Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
👉 Browse all 1415 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
👉 Browse all 1415 Kubernetes jobs on Kube Careers https://kube.careers
Learn how to exploit a Kubernetes vulnerability using gitRepo volumes to gain root access to the underlying node, and discover ways to prevent this exploit, including admission control and removing the git binary from nodes.
More: https://raesene.github.io/blog/2024/07/10/Fun-With-GitRepo-Volumes
More: https://raesene.github.io/blog/2024/07/10/Fun-With-GitRepo-Volumes
Cert Injection Webhook for Kubernetes is a tool that injects CA certificates and proxy environment variables into pods based on labels or annotations.
More: https://github.com/vmware-tanzu/cert-injection-webhook
More: https://github.com/vmware-tanzu/cert-injection-webhook
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 111:
🇵🇭 Kubernetes vs Philippine power outages: on setting up k0s over Tailscale
😅 Fun with GitRepo volumes
🤔 Understanding Kubernetes: networking and services
📕 The Kubernetes troubleshooting handbook
👩🏫 Container networking explained
Read it now: https://learnk8s.io/issues/111
🌟 Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop in January: https://learnk8s.io/training
🇵🇭 Kubernetes vs Philippine power outages: on setting up k0s over Tailscale
😅 Fun with GitRepo volumes
🤔 Understanding Kubernetes: networking and services
📕 The Kubernetes troubleshooting handbook
👩🏫 Container networking explained
Read it now: https://learnk8s.io/issues/111
🌟 Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop in January: https://learnk8s.io/training
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
DevSecOps Engineer with CoreWeave
💰 $240K to $275K a year
🏠🏃🏻♂️🌎 Roseland, NJ / Brooklyn, NY / Sunnyvale, CA / Bellevue, WA, USA
👉 Browse all 1360 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
DevSecOps Engineer with CoreWeave
💰 $240K to $275K a year
🏠🏃🏻♂️🌎 Roseland, NJ / Brooklyn, NY / Sunnyvale, CA / Bellevue, WA, USA
👉 Browse all 1360 Kubernetes jobs on Kube Careers https://kube.careers
In this article, you'll learn about Kubernetes Network Policies, including how they work, types of policies, and best practices for controlling network traffic flow in Kubernetes clusters to ensure secure communication between pods and applications.
More: https://aditya-tanwar.hashnode.dev/kubernetes-network-policies
More: https://aditya-tanwar.hashnode.dev/kubernetes-network-policies
Kubelogin is a Kubernetes credential (exec) plugin implementing the Azure authentication methods such as:
- Device code login.
- Non-interactive service principal login.
- Non-interactive workload identity login.
- OIDC provider for Azure AD.
And more.
More: https://github.com/Azure/kubelogin
- Device code login.
- Non-interactive service principal login.
- Non-interactive workload identity login.
- OIDC provider for Azure AD.
And more.
More: https://github.com/Azure/kubelogin
In this article, you will learn how OpenSauced integrated the OpenSSF Scorecard into their platform using Kubernetes, enabling the scaling of security score checks across nearly any GitHub repository.
More: https://dev.to/opensauced/how-we-use-kubernetes-jobs-to-scale-openssf-scorecard-5bf2
More: https://dev.to/opensauced/how-we-use-kubernetes-jobs-to-scale-openssf-scorecard-5bf2
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Yakir Kadkoda and Assaf Morag from Aqua Security discuss the potential risks and attack vectors associated with compromised Docker registries.
They highlight scenarios where attackers can exploit private tokens to access container images and search for sensitive information, expanding their attack surface.
They also explain the danger of having write access to container registries, which could allow attackers to backdoor images, facilitating initial access and lateral movement within the network.
Watch the full episode: https://ku.bz/5RKVBGlQR
They highlight scenarios where attackers can exploit private tokens to access container images and search for sensitive information, expanding their attack surface.
They also explain the danger of having write access to container registries, which could allow attackers to backdoor images, facilitating initial access and lateral movement within the network.
Watch the full episode: https://ku.bz/5RKVBGlQR
In this article, you will learn how Role-Based Access Control (RBAC) works in Kubernetes, including infrastructure design, authentication and authorization, role binding, and service accounts to manage user and application access to cluster resources.
More: https://medium.com/@amansinghsonkh/how-rbac-works-in-the-kubernetes-0d421bf5cf39
More: https://medium.com/@amansinghsonkh/how-rbac-works-in-the-kubernetes-0d421bf5cf39
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 112:
🧐 Monitoring inter-pod traffic at the AZ level with eBPF based tool retina
♻️ Mastering GitOps with Flux at Adore Me
📈 From chaos to control: the importance of tailored autoscaling in Kubernetes
💼 How we use Kubernetes jobs to scale the OpenSSF scorecard
🚦 Exploring the basics of Istio traffic management
Read it now: https://learnk8s.io/issues/112
🌟 Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop in January: https://learnk8s.io/training
🧐 Monitoring inter-pod traffic at the AZ level with eBPF based tool retina
♻️ Mastering GitOps with Flux at Adore Me
📈 From chaos to control: the importance of tailored autoscaling in Kubernetes
💼 How we use Kubernetes jobs to scale the OpenSSF scorecard
🚦 Exploring the basics of Istio traffic management
Read it now: https://learnk8s.io/issues/112
🌟 Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop in January: https://learnk8s.io/training
In this tutorial, you will learn how to use Falco to detect and prevent potential threats without disrupting critical operations.
