Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Nicholas Morey, Senior Developer Advocate at Akuity, advises against managing your own secrets manager.
Drawing from personal experience, he highlights the challenges of misconfigurations, troubleshooting outages, and maintaining security.
Watch the full interview: https://kube.fm/kargo-gitops-nicholas
This interview is a reaction to Mac's episode https://kube.fm/kubernetes-secrets-mac
Drawing from personal experience, he highlights the challenges of misconfigurations, troubleshooting outages, and maintaining security.
Watch the full interview: https://kube.fm/kargo-gitops-nicholas
This interview is a reaction to Mac's episode https://kube.fm/kubernetes-secrets-mac
The article discusses container image sizes, security, and best practices.
It compares Alpine, Distroless, and Scratch images, highlighting their size, packages, and CVE differences. Chainguard, UBI Micro, and Chiseled are mentioned as alternatives.
More: https://medium.com/@mabenoit/alpine-distroless-or-scratch-caac35250e0b
It compares Alpine, Distroless, and Scratch images, highlighting their size, packages, and CVE differences. Chainguard, UBI Micro, and Chiseled are mentioned as alternatives.
More: https://medium.com/@mabenoit/alpine-distroless-or-scratch-caac35250e0b
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Eric Jalal, an independent consultant and Kubernetes developer, explains how Kubernetes is fundamentally built on familiar Linux features. He discusses why understanding Linux is crucial for working with Kubernetes and how this knowledge can simplify your approach to cloud-native technologies.
You will learn:
- Why Eric considers Kubernetes to be "just Linux" and how it wraps existing Linux technologies.
- The importance of understanding Linux fundamentals (file systems, networking, storage).
- How Kubernetes provides a standard and consistent interface for managing Linux-based infrastructure.
- Why learning Linux deeply can make Kubernetes adoption an incremental step rather than a giant leap.
Watch (or listen to) it here: https://kube.fm/kubernetes-just-linux-eric
🌟 This episode is sponsored by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training. https://learnk8s.io/training
With @Birthmarkb "Impactful voice" Farrell
You will learn:
- Why Eric considers Kubernetes to be "just Linux" and how it wraps existing Linux technologies.
- The importance of understanding Linux fundamentals (file systems, networking, storage).
- How Kubernetes provides a standard and consistent interface for managing Linux-based infrastructure.
- Why learning Linux deeply can make Kubernetes adoption an incremental step rather than a giant leap.
Watch (or listen to) it here: https://kube.fm/kubernetes-just-linux-eric
🌟 This episode is sponsored by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training. https://learnk8s.io/training
With @Birthmarkb "Impactful voice" Farrell
This media is not supported in your browser
VIEW IN TELEGRAM
RBAC Wizard is a tool that helps you visualize and analyze the RBAC configurations of your Kubernetes cluster.
More: https://github.com/pehlicd/rbac-wizard
More: https://github.com/pehlicd/rbac-wizard
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 99:
💸 How we Saved 10s of thousands of dollars deploying low cost open source AI technologies at scale with Kubernetes
🐳 Recent Docker BuildKit features you're missing out on
🚦 Scheduling priority In multi-team Kubernetes cluster
🌲 How to structure your Argo CD repositories using Application Sets
🏎️ Solving CPU throttling issue in Golang applications before hitting the CPU limit in Kubernetes
Read it now: https://learnk8s.io/issues/99
🌟 Are you ready to double your Kubernetes resource utilization?
StormForge, the sponsor for this issue, has built an HPA-compatible vertical pod rightsizing solution designed to help you save Mem/CPU and optimize your cloud bill. You can try it for free here: https://stormforge.io/optimize-live/?utm_source=Learnk8s&utm_medium=email&utm_campaign=learnk8s-sow2-2024
💸 How we Saved 10s of thousands of dollars deploying low cost open source AI technologies at scale with Kubernetes
🐳 Recent Docker BuildKit features you're missing out on
🚦 Scheduling priority In multi-team Kubernetes cluster
🌲 How to structure your Argo CD repositories using Application Sets
🏎️ Solving CPU throttling issue in Golang applications before hitting the CPU limit in Kubernetes
Read it now: https://learnk8s.io/issues/99
🌟 Are you ready to double your Kubernetes resource utilization?
StormForge, the sponsor for this issue, has built an HPA-compatible vertical pod rightsizing solution designed to help you save Mem/CPU and optimize your cloud bill. You can try it for free here: https://stormforge.io/optimize-live/?utm_source=Learnk8s&utm_medium=email&utm_campaign=learnk8s-sow2-2024
This article explains how to streamline multi-cloud Kubernetes access using OpenID Connect (OIDC) to overcome the complexities of managing secure, consistent Kubernetes access across a multi-cloud environment.
More: https://medium.com/@mnkg561/streamlining-multi-cloud-kubernetes-access-using-oidc-a1380dd1a6af
More: https://medium.com/@mnkg561/streamlining-multi-cloud-kubernetes-access-using-oidc-a1380dd1a6af
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
DevSecOps Engineer with Crusoe
💰 $180K to $300K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://kube.careers/t/cc2ab37b-4b47-4dc0-9199-04269d9e3607?s=55
👉 Browse all 1390 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
DevSecOps Engineer with Crusoe
💰 $180K to $300K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://kube.careers/t/cc2ab37b-4b47-4dc0-9199-04269d9e3607?s=55
👉 Browse all 1390 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Kubernetes in action: from pods to production-ready clusters!
📆 Learnk8s runs a 4-day Advanced Kubernetes course in 🇺🇸 San Francisco on Oct 21!
You will learn how to:
1️⃣ Architect and design resilient clusters (in the cloud or on-prem).
2️⃣ Master deployment strategies and resource management.
3️⃣ Wire the cluster network and trace packets flowing through it.
4️⃣ Secure your cluster with the latest best practices.
5️⃣ Autoscale, manage data and stateful workloads, monitoring and more.
What you need to know:
✅ 40% lecture, 60% hands-on labs.
✅ Small groups for personalized learning.
✅ Progresses from basics to advanced topics.
✅ Lifetime access to course materials and Slack community.
Ticket and info: https://kube.events/t/3aa0148a-d54a-471c-adbc-cc5cabb86d23
Corporate training: https://learnk8s.io/corporate-training
📆 Learnk8s runs a 4-day Advanced Kubernetes course in 🇺🇸 San Francisco on Oct 21!
You will learn how to:
1️⃣ Architect and design resilient clusters (in the cloud or on-prem).
2️⃣ Master deployment strategies and resource management.
3️⃣ Wire the cluster network and trace packets flowing through it.
4️⃣ Secure your cluster with the latest best practices.
5️⃣ Autoscale, manage data and stateful workloads, monitoring and more.
What you need to know:
✅ 40% lecture, 60% hands-on labs.
✅ Small groups for personalized learning.
✅ Progresses from basics to advanced topics.
✅ Lifetime access to course materials and Slack community.
Ticket and info: https://kube.events/t/3aa0148a-d54a-471c-adbc-cc5cabb86d23
Corporate training: https://learnk8s.io/corporate-training
Bank-Vaults is an umbrella project which provides various tools for Cloud Native secret management, including:
- Bank-Vaults CLI to configure Hashicorp Vault.
- Vault operator.
- Vault secrets webhook to inject secrets.
- Vault SDK
More: https://github.com/bank-vaults/bank-vaults
- Bank-Vaults CLI to configure Hashicorp Vault.
- Vault operator.
- Vault secrets webhook to inject secrets.
- Vault SDK
More: https://github.com/bank-vaults/bank-vaults
This article discusses the validating admission webhook bypass vulnerability, which allows node updates to bypass a validating admission webhook.
You will learn how to detect this type of event by enabling Kubernetes Audit Logging in the cluster.
More: https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass
You will learn how to detect this type of event by enabling Kubernetes Audit Logging in the cluster.
More: https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass
This tutorial explores how to use cert-manager to manage Kubernetes Gateway certificates automatically.
More: https://addozhang.medium.com/automated-kubernetes-gateway-certificates-management-with-cert-manager-b6b43bb6c5ea
More: https://addozhang.medium.com/automated-kubernetes-gateway-certificates-management-with-cert-manager-b6b43bb6c5ea
This article explains how to use iptables to enhance security in a Kubernetes network.
It covers the default policy, managing rules, and keeping configurations after reboots.
More: https://itnext.io/shielding-your-kubernetes-network-mastering-iptables-for-enhanced-security-7286540b2f17
It covers the default policy, managing rules, and keeping configurations after reboots.
More: https://itnext.io/shielding-your-kubernetes-network-mastering-iptables-for-enhanced-security-7286540b2f17
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 100:
👩🚒 Rescue my OpenShift cluster from loss of 2 masters
📸 Optimize Kubernetes pods' startup time using VolumeSnapshots
📞 5 solutions for multi-cluster communication in Kubernetes
1️⃣ Streamlining Microservices Management: A Unified Helm Chart Approach
🙋♂️ Argo Events: conditional triggers
Read it now: https://learnk8s.io/issues/100
🌟 Are you still securing your Kubernetes control plane with an SSH bastion?
That's probably valid but a bit dated. The sponsor of this issue is Tailscale — connect and secure your Kubernetes clusters with anything, anywhere https://tailscale.com/use-cases/kubernetes?utm_source=LearnK8s&utm_medium=paid-email&utm_campaign=LearnK8s-Q3-25
👩🚒 Rescue my OpenShift cluster from loss of 2 masters
📸 Optimize Kubernetes pods' startup time using VolumeSnapshots
📞 5 solutions for multi-cluster communication in Kubernetes
1️⃣ Streamlining Microservices Management: A Unified Helm Chart Approach
🙋♂️ Argo Events: conditional triggers
Read it now: https://learnk8s.io/issues/100
🌟 Are you still securing your Kubernetes control plane with an SSH bastion?
That's probably valid but a bit dated. The sponsor of this issue is Tailscale — connect and secure your Kubernetes clusters with anything, anywhere https://tailscale.com/use-cases/kubernetes?utm_source=LearnK8s&utm_medium=paid-email&utm_campaign=LearnK8s-Q3-25
This article guides you through the process of signing and verifying container images using Cosign and Kyverno.
It covers the installation of Kyverno and Cosign and provides a step-by-step guide on securing CI/CD pipelines for production deployment.
More: https://vinayakpandey-7997.medium.com/signing-and-verifying-ecr-images-using-cosign-and-kyverno-d3c84e2d8a00
It covers the installation of Kyverno and Cosign and provides a step-by-step guide on securing CI/CD pipelines for production deployment.
More: https://vinayakpandey-7997.medium.com/signing-and-verifying-ecr-images-using-cosign-and-kyverno-d3c84e2d8a00
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
DevSecOps Engineer with Crusoe
💰 $180K to $300K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://kube.careers/t/cc2ab37b-4b47-4dc0-9199-04269d9e3607?s=55
👉 Browse all 1326 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Jobs for Humanity
💰 $189.1K to $317.69K a year
🏠 From the office in Bellevue, WA, USA
→ https://kube.careers/t/47e00ae5-bef2-4118-9059-c45081d02892?s=55
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275?s=55
DevSecOps Engineer with Alchemy
💰 $135K to $350K a year
👨💻 Remote from the United States
→ https://kube.careers/t/1f5bb0f9-8812-4cfe-968d-cd2e1d1cbeaa?s=55
DevSecOps Engineer with Crusoe
💰 $180K to $300K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://kube.careers/t/cc2ab37b-4b47-4dc0-9199-04269d9e3607?s=55
👉 Browse all 1326 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Why can't you ping a Kubernetes service?
Learnk8s runs a 4-day Advanced Kubernetes course on Oct 21, and you will get to the bottom of questions like this (spoiler: services only exist in etcd).
You will also learn the nitty-gritty details of Kubernetes networking:
- How to plan and design a cluster network.
