Learn how to integrate 1Password with External Secrets Operator to automate pulling secrets into a Kubernetes Secret, enabling secure secret management across different stages.
More: https://dev.to/3deep5me/using-1password-with-external-secrets-operator-in-a-gitops-way-4lo4
More: https://dev.to/3deep5me/using-1password-with-external-secrets-operator-in-a-gitops-way-4lo4
The article explores the evolution of pod privileges in EKS, covering the transition from Host Role to Proxy metadata servers, IRSA, and finally Pod Identity, highlighting the key features and improvements of each approach.
More: https://asrathore08.medium.com/journey-of-pods-privilege-in-eks-f04c780e2f1b
More: https://asrathore08.medium.com/journey-of-pods-privilege-in-eks-f04c780e2f1b
Confidential Containers is an open source community that works to enable cloud native confidential computing by leveraging Trusted Execution Environments to protect containers and data.
More: https://github.com/confidential-containers
More: https://github.com/confidential-containers
This media is not supported in your browser
VIEW IN TELEGRAM
Kubernetes Network Policies control pod communication.
This guide introduces Network Policies, including implementing and troubleshooting policies to enhance the security of your Kubernetes applications.
More: https://medium.com/@muppedaanvesh/a-hands-on-guide-to-kubernetes-network-policy-%EF%B8%8F-041bebe19a23
This guide introduces Network Policies, including implementing and troubleshooting policies to enhance the security of your Kubernetes applications.
More: https://medium.com/@muppedaanvesh/a-hands-on-guide-to-kubernetes-network-policy-%EF%B8%8F-041bebe19a23
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Tim Miller CEO and Co-founder at Kusari explains why minimal containers are just one piece of the supply chain security puzzle.
He discusses how container minimization must be complemented with supply chain tracking and provenance information. Tim highlights how the Software Development Life Cycle (SDLC) often removes complexity but also eliminates crucial tracking information needed for security incident response.
Watch the full interview: https://ku.bz/-2Sqn9Jb9
This interview is a reaction to Harsha Koushik's episode https://ku.bz/n_sJ04xMY
He discusses how container minimization must be complemented with supply chain tracking and provenance information. Tim highlights how the Software Development Life Cycle (SDLC) often removes complexity but also eliminates crucial tracking information needed for security incident response.
Watch the full interview: https://ku.bz/-2Sqn9Jb9
This interview is a reaction to Harsha Koushik's episode https://ku.bz/n_sJ04xMY
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 107:
💰 How I came to build a cheap server cluster for VDI
🐝 eBPF maps state synchronization across multi-node Kubernetes cluster
🕸️ Service Meshes decoded: is Istio Ambient worth it?
🗑️ How to uninstall Multus CNI without borking your Kubernetes cluster
📝 Kubernetes configuration in 2024
Read it now: https://learnk8s.io/issues/107
🌟 This newsletter is brought to you by Robusta Dev — reduce Prometheus and Kubernetes troubleshooting time by 80% with an AI Assistant. Fewer alerts and better developer experience https://ku.bz/NdP67ry-g
💰 How I came to build a cheap server cluster for VDI
🐝 eBPF maps state synchronization across multi-node Kubernetes cluster
🕸️ Service Meshes decoded: is Istio Ambient worth it?
🗑️ How to uninstall Multus CNI without borking your Kubernetes cluster
📝 Kubernetes configuration in 2024
Read it now: https://learnk8s.io/issues/107
🌟 This newsletter is brought to you by Robusta Dev — reduce Prometheus and Kubernetes troubleshooting time by 80% with an AI Assistant. Fewer alerts and better developer experience https://ku.bz/NdP67ry-g
Learn how to use Open Policy Agent (OPA) to write policies for Kubernetes clusters, including defining namespace policies, allocating resource quotas, and creating a custom validation webhook.