More: https://medium.com/@omar.kamal.abouraya/how-i-used-falco-to-secure-my-kubernetes-cluster-without-touching-critical-pods-159ad4546890
More: https://medium.com/@omar.kamal.abouraya/how-i-used-falco-to-secure-my-kubernetes-cluster-without-touching-critical-pods-159ad4546890
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
→ https://kube.careers/t/c7cf5fcf-05bc-4e15-948b-f58c1c47fd9f
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
→ https://kube.careers/t/03598248-6bcb-4117-85b1-ecba6edb3070
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
→ https://kube.careers/t/b6de3faf-adb8-462a-9dd9-260446149b27
DevSecOps Engineer with CoreWeave
💰 $240K to $275K a year
🏠🏃🏻♂️🌎 Roseland, NJ / Brooklyn, NY / Sunnyvale, CA / Bellevue, WA, USA
→ https://kube.careers/t/e9f1791e-bf17-4013-af2a-c52e93b6beaf
👉 Browse all 1469 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
→ https://kube.careers/t/c7cf5fcf-05bc-4e15-948b-f58c1c47fd9f
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
→ https://kube.careers/t/03598248-6bcb-4117-85b1-ecba6edb3070
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
→ https://kube.careers/t/b6de3faf-adb8-462a-9dd9-260446149b27
DevSecOps Engineer with CoreWeave
💰 $240K to $275K a year
🏠🏃🏻♂️🌎 Roseland, NJ / Brooklyn, NY / Sunnyvale, CA / Bellevue, WA, USA
→ https://kube.careers/t/e9f1791e-bf17-4013-af2a-c52e93b6beaf
👉 Browse all 1469 Kubernetes jobs on Kube Careers https://kube.careers
In this article, you will learn about network policies in Kubernetes, including the differences between Layer 4 and Layer 7 policies, their pros and cons, and how to implement them to achieve a zero-trust security model in your cluster.
More: https://buoyant.io/blog/a-guide-to-modern-kubernetes-network-policies
More: https://buoyant.io/blog/a-guide-to-modern-kubernetes-network-policies
kubeseal-convert is a tool for importing secrets from pre-existing secrets management systems (e.g. Vault, Secrets Manager) into a SealedSecret.
More: https://github.com/EladLeev/kubeseal-convert
More: https://github.com/EladLeev/kubeseal-convert
In this article, you will learn how to take a pragmatic approach to understanding the Kubernetes Threat Matrix, creating a security roadmap, and prioritizing vulnerabilities to build a secure cluster.
More: https://medium.com/@selsmie/a-pragmatic-look-at-the-kubernetes-threat-matrix-d58504e926b5
More: https://medium.com/@selsmie/a-pragmatic-look-at-the-kubernetes-threat-matrix-d58504e926b5
Validkube combines the best open-source tools to help ensure Kubernetes YAML best practices, hygiene & security.
More: https://github.com/komodorio/validkube
More: https://github.com/komodorio/validkube
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 113:
🎡 Advanced rollout techniques: custom strategies for stateful apps in Kubernetes
👮♀️ A guide to modern Kubernetes network policies
🥷 A pragmatic look at the Kubernetes threat matrix
💰 AWS managed NAT gateway cost optimization with Kubernetes
💸 Gloating about our multi-arch EKS migration: cutting costs with Graviton nodes
Read it now: https://learnk8s.io/issues/113
🌟 Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop in January: https://learnk8s.io/training
🎡 Advanced rollout techniques: custom strategies for stateful apps in Kubernetes
👮♀️ A guide to modern Kubernetes network policies
🥷 A pragmatic look at the Kubernetes threat matrix
💰 AWS managed NAT gateway cost optimization with Kubernetes
💸 Gloating about our multi-arch EKS migration: cutting costs with Graviton nodes
Read it now: https://learnk8s.io/issues/113
🌟 Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop in January: https://learnk8s.io/training
In this article, you will learn why Adevinta's team transitioned from Gatekeeper to Kyverno.
Discover the challenges they faced with Gatekeeper's MutatingWebhook capability and the benefits of Kyverno.
More: https://medium.com/adevinta-tech-blog/why-did-we-transition-from-gatekeeper-to-kyverno-for-kubernetes-policy-management-42bc2c4523d0
Discover the challenges they faced with Gatekeeper's MutatingWebhook capability and the benefits of Kyverno.
More: https://medium.com/adevinta-tech-blog/why-did-we-transition-from-gatekeeper-to-kyverno-for-kubernetes-policy-management-42bc2c4523d0
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
→ https://kube.careers/t/c7cf5fcf-05bc-4e15-948b-f58c1c47fd9f
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
→ https://kube.careers/t/03598248-6bcb-4117-85b1-ecba6edb3070
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
→ https://kube.careers/t/b6de3faf-adb8-462a-9dd9-260446149b27
DevSecOps Engineer with CVS Pharmacy, Inc.
💰 $175.1K to $334.75K a year
🏠🏃🏻♂️🌎 New York, NY, USA
→ https://kube.careers/t/1ee7ee65-591c-4b3b-8feb-bb08a943d8e1
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275
👉 Browse all 1419 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
→ https://kube.careers/t/c7cf5fcf-05bc-4e15-948b-f58c1c47fd9f
DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨💻 Remote from the United States
→ https://kube.careers/t/03598248-6bcb-4117-85b1-ecba6edb3070
Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
→ https://kube.careers/t/b6de3faf-adb8-462a-9dd9-260446149b27
DevSecOps Engineer with CVS Pharmacy, Inc.
💰 $175.1K to $334.75K a year
🏠🏃🏻♂️🌎 New York, NY, USA
→ https://kube.careers/t/1ee7ee65-591c-4b3b-8feb-bb08a943d8e1
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275
👉 Browse all 1419 Kubernetes jobs on Kube Careers https://kube.careers
In this article, you will learn about a critical ingress-nginx controller vulnerability that allows attackers to bypass annotation validation, potentially leading to unauthorized access and code execution in Kubernetes clusters.
More: https://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass
More: https://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass