This tutorial covers External Secrets and working with internal and external secrets.
It also introduces encoding techniques and decoding methods.
More: https://blog.devops.dev/injecting-external-secrets-in-a-kubernetes-cluster-1e9bbe0f0d5b
It also introduces encoding techniques and decoding methods.
More: https://blog.devops.dev/injecting-external-secrets-in-a-kubernetes-cluster-1e9bbe0f0d5b
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
In this KubeFM episode, Kensei Kanada discusses Tortoise, an open-source project he developed to tackle Kubernetes resource optimizations.
You will learn:
- The complexities of resource optimization in Kubernetes, including the challenges of managing HPA, VPA, and manual tuning of resource requests and limits
- How Tortoise automates resource optimization by replacing HPA and VPA, reducing the need for manual intervention and continuous tuning
- The technical implementation of Tortoise, including its use of Custom Resource Definitions (CRDs) and how it interacts with existing Kubernetes components
Watch (or listen to) it here: https://kube.fm/tortoise-kensei
🌟 What's the best instance for your Kubernetes cluster?
Check out Learnk8s's Kubernetes Instance Calculator and find out: https://learnk8s.io/kubernetes-instance-calculator
With @Birthmarkb "But that's not Kubernetes" Farrell
You will learn:
- The complexities of resource optimization in Kubernetes, including the challenges of managing HPA, VPA, and manual tuning of resource requests and limits
- How Tortoise automates resource optimization by replacing HPA and VPA, reducing the need for manual intervention and continuous tuning
- The technical implementation of Tortoise, including its use of Custom Resource Definitions (CRDs) and how it interacts with existing Kubernetes components
Watch (or listen to) it here: https://kube.fm/tortoise-kensei
🌟 What's the best instance for your Kubernetes cluster?
Check out Learnk8s's Kubernetes Instance Calculator and find out: https://learnk8s.io/kubernetes-instance-calculator
With @Birthmarkb "But that's not Kubernetes" Farrell
This media is not supported in your browser
VIEW IN TELEGRAM
Zarf eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments.
More: https://github.com/defenseunicorns/zarf
More: https://github.com/defenseunicorns/zarf
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 96:
☝️ Fairness aware load distribution
📝 Kubernetes configuration in 2024
👂 Container communication inside a Kubernetes pod
🤔 What determines if a Kubernetes node is ready?
💨 Do pods really get evicted due to CPU pressure?
Read it now: https://learnk8s.io/issues/97
🌟 This newsletter issue is brought to you by VictoriaMetrics — a fast and scalable open-source time series database and monitoring solution. https://victoriametrics.com/?utm_campaign=LearnK8s&utm_medium=newsletter&utm_source=Learnk8s
☝️ Fairness aware load distribution
📝 Kubernetes configuration in 2024
👂 Container communication inside a Kubernetes pod
🤔 What determines if a Kubernetes node is ready?
💨 Do pods really get evicted due to CPU pressure?
Read it now: https://learnk8s.io/issues/97
🌟 This newsletter issue is brought to you by VictoriaMetrics — a fast and scalable open-source time series database and monitoring solution. https://victoriametrics.com/?utm_campaign=LearnK8s&utm_medium=newsletter&utm_source=Learnk8s
This article explores Kubernetes RBAC permissions that you might not know about but should be aware of.
You'll learn about specific verbs and how to use them to manage access and prevent misconfiguration.
More: https://thenewstack.io/kubernetes-rbac-permissions-you-might-not-know-about-but-should
You'll learn about specific verbs and how to use them to manage access and prevent misconfiguration.
More: https://thenewstack.io/kubernetes-rbac-permissions-you-might-not-know-about-but-should
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with ServiceNow
💰 $181.1K to $316.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/46e8c8b9-7122-4ba5-b2a6-a70d6089f758?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
👉 Browse all 1387 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with ServiceNow
💰 $181.1K to $316.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/46e8c8b9-7122-4ba5-b2a6-a70d6089f758?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
👉 Browse all 1387 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Why can't you ping a Kubernetes service?