- How do the four Kubernetes services extend each other, and what do you gain from each?
- How CoreDNS, Ingress, and kube-proxy consume the Kubernetes currency: endpoints.
This (and much more) is covered on the third day of the course.
You can find the full agenda, a breakdown of the modules and how to sign up here: https://kube.events/t/3aa0148a-d54a-471c-adbc-cc5cabb86d23
Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training
Learnk8s runs a 4-day Advanced Kubernetes course on Oct 21, and you will get to the bottom of questions like this (spoiler: services only exist in etcd).
You will also learn the nitty-gritty details of Kubernetes networking:
- How to plan and design a cluster network.
- How do the four Kubernetes services extend each other, and what do you gain from each?
- How CoreDNS, Ingress, and kube-proxy consume the Kubernetes currency: endpoints.
This (and much more) is covered on the third day of the course.
You can find the full agenda, a breakdown of the modules and how to sign up here: https://kube.events/t/3aa0148a-d54a-471c-adbc-cc5cabb86d23
Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training
This article introduces network policies in Kubernetes.
You will learn how labels are used to identify pods and apply network policies.
You will also see how network policies are applied to traffic between pods.
More: https://jamali.hashnode.dev/cilium-network-policies
You will learn how labels are used to identify pods and apply network policies.
You will also see how network policies are applied to traffic between pods.
More: https://jamali.hashnode.dev/cilium-network-policies
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way.
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://github.com/bitnami-labs/sealed-secrets
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://github.com/bitnami-labs/sealed-secrets
In this article, you will explore Kyverno: a Kubernetes policy engine that receives admission webhook HTTP callbacks from the kube-apiserver and applies matching policies to return the result of executing the admission policy or denying the request.
More: https://aws.plainenglish.io/kubernetes-policy-management-engine-kyverno-b255ec9d9bf1?sk=9b8b9970bc2681dc22cd89d8bfe4b1f1
More: https://aws.plainenglish.io/kubernetes-policy-management-engine-kyverno-b255ec9d9bf1?sk=9b8b9970bc2681dc22cd89d8bfe4b1f1
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Brian Grant, CTO of ConfigHub and former tech lead on Google's Borg team discusses the Kubernetes Resource Model (KRM) and its profound impact on the Kubernetes ecosystem.
You will learn:
- How the Kubernetes API evolved from inconsistency to a uniform structure, enabling support for thousands of resource types.
- Why Kubernetes' self-describing resources and Server-side Apply simplify client implementations and configuration management.
- The evolution of Kubernetes configuration tools like Helm, Kustomize, and GitOps solutions.
Watch (or listen to) it here: https://kube.fm/krm-brian
🌟 This episode is sponsored by StormForge. Double your Kubernetes resource utilization and unburden developers from sizing complexity with the first HPA-compatible vertical pod rightsizing solution. https://stormforge.io/optimize-live/?utm_source=Learnk8s&utm_medium=podcast&utm_campaign=learnk8s-sow2-2024
You will learn:
- How the Kubernetes API evolved from inconsistency to a uniform structure, enabling support for thousands of resource types.
- Why Kubernetes' self-describing resources and Server-side Apply simplify client implementations and configuration management.
- The evolution of Kubernetes configuration tools like Helm, Kustomize, and GitOps solutions.
Watch (or listen to) it here: https://kube.fm/krm-brian
🌟 This episode is sponsored by StormForge. Double your Kubernetes resource utilization and unburden developers from sizing complexity with the first HPA-compatible vertical pod rightsizing solution. https://stormforge.io/optimize-live/?utm_source=Learnk8s&utm_medium=podcast&utm_campaign=learnk8s-sow2-2024
The Secrets Store CSI Driver allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume.
Once the Volume is attached, its data is mounted into the container's file system.
More: https://github.com/kubernetes-sigs/secrets-store-csi-driver
Once the Volume is attached, its data is mounted into the container's file system.
More: https://github.com/kubernetes-sigs/secrets-store-csi-driver