Tim Miller, CEO and Co-founder at Kusari, discusses three categories of tools that are transforming the Kubernetes ecosystem.

He highlights Ko, which helps developers deploy applications with minimal friction**, Falco by Sysdig, which provides deep system visibility, and SBOM generation tools like Excalibur and Guac, which make container dependencies more transparent. These tools focus on developer experience and system observability.

Watch the full interview: https://ku.bz/-2Sqn9Jb9

In this article, you'll learn how to secure local Kubernetes apps using cert-manager, ExternalDNS, and Cloudflare to issue TLS certificates and avoid untrusted certificate errors, making it easy to manage and expose your applications securely.

More: https://itnext.io/securing-local-kubernetes-apps-a-practical-guide-with-cert-manager-externaldns-and-cloudflare-d1ee9342ed83

In this article, you'll learn about the secuirityContext setting in pod-level and container-level configurations and how to use them to run containers as non-root users, using seccomp profilesand limit filesystem access.

More: https://medium.com/@vfxbwrnnzb/i-never-understood-securitycontext-setting-in-kubernetes-but-now-i-got-it-8c07f921e403

Yue Yin, Software Engineer at ByteDance, discusses their open-source Gödel scheduler and Katalyst resource management system. She explains how these tools address the challenges of managing online and offline workloads in large-scale Kubernetes deployments.

You will learn:

- How Gödel's distributed architecture with dispatcher, scheduler, and binder components enables the scheduling of 5,000 pods per second
- Why NUMA-aware scheduling and two-layer architecture are crucial for handling complex workloads at scale
- How Katalyst provides node-level resource insights to enable efficient workload co-location and improve CPU utilization

Watch (or listen to) it here: https://ku.bz/lMpNng_33

🌟 This episode is brought to you by Learnk8s — Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop: https://learnk8s.io/training

With @Birthmarkb "Chief Idea Officer" Farrell

This repository contains a collection of AppArmor and Seccomp profiles for common Helm deployments.

These profiles were automatically generated using Armiel, a powerful tool from ArchGuardian.io that generate AppArmor and Seccomp profiles.

More: https://github.com/Archguardian-io/Kubernetes-AppArmor-Profiles

This week on Learn Kubernetes Weekly 117:

🪝 Building my first Go project: a cert-manager webhook for DuckDNS
🔥 From dumpster fire to sparkling clean: SaaS with Kubernetes operators and garbage collection
✨ The journey to creating our next-generation cloud control plane
🚦 Understand scheduling in Kubernetes
🔎 Overview of kubernetes CNI network models: VETH & bridge / overlay / BGP

Read it now: https://learnk8s.io/issues/117

🌟 This newsletter is brought to you by Loft Labs to announce the launch of Multitenancy March https://ku.bz/yk4mJkv34

In this article, you'll learn about Kubernetes Security using eBPF and Tetragon for runtime monitoring and policy enforcement, including CO-RE, attachment types, maps, and LSM hooks to overcome security limitations and vulnerabilities.

More: https://medium.com/@noah_h/kubernetes-security-ebpf-tetragon-for-runtime-monitoring-policy-enforcement-819b6ed97953

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with OpenAI
💰 $243K to $306K a year
🏠🏃🏻‍♂️🌎 Washington, DC, USA
→ https://kube.careers/t/edb60c03-c2c2-44ce-9e14-5783bb959a7e

Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
→ https://kube.careers/t/b6de3faf-adb8-462a-9dd9-260446149b27

Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275

DevSecOps Engineer with Plaid
💰 $186.84K to $279.72K a year
🏠🏃🏻‍♂️🌎 US
→ https://kube.careers/t/65616251-5ba0-42af-af39-fb64a1c2d20d

DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻‍♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f

👉 Browse all 1097 Kubernetes jobs on Kube Careers https://kube.careers

OIDC-Guard is an API server which is used along with Ingress Controllers that support External Authentication and enables per Ingress customizable JWT validation with Cookie support for Web Applications.

More: https://github.com/IvanJosipovic/OIDC-Guard

Sealed Secrets Web is a tool that provides a web interface for managing and encrypting sensitive data in Kubernetes using the Sealed Secrets service by Bitnami.

More: https://github.com/bakito/sealed-secrets-web

Ratify is a verification engine as a binary executable on Kubernetes that enables verification of artifact security metadata and admits for deployment only those that comply with your policies.