Learnk8s runs a 4-day Advanced Kubernetes course on Sep 30, and you will get to the bottom of questions like this (spoiler: services only exist in etcd).
You will also learn the nitty-gritty details of Kubernetes networking:
- How to plan and design a cluster network.
- How do the four Kubernetes services extend each other, and what do you gain from each?
- How CoreDNS, Ingress, and kube-proxy consume the Kubernetes currency: endpoints.
This (and much more) is covered on the third day of the course.
You can find the full agenda, a breakdown of the modules and how to sign up here: https://kube.events/t/06d19f85-4645-42f7-87c5-040888900b9d
Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training
Learnk8s runs a 4-day Advanced Kubernetes course on Sep 30, and you will get to the bottom of questions like this (spoiler: services only exist in etcd).
You will also learn the nitty-gritty details of Kubernetes networking:
- How to plan and design a cluster network.
- How do the four Kubernetes services extend each other, and what do you gain from each?
- How CoreDNS, Ingress, and kube-proxy consume the Kubernetes currency: endpoints.
This (and much more) is covered on the third day of the course.
You can find the full agenda, a breakdown of the modules and how to sign up here: https://kube.events/t/06d19f85-4645-42f7-87c5-040888900b9d
Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training
kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication, also known as kubectl oidc-login.
More: https://github.com/int128/kubelogin
More: https://github.com/int128/kubelogin
Learn the differences between a process running as root (UID 0) and a containerized process running as root, and discover why running containerized root processes can increase security risks.
More: https://www.armosec.io/blog/root-process-vs-containerized-root-process
More: https://www.armosec.io/blog/root-process-vs-containerized-root-process
This article discusses the importance of a cloud native protection system in preventing business disruptions due to abnormal data plane releases and shares strategies for adapting to unique risks and preventing cascading deletion of root objects.
More: https://aws.plainenglish.io/bytedance-cloud-native-protection-system-practice-ac84e9443422?sk=22c9693c20caca567b6863ef9ede4377
More: https://aws.plainenglish.io/bytedance-cloud-native-protection-system-practice-ac84e9443422?sk=22c9693c20caca567b6863ef9ede4377
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Alexandre Souza, a senior platform engineer at Getir, explores the challenges of over-provisioning and under-provisioning and discusses strategies for optimizing resource allocation using tools like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA).
You will learn:
- How to set appropriate resource requests and limits to balance application performance and cost-efficiency in large-scale Kubernetes environments.
- Strategies for implementing and configuring Horizontal Pod Autoscaler (HPA), including scaling policies and behavior management.
- The differences between CPU and memory management in Kubernetes and their impact on workload performance.
Watch (or listen to) it here: https://kube.fm/hpa-at-scale-alex
🌟 This episode is sponsored by VictoriaMetrics. Start a free trial for VictoriaMetrics enterprise today https://victoriametrics.com/products/enterprise/?utm_campaign=LearnK8s&utm_medium=podcast&utm_source=Learnk8s
With @Birthmarkb "Peter Pan" Farrell
You will learn:
- How to set appropriate resource requests and limits to balance application performance and cost-efficiency in large-scale Kubernetes environments.
- Strategies for implementing and configuring Horizontal Pod Autoscaler (HPA), including scaling policies and behavior management.
- The differences between CPU and memory management in Kubernetes and their impact on workload performance.
Watch (or listen to) it here: https://kube.fm/hpa-at-scale-alex
🌟 This episode is sponsored by VictoriaMetrics. Start a free trial for VictoriaMetrics enterprise today https://victoriametrics.com/products/enterprise/?utm_campaign=LearnK8s&utm_medium=podcast&utm_source=Learnk8s
With @Birthmarkb "Peter Pan" Farrell
This article explores an alternative to long-lived credentials in EKS.
IAM Roles, EKS Pod Identity, OIDC Integration, IAM Roles Anywhere, AWS IAM Identity Center, and Service Account provide alternatives to long-lived credentials.
