Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with ServiceNow
💰 $181.1K to $316.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/46e8c8b9-7122-4ba5-b2a6-a70d6089f758?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
👉 Browse all 1411 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with ServiceNow
💰 $181.1K to $316.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/46e8c8b9-7122-4ba5-b2a6-a70d6089f758?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
👉 Browse all 1411 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Why Kubernetes doesn't rebalance pods in nodes?
Learnk8s runs a 4-day Advanced Kubernetes course next week in London 🇬🇧, and you will get to the bottom of questions like this (spoiler: the scheduler allocates pods when created, and it doesn't re-evaluate decisions).
You will also learn the nitty-gritty details of the Kubernetes architecture:
- How pods can serve traffic even if the control plane is unavailable.
- Why does Kubernetes run a single controller manager and scheduler even in HA?
- Why does the kubelet prefer to poll for updates rather than the master dispatching events?
This (and much more) is covered on the second day of the course.
You can find the full agenda, a breakdown of the modules and how to sign up here: https://kube.events/t/06d19f85-4645-42f7-87c5-040888900b9d
Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training
Learnk8s runs a 4-day Advanced Kubernetes course next week in London 🇬🇧, and you will get to the bottom of questions like this (spoiler: the scheduler allocates pods when created, and it doesn't re-evaluate decisions).
You will also learn the nitty-gritty details of the Kubernetes architecture:
- How pods can serve traffic even if the control plane is unavailable.
- Why does Kubernetes run a single controller manager and scheduler even in HA?
- Why does the kubelet prefer to poll for updates rather than the master dispatching events?
This (and much more) is covered on the second day of the course.
You can find the full agenda, a breakdown of the modules and how to sign up here: https://kube.events/t/06d19f85-4645-42f7-87c5-040888900b9d
Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training
AWACS for RBAC (AWRBACS) provides a view of a cluster's RBAC by automating the retrieval of users and service accounts or providing a dump of users defined in LDAP.
It checks individual permissions on each resource in the cluster.
More: https://lobuhisec.medium.com/awrbacs-awacs-for-rbac-b6cb2ac75e3e
It checks individual permissions on each resource in the cluster.
More: https://lobuhisec.medium.com/awrbacs-awacs-for-rbac-b6cb2ac75e3e
vals-operator syncs secrets from any secrets store supported by vals into Kubernetes.
It works similarly to secrets-manager, but it supports more secret stores other than HashiCorp Vault.
More: https://github.com/digitalis-io/vals-operator
It works similarly to secrets-manager, but it supports more secret stores other than HashiCorp Vault.
More: https://github.com/digitalis-io/vals-operator
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Nicholas Morey, Senior Developer Advocate at Akuity, advises against managing your own secrets manager.
Drawing from personal experience, he highlights the challenges of misconfigurations, troubleshooting outages, and maintaining security.
Watch the full interview: https://kube.fm/kargo-gitops-nicholas
This interview is a reaction to Mac's episode https://kube.fm/kubernetes-secrets-mac
Drawing from personal experience, he highlights the challenges of misconfigurations, troubleshooting outages, and maintaining security.
Watch the full interview: https://kube.fm/kargo-gitops-nicholas
This interview is a reaction to Mac's episode https://kube.fm/kubernetes-secrets-mac
The article discusses container image sizes, security, and best practices.
It compares Alpine, Distroless, and Scratch images, highlighting their size, packages, and CVE differences. Chainguard, UBI Micro, and Chiseled are mentioned as alternatives.
More: https://medium.com/@mabenoit/alpine-distroless-or-scratch-caac35250e0b
It compares Alpine, Distroless, and Scratch images, highlighting their size, packages, and CVE differences. Chainguard, UBI Micro, and Chiseled are mentioned as alternatives.
