevent an untrusted entity from accessing sensitive and confidential assets.
More: https://github.com/inclavare-containers/inclavare-containers
More: https://github.com/inclavare-containers/inclavare-containers
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with CVS Health
💰 $185.4K to $376K a year
🏠🏃🏻♂️🌎 Woonsocket, RI, USA
→ https://kube.careers/t/2dfd9c01-e497-4597-acc1-5a552840ef94?s=55
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
👉 Browse all 931 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with CVS Health
💰 $185.4K to $376K a year
🏠🏃🏻♂️🌎 Woonsocket, RI, USA
→ https://kube.careers/t/2dfd9c01-e497-4597-acc1-5a552840ef94?s=55
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
👉 Browse all 931 Kubernetes jobs on Kube Careers https://kube.careers
The article discusses using Kyverno for Kubernetes policy management.
It covers different types of policies, including validate, mutate, generate, and verify image rules.
The author also provides examples of how these policies can be implemented.
More: https://devopsforyou.com/kyverno-for-kubernetes-policy-management-part-2-186599f82bf
It covers different types of policies, including validate, mutate, generate, and verify image rules.
The author also provides examples of how these policies can be implemented.
More: https://devopsforyou.com/kyverno-for-kubernetes-policy-management-part-2-186599f82bf
This article provides a step-by-step guide to securing a Kubernetes cluster with OPA Gatekeeper.
You will learn how to install it, enforce policies, and monitor constraint status.
More: https://itnext.io/securing-kubernetes-with-opa-gatekeeper-4f2e05c441a4
You will learn how to install it, enforce policies, and monitor constraint status.
More: https://itnext.io/securing-kubernetes-with-opa-gatekeeper-4f2e05c441a4
Seccomp and AppArmor are common Linux security modules which Kubernetes supports to limit container workload exposure to the kernel.
Learn how to configure them in this article.
More: https://medium.com/@noah_h/kubernetes-security-tools-seccomp-apparmor-586fdc61e6d9
Learn how to configure them in this article.
More: https://medium.com/@noah_h/kubernetes-security-tools-seccomp-apparmor-586fdc61e6d9
Tugger is Kubernetes Admission webhook to enforce pulling of docker images from private registries.
More: https://github.com/jainishshah17/tugger
More: https://github.com/jainishshah17/tugger
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
👩⚕️ How to monitor containerd
🐾 Tracing Kubernetes Services
🤔 How the CSI (container storage interface) works
😈 The hater's guide to Kubernetes
🤯 Demystified node surge upgrade in GKE
Read it now: https://learnk8s.io/issues/90
🌟 LoxiLB turns Kubernetes network load balancing into high-speed, flexible and programmable Load Balancer services. LoxiLB is open source and is also the sponsor of this newsletter. You can check out the project here: https://www.loxilb.io/?utm_source=learnk8s&utm_medium=newsletter
👩⚕️ How to monitor containerd
🐾 Tracing Kubernetes Services
🤔 How the CSI (container storage interface) works
😈 The hater's guide to Kubernetes
🤯 Demystified node surge upgrade in GKE
Read it now: https://learnk8s.io/issues/90
🌟 LoxiLB turns Kubernetes network load balancing into high-speed, flexible and programmable Load Balancer services. LoxiLB is open source and is also the sponsor of this newsletter. You can check out the project here: https://www.loxilb.io/?utm_source=learnk8s&utm_medium=newsletter
This article discusses implementing authentication and authorization using Istio and OPA.
It also explains how to integrate with Helm so that developers can self-serve.
More: https://medium.com/@oryan.peer_72893/authentication-and-authorization-with-istio-and-opa-on-kubernetes-d4452508897c
It also explains how to integrate with Helm so that developers can self-serve.
More: https://medium.com/@oryan.peer_72893/authentication-and-authorization-with-istio-and-opa-on-kubernetes-d4452508897c
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Trace3
💰 $240K to $290K a year
👨💻 Remote from the United States
→ https://kube.careers/t/d8c90922-9fb6-4a53-bf4d-0e4ac006bed0?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
👉 Browse all 1163 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Trace3
💰 $240K to $290K a year
👨💻 Remote from the United States
→ https://kube.careers/t/d8c90922-9fb6-4a53-bf4d-0e4ac006bed0?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
👉 Browse all 1163 Kubernetes jobs on Kube Careers https://kube.careers
Dealing with security issues in containers and Kubernetes is an essential engineering skill.