More: https://medium.com/mycloudseries/alternatives-to-long-lived-credentials-in-aws-29c2582b513f
IAM Roles, EKS Pod Identity, OIDC Integration, IAM Roles Anywhere, AWS IAM Identity Center, and Service Account provide alternatives to long-lived credentials.
More: https://medium.com/mycloudseries/alternatives-to-long-lived-credentials-in-aws-29c2582b513f
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 98:
🧐 AWS VPC Flow Logs, NAT Gateways, and Kubernetes pods: a detailed overview
🐳 How does a Docker container work internally?
📊 Kubernetes fine-grained horizontal pod autoscaling with Container Resource Metrics @Chimbu Chinnadurai
♻️ Rendering the TRUE Argo CD diff on your PRs
📦 What is the difference between a root process and a containerized root process?
Read it now: https://learnk8s.io/issues/98
🌟 Are you ready to double your Kubernetes resource utilization?
StormForge, the sponsor for this issue, has built an HPA-compatible vertical pod rightsizing solution designed to help you save Mem/CPU and optimize your cloud bill. You can try it for free here: https://stormforge.io/optimize-live/?utm_source=Learnk8s&utm_medium=email&utm_campaign=learnk8s-sow2-2024
🧐 AWS VPC Flow Logs, NAT Gateways, and Kubernetes pods: a detailed overview
🐳 How does a Docker container work internally?
📊 Kubernetes fine-grained horizontal pod autoscaling with Container Resource Metrics @Chimbu Chinnadurai
♻️ Rendering the TRUE Argo CD diff on your PRs
📦 What is the difference between a root process and a containerized root process?
Read it now: https://learnk8s.io/issues/98
🌟 Are you ready to double your Kubernetes resource utilization?
StormForge, the sponsor for this issue, has built an HPA-compatible vertical pod rightsizing solution designed to help you save Mem/CPU and optimize your cloud bill. You can try it for free here: https://stormforge.io/optimize-live/?utm_source=Learnk8s&utm_medium=email&utm_campaign=learnk8s-sow2-2024
This article demonstrates supply chain security:
- Cosign, Kyverno, and HashiCorp Vault to secure container images in Kubernetes
- GitLab CI to build, push, and sign images with Cosign and Vault.
- Kyverno to enforce policies for signature verification.
More: https://angapov.medium.com/kubernetes-container-images-signing-using-cosign-kyverno-hashicorp-vault-and-gitlab-ci-c4e2041d1310
- Cosign, Kyverno, and HashiCorp Vault to secure container images in Kubernetes
- GitLab CI to build, push, and sign images with Cosign and Vault.
- Kyverno to enforce policies for signature verification.
More: https://angapov.medium.com/kubernetes-container-images-signing-using-cosign-kyverno-hashicorp-vault-and-gitlab-ci-c4e2041d1310
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with ServiceNow
💰 $181.1K to $316.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/46e8c8b9-7122-4ba5-b2a6-a70d6089f758?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
👉 Browse all 1411 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with ServiceNow
💰 $181.1K to $316.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/46e8c8b9-7122-4ba5-b2a6-a70d6089f758?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
👉 Browse all 1411 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Why Kubernetes doesn't rebalance pods in nodes?
Learnk8s runs a 4-day Advanced Kubernetes course next week in London 🇬🇧, and you will get to the bottom of questions like this (spoiler: the scheduler allocates pods when created, and it doesn't re-evaluate decisions).
You will also learn the nitty-gritty details of the Kubernetes architecture:
- How pods can serve traffic even if the control plane is unavailable.
- Why does Kubernetes run a single controller manager and scheduler even in HA?
- Why does the kubelet prefer to poll for updates rather than the master dispatching events?
This (and much more) is covered on the second day of the course.
You can find the full agenda, a breakdown of the modules and how to sign up here: https://kube.events/t/06d19f85-4645-42f7-87c5-040888900b9d
Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training
Learnk8s runs a 4-day Advanced Kubernetes course next week in London 🇬🇧, and you will get to the bottom of questions like this (spoiler: the scheduler allocates pods when created, and it doesn't re-evaluate decisions).
