Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 108:
0️⃣ Zero trust ebook
📦 OpenAI's code execution runtime & replicating sandboxing infrastructure
🆙 How we seamlessly transitioned our node services to Kubernetes
⚖️ Load balancing Airbyte workloads across multiple Kubernetes clusters
🐍 Sneaky write hook: Git clone to root on Kubernetes node
🧪 GenAI experiments: monitoring and debugging Kubernetes cluster health
Read it now: https://learnk8s.io/issues/108
🌟 This newsletter is brought to you by simplyblock, your intelligent Kubernetes data platform https://ku.bz/2zZ_pL34y
0️⃣ Zero trust ebook
📦 OpenAI's code execution runtime & replicating sandboxing infrastructure
🆙 How we seamlessly transitioned our node services to Kubernetes
⚖️ Load balancing Airbyte workloads across multiple Kubernetes clusters
🐍 Sneaky write hook: Git clone to root on Kubernetes node
🧪 GenAI experiments: monitoring and debugging Kubernetes cluster health
Read it now: https://learnk8s.io/issues/108
🌟 This newsletter is brought to you by simplyblock, your intelligent Kubernetes data platform https://ku.bz/2zZ_pL34y
This tutorial teaches how to set up SPIRE Federation on kind clusters, enabling secure communication between microservices with SPIFFE/SPIRE.
More: https://medium.com/@nishant.apatil3/spiffe-spire-federation-implementation-on-kind-clusters-d5f3b7c4c062
More: https://medium.com/@nishant.apatil3/spiffe-spire-federation-implementation-on-kind-clusters-d5f3b7c4c062
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
👉 Browse all 1387 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
👉 Browse all 1387 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
We are now (also) on 🦋!
You can find all Kubernetes news, jobs, events, interviews, and podcasts, here: https://bsky.app/starter-pack/learnk8s.io/3lbobkb35vx2a
And if you missed any of those accounts, you can find a recap here: https://learnk8s.io/news
You can find all Kubernetes news, jobs, events, interviews, and podcasts, here: https://bsky.app/starter-pack/learnk8s.io/3lbobkb35vx2a
And if you missed any of those accounts, you can find a recap here: https://learnk8s.io/news
This article explores the security risks of exposed Kubelet APIs and presents real-world attacks observed through a honeypot setup, highlighting techniques used by attackers and providing measures to protect Kubernetes clusters.
More: https://blog.aquasec.com/kubernetes-exposed-exploiting-the-kubelet-api
More: https://blog.aquasec.com/kubernetes-exposed-exploiting-the-kubelet-api
In this article, you will learn why Kubernetes does not manage its own users and instead integrates with existing authentication systems.
More: https://www.armosec.io/blog/kubernetes-user-management
More: https://www.armosec.io/blog/kubernetes-user-management
Learn how confidential containers securely retrieve secrets, including the authentication process, resource retrieval flow, and workload requests to the Confidential Data Hub endpoint, and how this process prevents unauthorized access to sensitive data.
More: https://itnext.io/how-your-confidential-containers-can-securely-retrieve-secrets-93d6f55b7b42
More: https://itnext.io/how-your-confidential-containers-can-securely-retrieve-secrets-93d6f55b7b42
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Stefan Roman shares his experience building Labs4Grabs, a platform that gives students root access to Kubernetes clusters.
You will learn:
- Why namespace isolation isn't sufficient for untrusted users and the limitations of tools like vCluster when running privileged workloads.
- How to use KubeVirt to achieve complete workload isolation and the trade-offs.
- Practical approaches to implementing network security with NetworkPolicies and managing resource allocation across multiple student environments.
Watch (or listen to) it here: https://ku.bz/Xz-TrmX2F
🌟 This episode is brought to you by Kusari — gain complete visibility into your software components and secure your supply chain through comprehensive tracking and analysis https://ku.bz/1MZKgXQHt
With @Birthmarkb "Capitan Falcon" Farrell
You will learn:
- Why namespace isolation isn't sufficient for untrusted users and the limitations of tools like vCluster when running privileged workloads.
- How to use KubeVirt to achieve complete workload isolation and the trade-offs.
- Practical approaches to implementing network security with NetworkPolicies and managing resource allocation across multiple student environments.
Watch (or listen to) it here: https://ku.bz/Xz-TrmX2F
🌟 This episode is brought to you by Kusari — gain complete visibility into your software components and secure your supply chain through comprehensive tracking and analysis https://ku.bz/1MZKgXQHt
With @Birthmarkb "Capitan Falcon" Farrell
This article discusses the Confidential Containers Attestation process in the Trustee project, the Request-Challenge-Attestation-Response handshake and the roles of the Key Broker Service and Attestation Service.