More: https://medium.com/@mabenoit/alpine-distroless-or-scratch-caac35250e0b
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Eric Jalal, an independent consultant and Kubernetes developer, explains how Kubernetes is fundamentally built on familiar Linux features. He discusses why understanding Linux is crucial for working with Kubernetes and how this knowledge can simplify your approach to cloud-native technologies.
You will learn:
- Why Eric considers Kubernetes to be "just Linux" and how it wraps existing Linux technologies.
- The importance of understanding Linux fundamentals (file systems, networking, storage).
- How Kubernetes provides a standard and consistent interface for managing Linux-based infrastructure.
- Why learning Linux deeply can make Kubernetes adoption an incremental step rather than a giant leap.
Watch (or listen to) it here: https://kube.fm/kubernetes-just-linux-eric
🌟 This episode is sponsored by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training. https://learnk8s.io/training
With @Birthmarkb "Impactful voice" Farrell
You will learn:
- Why Eric considers Kubernetes to be "just Linux" and how it wraps existing Linux technologies.
- The importance of understanding Linux fundamentals (file systems, networking, storage).
- How Kubernetes provides a standard and consistent interface for managing Linux-based infrastructure.
- Why learning Linux deeply can make Kubernetes adoption an incremental step rather than a giant leap.
Watch (or listen to) it here: https://kube.fm/kubernetes-just-linux-eric
🌟 This episode is sponsored by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training. https://learnk8s.io/training
With @Birthmarkb "Impactful voice" Farrell
This media is not supported in your browser
VIEW IN TELEGRAM
RBAC Wizard is a tool that helps you visualize and analyze the RBAC configurations of your Kubernetes cluster.
More: https://github.com/pehlicd/rbac-wizard
More: https://github.com/pehlicd/rbac-wizard
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 99:
💸 How we Saved 10s of thousands of dollars deploying low cost open source AI technologies at scale with Kubernetes
🐳 Recent Docker BuildKit features you're missing out on
🚦 Scheduling priority In multi-team Kubernetes cluster
🌲 How to structure your Argo CD repositories using Application Sets
🏎️ Solving CPU throttling issue in Golang applications before hitting the CPU limit in Kubernetes
Read it now: https://learnk8s.io/issues/99
🌟 Are you ready to double your Kubernetes resource utilization?
StormForge, the sponsor for this issue, has built an HPA-compatible vertical pod rightsizing solution designed to help you save Mem/CPU and optimize your cloud bill. You can try it for free here: https://stormforge.io/optimize-live/?utm_source=Learnk8s&utm_medium=email&utm_campaign=learnk8s-sow2-2024
💸 How we Saved 10s of thousands of dollars deploying low cost open source AI technologies at scale with Kubernetes
🐳 Recent Docker BuildKit features you're missing out on
🚦 Scheduling priority In multi-team Kubernetes cluster
🌲 How to structure your Argo CD repositories using Application Sets
🏎️ Solving CPU throttling issue in Golang applications before hitting the CPU limit in Kubernetes
Read it now: https://learnk8s.io/issues/99
🌟 Are you ready to double your Kubernetes resource utilization?
StormForge, the sponsor for this issue, has built an HPA-compatible vertical pod rightsizing solution designed to help you save Mem/CPU and optimize your cloud bill. You can try it for free here: https://stormforge.io/optimize-live/?utm_source=Learnk8s&utm_medium=email&utm_campaign=learnk8s-sow2-2024
This article explains how to streamline multi-cloud Kubernetes access using OpenID Connect (OIDC) to overcome the complexities of managing secure, consistent Kubernetes access across a multi-cloud environment.
More: https://medium.com/@mnkg561/streamlining-multi-cloud-kubernetes-access-using-oidc-a1380dd1a6af
More: https://medium.com/@mnkg561/streamlining-multi-cloud-kubernetes-access-using-oidc-a1380dd1a6af
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
DevSecOps Engineer with Crusoe
💰 $180K to $300K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://kube.careers/t/cc2ab37b-4b47-4dc0-9199-04269d9e3607?s=55
👉 Browse all 1390 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
DevSecOps Engineer with Crusoe
💰 $180K to $300K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://kube.careers/t/cc2ab37b-4b47-4dc0-9199-04269d9e3607?s=55
👉 Browse all 1390 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Kubernetes in action: from pods to production-ready clusters!