More: https://medium.com/permify-tech-blog/opa-gatekeeper-how-to-write-policies-for-kubernetes-clusters-bb660666eb19
More: https://medium.com/permify-tech-blog/opa-gatekeeper-how-to-write-policies-for-kubernetes-clusters-bb660666eb19
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
→ https://kube.careers/t/c7cf5fcf-05bc-4e15-948b-f58c1c47fd9f?s=55
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
→ https://kube.careers/t/03598248-6bcb-4117-85b1-ecba6edb3070?s=55
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
→ https://kube.careers/t/3d7c0bd7-abd8-4526-a376-458f65018709?s=55
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
→ https://kube.careers/t/b6de3faf-adb8-462a-9dd9-260446149b27?s=55
👉 Browse all 1359 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
→ https://kube.careers/t/c7cf5fcf-05bc-4e15-948b-f58c1c47fd9f?s=55
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
→ https://kube.careers/t/03598248-6bcb-4117-85b1-ecba6edb3070?s=55
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
→ https://kube.careers/t/3d7c0bd7-abd8-4526-a376-458f65018709?s=55
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
→ https://kube.careers/t/b6de3faf-adb8-462a-9dd9-260446149b27?s=55
👉 Browse all 1359 Kubernetes jobs on Kube Careers https://kube.careers
This article discusses a security vulnerability in Kubernetes' deprecated gitRepo volume driver, which allows an attacker to execute arbitrary commands on a worker node as root, and provides information on how to prevent it.
More: https://irsl.medium.com/sneaky-write-hook-git-clone-to-root-on-k8s-node-e38236205d54
More: https://irsl.medium.com/sneaky-write-hook-git-clone-to-root-on-k8s-node-e38236205d54
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Yakir Kadkoda and Assaf Morag from Aqua Security explore the critical issue of exposed Kubernetes secrets and the potential supply chain attack threats they pose.
They explain that Kubernetes is not an isolated system and often requires secrets or tokens to access container registries, integrate with organizational Single Sign-On (SSO), or manage network TLS certificates.
Watch the full episode: https://ku.bz/5RKVBGlQR
They explain that Kubernetes is not an isolated system and often requires secrets or tokens to access container registries, integrate with organizational Single Sign-On (SSO), or manage network TLS certificates.
Watch the full episode: https://ku.bz/5RKVBGlQR
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Harsha Koushik, a Security Researcher and Technical Product Manager at Palo Alto Networks, explores the practical and security benefits of Distroless containers.
He debunks the myth surrounding their security and explains the fundamental differences between Distroless containers and traditional distributions, highlighting the absence of package managers, shells, and OS-level utilities in Distroless containers.
Watch the full episode: https://ku.bz/n_sJ04xMY
He debunks the myth surrounding their security and explains the fundamental differences between Distroless containers and traditional distributions, highlighting the absence of package managers, shells, and OS-level utilities in Distroless containers.
Watch the full episode: https://ku.bz/n_sJ04xMY
This article presents three Vault integration mechanisms in Kubernetes: Banzai Cloud's Vault Secrets Webhook, CSI Provider, and Agent Sidecar Injector
It evaluates each based on key features, advantages, and limitations.
More: https://medium.com/@denisgorokhov/vault-integration-mechanisms-in-kubernetes-comparative-analysis-61e3f582e2f4
It evaluates each based on key features, advantages, and limitations.
More: https://medium.com/@denisgorokhov/vault-integration-mechanisms-in-kubernetes-comparative-analysis-61e3f582e2f4
In this ebook you will learn how to establish secure communication between clusters and pods, and discover the best practices for implementing zero-trust security in your Kubernetes environment.
More: https://kubecrash.io/download/zero-trust-ebook
More: https://kubecrash.io/download/zero-trust-ebook
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Michael Levan explains how specialized teams and smart abstractions can lead to better outcomes.
You will learn:
- How to use Internal Developer Platforms (IDPs) and abstractions to empower teams without requiring everyone to be a Kubernetes expert.
- How to balance specialization and collaboration using platform engineering practices and smart abstractions
- Practical strategies for managing cognitive load in engineering teams and why not everyone needs to know YAML.