In this article, you will learn how to use a simulator to practice DevSecOps for free and in an engaging manner.
More: https://blog.palark.com/kubernetes-security-practical-training-simulator
In this article, you will learn how to use a simulator to practice DevSecOps for free and in an engaging manner.
More: https://blog.palark.com/kubernetes-security-practical-training-simulator
Forwarded from Kube Architect
helm-secrets is a Helm plugin for decrypting encrypted Helm value files on the fly.
- Use SOPS to encrypt value files and store them in git.
- Store your secrets in a cloud native secret manager and inject them inside value files or templates.
More: https://github.com/jkroepke/helm-secrets
- Use SOPS to encrypt value files and store them in git.
- Store your secrets in a cloud native secret manager and inject them inside value files or templates.
More: https://github.com/jkroepke/helm-secrets
This tutorial demonstrates how to protect an application using Istio, from initial setup to adding security features to the ingress gateway.
More: https://medium.com/@marc.guerrini/diy-istio-validate-jwt-1ffbd488b1f3
More: https://medium.com/@marc.guerrini/diy-istio-validate-jwt-1ffbd488b1f3
Kyverno is a policy engine designed for Kubernetes.
It can validate, mutate, and generate configurations using admission controls and background scans.
Kyverno policies are Kubernetes resources and do not require learning a new language.
More: https://github.com/kyverno/kyverno
It can validate, mutate, and generate configurations using admission controls and background scans.
Kyverno policies are Kubernetes resources and do not require learning a new language.
More: https://github.com/kyverno/kyverno
In this article, you will learn how to manage secrets in GitOps using the
More: https://mirceanton.com/posts/doing-secrets-the-gitops-way
age encryption tool.More: https://mirceanton.com/posts/doing-secrets-the-gitops-way
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 91:
🛞 ServiceRouter: hyperscale and minimal cost service mesh at Meta
🚀 4 ways to reduce cold-start-latency on GKE
📝 Managing Cluster API with kluctl
💎 Varnish sharding with Istio in Kubernetes
⛔️ Authentication and authorization with Istio and OPA on Kubernetes
Read it now: https://learnk8s.io/issues/91
🌟 Are you ready to double your Kubernetes resource utilization?
StormForge, the sponsor for this issue, has built an HPA-compatible vertical pod rightsizing solution designed to help you save Mem/CPU and optimize your cloud bill. You can try it for free here: https://www.stormforge.io/?utm_source=Learnk8s&utm_medium=newsletter&utm_campaign=LearnK8s-Q2-27
🛞 ServiceRouter: hyperscale and minimal cost service mesh at Meta
🚀 4 ways to reduce cold-start-latency on GKE
📝 Managing Cluster API with kluctl
💎 Varnish sharding with Istio in Kubernetes
⛔️ Authentication and authorization with Istio and OPA on Kubernetes
Read it now: https://learnk8s.io/issues/91
🌟 Are you ready to double your Kubernetes resource utilization?
StormForge, the sponsor for this issue, has built an HPA-compatible vertical pod rightsizing solution designed to help you save Mem/CPU and optimize your cloud bill. You can try it for free here: https://www.stormforge.io/?utm_source=Learnk8s&utm_medium=newsletter&utm_campaign=LearnK8s-Q2-27
Permission Manager is an application that enables a super-easy and user-friendly RBAC management for Kubernetes.
With Permission Manager, you can create users, assign namespaces/permissions, and distribute Kubeconfig YAML files via a nice & easy web UI.
More: https://github.com/sighupio/permission-manager
With Permission Manager, you can create users, assign namespaces/permissions, and distribute Kubeconfig YAML files via a nice & easy web UI.
More: https://github.com/sighupio/permission-manager
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Trace3
💰 $240K to $290K a year
👨💻 Remote from the United States
→ https://kube.careers/t/d8c90922-9fb6-4a53-bf4d-0e4ac006bed0?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
👉 Browse all 1245 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Trace3
💰 $240K to $290K a year
👨💻 Remote from the United States
→ https://kube.careers/t/d8c90922-9fb6-4a53-bf4d-0e4ac006bed0?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
DevSecOps Engineer with Scale AI
💰 $212K to $254.4K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55
DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55
👉 Browse all 1245 Kubernetes jobs on Kube Careers https://kube.careers