More: https://github.com/ratify-project/ratify

<shameless plug>

🚀 This March, we are running a free educational series on building multitenant Kubernetes platforms!

🤔 Over six sessions, we’ll explore the evolution of Kubernetes multitenancy, from comparing soft vs. hard approaches to evaluating namespace, virtual, and dedicated cluster strategies. I’ll also discuss emerging trends, the right tooling (think vCluster, Capsule, Kamaji, kcp, k3k, and more), and the trade-offs shaping the multitenancy market.

📅 I’m kicking off with “The State of Multi-Tenancy in Kubernetes” on Feb 27. Then, join Salman Iqbal (the legend) on March 13 for a session on standardizing development environments in large-scale clusters, and catch Chris Nesbitt-Smith on March 27 as we discuss balancing isolation and complexity.

If this sounds interesting, you can sign up here: https://ku.bz/multitenancy25

In this article, you'll learn how to simplify Kubernetes authentication using OpenID Connect (OIDC) and grant users or groups the correct permissions in your cluster, making it easier to manage access and maintain security.

More: https://kty.dev/blog/2024-09-19-auth-isnt-hard

In this article, you'll learn how the Miro team automates Kubernetes workflows with Kyverno's mutating webhooks and Dynamic Admission controllers.

More: https://medium.com/@rodrigofk/automating-kubernetes-workflows-with-kyvernos-mutating-webhooks-ae3f0a81d4d7

This week on Learn Kubernetes Weekly 118:

🐞 An empirical study on Kubernetes operator bugs
💰 Scaling artificial intelligence on a budget: running a neural network on 100 million images for just $100
🙉 Kubernetes CRD generation pitfalls
🤖 Automating Kubernetes workflows with Kyverno's mutating webhooks

Read it now: https://learnk8s.io/issues/118

⭐️ This newsletter is brought to you by Cast AI - cut your cloud costs and boost efficiency with Cast AI's real-time Kubernetes automation and optimization platform https://ku.bz/fTBv_KWn3

KubeLinter analyzes Kubernetes YAML files and Helm charts and checks them against various best practices, focusing on production readiness and security.

More: https://github.com/stackrox/kube-linter

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with OpenAI
💰 $243K to $306K a year
🏠🏃🏻‍♂️🌎 Washington, DC, USA
→ https://kube.careers/t/edb60c03-c2c2-44ce-9e14-5783bb959a7e

Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
→ https://kube.careers/t/b6de3faf-adb8-462a-9dd9-260446149b27

Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://kube.careers/t/b9a90583-a0e8-4f13-b776-839c8b1d6275

DevSecOps Engineer with Plaid
💰 $186.84K to $279.72K a year
🏠🏃🏻‍♂️🌎 US
→ https://kube.careers/t/65616251-5ba0-42af-af39-fb64a1c2d20d

DevSecOps Engineer with Glean
💰 $185K to $280K a year
🏠🏃🏻‍♂️🌎 Palo Alto, CA, USA
→ https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f

👉 Browse all 991 Kubernetes jobs on Kube Careers https://kube.careers

Master Kubernetes with Learnk8s' Advanced Kubernetes workshop!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The next online courses start next month: https://ku.bz/DX6TPV4P_

We also run in-person courses and corporate training: https://learnk8s.io/corporate-training

Kubeconform is a Kubernetes manifests validation tool.

Similar to Kubeval, but with the following improvements:

1. High performance.
2. Remote or local schema locations
3. Up-to-date schemas for all recent versions of Kubernetes.

More: https://github.com/yannh/kubeconform

Damn Vulnerable Kubernetes Application (DVKA) is a tool that provides a series of vulnerable applications on Kubernetes for practice and learning purposes.

More: https://github.com/alevsk/dvka

📊 The State of the Kubernetes Job Market 2024 report from Kube Careers is now available!

Based on 25,121 job listings with 4,850 filtered denoscriptions, here are key takeaways:

💰 The average worldwide Kubernetes salary for 2024 was $158,822, with North America leading in job offers at 62%.

🏠 65% of jobs offer some form of remote work. Hybrid arrangements have increased significantly, from 20% in 2023 to 30.58% in 2024.

🛠️ In CI/CD, Jenkins (35%) and GitLab (28%) are the most mentioned specific tools, with GitHub Actions (11%) gaining ground.

For a deeper dive into salaries, skills, and trends shaping the Kubernetes job market, check out the full report: https://ku.bz/626CBl6b8