Watch (or listen to) it here: https://ku.bz/qlZPfM-zr
🌟 This episode is brought to you by Testkube — scale all of your tests with Kubernetes, integrate seamlessly with CI/CD and centralize test troubleshooting and reporting https://ku.bz/r8JZXNd2f
With @Birthmarkb "Farm boy" Farrell
You will learn:
- How to use Internal Developer Platforms (IDPs) and abstractions to empower teams without requiring everyone to be a Kubernetes expert.
- How to balance specialization and collaboration using platform engineering practices and smart abstractions
- Practical strategies for managing cognitive load in engineering teams and why not everyone needs to know YAML.
Watch (or listen to) it here: https://ku.bz/qlZPfM-zr
🌟 This episode is brought to you by Testkube — scale all of your tests with Kubernetes, integrate seamlessly with CI/CD and centralize test troubleshooting and reporting https://ku.bz/r8JZXNd2f
With @Birthmarkb "Farm boy" Farrell
This article explains the security risks of running containers as root in Kubernetes, including downloading malware and accessing host resources, and shows how running as a non-root user can mitigate these risks.
More: https://dev.to/wasiucionekm/kubernetes-security-in-practice-implications-of-running-containers-as-root-474n
More: https://dev.to/wasiucionekm/kubernetes-security-in-practice-implications-of-running-containers-as-root-474n
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 108:
0️⃣ Zero trust ebook
📦 OpenAI's code execution runtime & replicating sandboxing infrastructure
🆙 How we seamlessly transitioned our node services to Kubernetes
⚖️ Load balancing Airbyte workloads across multiple Kubernetes clusters
🐍 Sneaky write hook: Git clone to root on Kubernetes node
🧪 GenAI experiments: monitoring and debugging Kubernetes cluster health
Read it now: https://learnk8s.io/issues/108
🌟 This newsletter is brought to you by simplyblock, your intelligent Kubernetes data platform https://ku.bz/2zZ_pL34y
0️⃣ Zero trust ebook
📦 OpenAI's code execution runtime & replicating sandboxing infrastructure
🆙 How we seamlessly transitioned our node services to Kubernetes
⚖️ Load balancing Airbyte workloads across multiple Kubernetes clusters
🐍 Sneaky write hook: Git clone to root on Kubernetes node
🧪 GenAI experiments: monitoring and debugging Kubernetes cluster health
Read it now: https://learnk8s.io/issues/108
🌟 This newsletter is brought to you by simplyblock, your intelligent Kubernetes data platform https://ku.bz/2zZ_pL34y
This tutorial teaches how to set up SPIRE Federation on kind clusters, enabling secure communication between microservices with SPIFFE/SPIRE.
More: https://medium.com/@nishant.apatil3/spiffe-spire-federation-implementation-on-kind-clusters-d5f3b7c4c062
More: https://medium.com/@nishant.apatil3/spiffe-spire-federation-implementation-on-kind-clusters-d5f3b7c4c062
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
👉 Browse all 1387 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
👉 Browse all 1387 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
We are now (also) on 🦋!
You can find all Kubernetes news, jobs, events, interviews, and podcasts, here: https://bsky.app/starter-pack/learnk8s.io/3lbobkb35vx2a
And if you missed any of those accounts, you can find a recap here: https://learnk8s.io/news
You can find all Kubernetes news, jobs, events, interviews, and podcasts, here: https://bsky.app/starter-pack/learnk8s.io/3lbobkb35vx2a
And if you missed any of those accounts, you can find a recap here: https://learnk8s.io/news
This article explores the security risks of exposed Kubelet APIs and presents real-world attacks observed through a honeypot setup, highlighting techniques used by attackers and providing measures to protect Kubernetes clusters.
More: https://blog.aquasec.com/kubernetes-exposed-exploiting-the-kubelet-api
More: https://blog.aquasec.com/kubernetes-exposed-exploiting-the-kubelet-api
In this article, you will learn why Kubernetes does not manage its own users and instead integrates with existing authentication systems.
More: https://www.armosec.io/blog/kubernetes-user-management
More: https://www.armosec.io/blog/kubernetes-user-management