📆 Learnk8s runs a 4-day Advanced Kubernetes course in 🇺🇸 San Francisco on Oct 21!
You will learn how to:
1️⃣ Architect and design resilient clusters (in the cloud or on-prem).
2️⃣ Master deployment strategies and resource management.
3️⃣ Wire the cluster network and trace packets flowing through it.
4️⃣ Secure your cluster with the latest best practices.
5️⃣ Autoscale, manage data and stateful workloads, monitoring and more.
What you need to know:
✅ 40% lecture, 60% hands-on labs.
✅ Small groups for personalized learning.
✅ Progresses from basics to advanced topics.
✅ Lifetime access to course materials and Slack community.
Ticket and info: https://kube.events/t/3aa0148a-d54a-471c-adbc-cc5cabb86d23
Corporate training: https://learnk8s.io/corporate-training
📆 Learnk8s runs a 4-day Advanced Kubernetes course in 🇺🇸 San Francisco on Oct 21!
You will learn how to:
1️⃣ Architect and design resilient clusters (in the cloud or on-prem).
2️⃣ Master deployment strategies and resource management.
3️⃣ Wire the cluster network and trace packets flowing through it.
4️⃣ Secure your cluster with the latest best practices.
5️⃣ Autoscale, manage data and stateful workloads, monitoring and more.
What you need to know:
✅ 40% lecture, 60% hands-on labs.
✅ Small groups for personalized learning.
✅ Progresses from basics to advanced topics.
✅ Lifetime access to course materials and Slack community.
Ticket and info: https://kube.events/t/3aa0148a-d54a-471c-adbc-cc5cabb86d23
Corporate training: https://learnk8s.io/corporate-training
Bank-Vaults is an umbrella project which provides various tools for Cloud Native secret management, including:
- Bank-Vaults CLI to configure Hashicorp Vault.
- Vault operator.
- Vault secrets webhook to inject secrets.
- Vault SDK
More: https://github.com/bank-vaults/bank-vaults
- Bank-Vaults CLI to configure Hashicorp Vault.
- Vault operator.
- Vault secrets webhook to inject secrets.
- Vault SDK
More: https://github.com/bank-vaults/bank-vaults
This article discusses the validating admission webhook bypass vulnerability, which allows node updates to bypass a validating admission webhook.
You will learn how to detect this type of event by enabling Kubernetes Audit Logging in the cluster.
More: https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass
You will learn how to detect this type of event by enabling Kubernetes Audit Logging in the cluster.
More: https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass
This tutorial explores how to use cert-manager to manage Kubernetes Gateway certificates automatically.
More: https://addozhang.medium.com/automated-kubernetes-gateway-certificates-management-with-cert-manager-b6b43bb6c5ea
More: https://addozhang.medium.com/automated-kubernetes-gateway-certificates-management-with-cert-manager-b6b43bb6c5ea
This article explains how to use iptables to enhance security in a Kubernetes network.
It covers the default policy, managing rules, and keeping configurations after reboots.
More: https://itnext.io/shielding-your-kubernetes-network-mastering-iptables-for-enhanced-security-7286540b2f17
It covers the default policy, managing rules, and keeping configurations after reboots.
More: https://itnext.io/shielding-your-kubernetes-network-mastering-iptables-for-enhanced-security-7286540b2f17
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 100:
👩🚒 Rescue my OpenShift cluster from loss of 2 masters
📸 Optimize Kubernetes pods' startup time using VolumeSnapshots
📞 5 solutions for multi-cluster communication in Kubernetes
1️⃣ Streamlining Microservices Management: A Unified Helm Chart Approach
🙋♂️ Argo Events: conditional triggers
Read it now: https://learnk8s.io/issues/100
🌟 Are you still securing your Kubernetes control plane with an SSH bastion?