You will also learn the nitty-gritty details of the Kubernetes architecture:
- How pods can serve traffic even if the control plane is unavailable.
- Why does Kubernetes run a single controller manager and scheduler even in HA?
- Why does the kubelet prefer to poll for updates rather than the master dispatching events?
This (and much more) is covered on the second day of the course.
You can find the full agenda, a breakdown of the modules and how to sign up here: https://kube.events/t/06d19f85-4645-42f7-87c5-040888900b9d
Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training
AWACS for RBAC (AWRBACS) provides a view of a cluster's RBAC by automating the retrieval of users and service accounts or providing a dump of users defined in LDAP.
It checks individual permissions on each resource in the cluster.
More: https://lobuhisec.medium.com/awrbacs-awacs-for-rbac-b6cb2ac75e3e
It checks individual permissions on each resource in the cluster.
More: https://lobuhisec.medium.com/awrbacs-awacs-for-rbac-b6cb2ac75e3e
vals-operator syncs secrets from any secrets store supported by vals into Kubernetes.
It works similarly to secrets-manager, but it supports more secret stores other than HashiCorp Vault.
More: https://github.com/digitalis-io/vals-operator
It works similarly to secrets-manager, but it supports more secret stores other than HashiCorp Vault.
More: https://github.com/digitalis-io/vals-operator
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Nicholas Morey, Senior Developer Advocate at Akuity, advises against managing your own secrets manager.
Drawing from personal experience, he highlights the challenges of misconfigurations, troubleshooting outages, and maintaining security.
Watch the full interview: https://kube.fm/kargo-gitops-nicholas
This interview is a reaction to Mac's episode https://kube.fm/kubernetes-secrets-mac
Drawing from personal experience, he highlights the challenges of misconfigurations, troubleshooting outages, and maintaining security.
Watch the full interview: https://kube.fm/kargo-gitops-nicholas
This interview is a reaction to Mac's episode https://kube.fm/kubernetes-secrets-mac
The article discusses container image sizes, security, and best practices.
It compares Alpine, Distroless, and Scratch images, highlighting their size, packages, and CVE differences. Chainguard, UBI Micro, and Chiseled are mentioned as alternatives.
More: https://medium.com/@mabenoit/alpine-distroless-or-scratch-caac35250e0b
It compares Alpine, Distroless, and Scratch images, highlighting their size, packages, and CVE differences. Chainguard, UBI Micro, and Chiseled are mentioned as alternatives.
More: https://medium.com/@mabenoit/alpine-distroless-or-scratch-caac35250e0b
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Eric Jalal, an independent consultant and Kubernetes developer, explains how Kubernetes is fundamentally built on familiar Linux features. He discusses why understanding Linux is crucial for working with Kubernetes and how this knowledge can simplify your approach to cloud-native technologies.
You will learn:
- Why Eric considers Kubernetes to be "just Linux" and how it wraps existing Linux technologies.
- The importance of understanding Linux fundamentals (file systems, networking, storage).
- How Kubernetes provides a standard and consistent interface for managing Linux-based infrastructure.
- Why learning Linux deeply can make Kubernetes adoption an incremental step rather than a giant leap.
Watch (or listen to) it here: https://kube.fm/kubernetes-just-linux-eric
🌟 This episode is sponsored by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training. https://learnk8s.io/training
With @Birthmarkb "Impactful voice" Farrell
You will learn:
- Why Eric considers Kubernetes to be "just Linux" and how it wraps existing Linux technologies.
- The importance of understanding Linux fundamentals (file systems, networking, storage).
- How Kubernetes provides a standard and consistent interface for managing Linux-based infrastructure.
- Why learning Linux deeply can make Kubernetes adoption an incremental step rather than a giant leap.
Watch (or listen to) it here: https://kube.fm/kubernetes-just-linux-eric
🌟 This episode is sponsored by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training. https://learnk8s.io/training
With @Birthmarkb "Impactful voice" Farrell