More: https://pradiptabanerjee.medium.com/confidential-containers-attestation-implementation-2b88f66dac1e
More: https://pradiptabanerjee.medium.com/confidential-containers-attestation-implementation-2b88f66dac1e
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 109:
🦋 The Karpenter transformation
❤️ Sharing is caring: how to make the most of your GPUs
🛠️ How we fixed API downtime during spot instance reclaims
🏎️ Karpenter's drift detection
😀 Kubernetes CRD: the versioning joy
Read it now: https://learnk8s.io/issues/109
🌟 This newsletter is sponsored by Intuit to celebrate Numaproj — a Kubernetes-native, serverless platform designed for building scalable and reliable event-driven applications https://ku.bz/PQ-hn3ZCm
🦋 The Karpenter transformation
❤️ Sharing is caring: how to make the most of your GPUs
🛠️ How we fixed API downtime during spot instance reclaims
🏎️ Karpenter's drift detection
😀 Kubernetes CRD: the versioning joy
Read it now: https://learnk8s.io/issues/109
🌟 This newsletter is sponsored by Intuit to celebrate Numaproj — a Kubernetes-native, serverless platform designed for building scalable and reliable event-driven applications https://ku.bz/PQ-hn3ZCm
trust-manager is a tool for managing trust bundles in Kubernetes and OpenShift clusters.
It combines a list of trusted certificates into a bundle that applications can directly trust.
More: https://github.com/cert-manager/trust-manager
It combines a list of trusted certificates into a bundle that applications can directly trust.
More: https://github.com/cert-manager/trust-manager
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
👉 Browse all 1388 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
👉 Browse all 1388 Kubernetes jobs on Kube Careers https://kube.careers
Learn how to set up AWS IRSA on a self-hosted Kubernetes Cluster, including creating a Discovery Service, an AWS Identity Provider, and configuring a Kubernetes cluster.
More: https://levelup.gitconnected.com/aws-irsa-on-a-self-hosted-kubernetes-cluster-02d2bfa4e824
More: https://levelup.gitconnected.com/aws-irsa-on-a-self-hosted-kubernetes-cluster-02d2bfa4e824
Forwarded from Kube Architect
Not all CPU and memory in your Kubernetes nodes can be used to run Pods.
The node has to run processes such as the Kubelet, daemons such as kube-proxy, and the operating system.
Explore the best instance types for your Kubernetes cluster interactively.
More: https://learnk8s.io/kubernetes-instance-calculator
The node has to run processes such as the Kubelet, daemons such as kube-proxy, and the operating system.
Explore the best instance types for your Kubernetes cluster interactively.
More: https://learnk8s.io/kubernetes-instance-calculator
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 110:
🔎 Container interference detection and mitigation
🧮 Kubernetes instance calculator
👍 Comparison of networking solutions for Kubernetes
🪣 Using S3 as a container registry
🏎️ Benchmarking what actually drives our containers
Read it now: https://learnk8s.io/issues/110
🌟 Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop in January: https://learnk8s.io/training
🔎 Container interference detection and mitigation
🧮 Kubernetes instance calculator
👍 Comparison of networking solutions for Kubernetes
🪣 Using S3 as a container registry
🏎️ Benchmarking what actually drives our containers
Read it now: https://learnk8s.io/issues/110
🌟 Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop in January: https://learnk8s.io/training
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
👉 Browse all 1415 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
👉 Browse all 1415 Kubernetes jobs on Kube Careers https://kube.careers
Learn how to exploit a Kubernetes vulnerability using gitRepo volumes to gain root access to the underlying node, and discover ways to prevent this exploit, including admission control and removing the git binary from nodes.
More: https://raesene.github.io/blog/2024/07/10/Fun-With-GitRepo-Volumes
More: https://raesene.github.io/blog/2024/07/10/Fun-With-GitRepo-Volumes
Cert Injection Webhook for Kubernetes is a tool that injects CA certificates and proxy environment variables into pods based on labels or annotations.
More: https://github.com/vmware-tanzu/cert-injection-webhook
More: https://github.com/vmware-tanzu/cert-injection-webhook
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 111:
🇵🇭 Kubernetes vs Philippine power outages: on setting up k0s over Tailscale
😅 Fun with GitRepo volumes
🤔 Understanding Kubernetes: networking and services
📕 The Kubernetes troubleshooting handbook
👩🏫 Container networking explained
Read it now: https://learnk8s.io/issues/111
🌟 Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop in January: https://learnk8s.io/training
🇵🇭 Kubernetes vs Philippine power outages: on setting up k0s over Tailscale
😅 Fun with GitRepo volumes
🤔 Understanding Kubernetes: networking and services
📕 The Kubernetes troubleshooting handbook
👩🏫 Container networking explained
Read it now: https://learnk8s.io/issues/111
🌟 Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop in January: https://learnk8s.io/training
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
DevSecOps Engineer with CoreWeave
💰 $240K to $275K a year
🏠🏃🏻♂️🌎 Roseland, NJ / Brooklyn, NY / Sunnyvale, CA / Bellevue, WA, USA
👉 Browse all 1360 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
DevSecOps Engineer with CoreWeave
💰 $240K to $275K a year
🏠🏃🏻♂️🌎 Roseland, NJ / Brooklyn, NY / Sunnyvale, CA / Bellevue, WA, USA
👉 Browse all 1360 Kubernetes jobs on Kube Careers https://kube.careers
In this article, you'll learn about Kubernetes Network Policies, including how they work, types of policies, and best practices for controlling network traffic flow in Kubernetes clusters to ensure secure communication between pods and applications.
More: https://aditya-tanwar.hashnode.dev/kubernetes-network-policies
More: https://aditya-tanwar.hashnode.dev/kubernetes-network-policies