That's probably valid but a bit dated. The sponsor of this issue is Tailscale — connect and secure your Kubernetes clusters with anything, anywhere https://tailscale.com/use-cases/kubernetes?utm_source=LearnK8s&utm_medium=paid-email&utm_campaign=LearnK8s-Q3-25
👩🚒 Rescue my OpenShift cluster from loss of 2 masters
📸 Optimize Kubernetes pods' startup time using VolumeSnapshots
📞 5 solutions for multi-cluster communication in Kubernetes
1️⃣ Streamlining Microservices Management: A Unified Helm Chart Approach
🙋♂️ Argo Events: conditional triggers
Read it now: https://learnk8s.io/issues/100
🌟 Are you still securing your Kubernetes control plane with an SSH bastion?
That's probably valid but a bit dated. The sponsor of this issue is Tailscale — connect and secure your Kubernetes clusters with anything, anywhere https://tailscale.com/use-cases/kubernetes?utm_source=LearnK8s&utm_medium=paid-email&utm_campaign=LearnK8s-Q3-25
This article guides you through the process of signing and verifying container images using Cosign and Kyverno.
It covers the installation of Kyverno and Cosign and provides a step-by-step guide on securing CI/CD pipelines for production deployment.
More: https://vinayakpandey-7997.medium.com/signing-and-verifying-ecr-images-using-cosign-and-kyverno-d3c84e2d8a00
It covers the installation of Kyverno and Cosign and provides a step-by-step guide on securing CI/CD pipelines for production deployment.
More: https://vinayakpandey-7997.medium.com/signing-and-verifying-ecr-images-using-cosign-and-kyverno-d3c84e2d8a00
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
DevSecOps Engineer with Crusoe
💰 $180K to $300K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://kube.careers/t/cc2ab37b-4b47-4dc0-9199-04269d9e3607?s=55
👉 Browse all 1326 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
DevSecOps Engineer with Crusoe
💰 $180K to $300K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://kube.careers/t/cc2ab37b-4b47-4dc0-9199-04269d9e3607?s=55
👉 Browse all 1326 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Why can't you ping a Kubernetes service?
Learnk8s runs a 4-day Advanced Kubernetes course on Oct 21, and you will get to the bottom of questions like this (spoiler: services only exist in etcd).
You will also learn the nitty-gritty details of Kubernetes networking:
- How to plan and design a cluster network.
- How do the four Kubernetes services extend each other, and what do you gain from each?
- How CoreDNS, Ingress, and kube-proxy consume the Kubernetes currency: endpoints.
This (and much more) is covered on the third day of the course.
You can find the full agenda, a breakdown of the modules and how to sign up here: https://kube.events/t/3aa0148a-d54a-471c-adbc-cc5cabb86d23
Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training
Learnk8s runs a 4-day Advanced Kubernetes course on Oct 21, and you will get to the bottom of questions like this (spoiler: services only exist in etcd).
You will also learn the nitty-gritty details of Kubernetes networking:
- How to plan and design a cluster network.
- How do the four Kubernetes services extend each other, and what do you gain from each?
- How CoreDNS, Ingress, and kube-proxy consume the Kubernetes currency: endpoints.
This (and much more) is covered on the third day of the course.
You can find the full agenda, a breakdown of the modules and how to sign up here: https://kube.events/t/3aa0148a-d54a-471c-adbc-cc5cabb86d23
Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training
This article introduces network policies in Kubernetes.
You will learn how labels are used to identify pods and apply network policies.
You will also see how network policies are applied to traffic between pods.
More: https://jamali.hashnode.dev/cilium-network-policies
You will learn how labels are used to identify pods and apply network policies.
You will also see how network policies are applied to traffic between pods.
More: https://jamali.hashnode.dev/cilium-network-policies