Calin discusses how a unified Helm chart approach can help platform teams support multiple development teams efficiently while maintaining consistent standards across services.

You will learn:

- Why inconsistent Helm chart configurations across teams create maintenance challenges and slow down deployments
- How to implement a unified Helm chart that balances standardization with flexibility through override functions
- How to maintain quality through automated documentation and testing with tools like Helm Docs and Helm unittest

Watch (or listen to) it here: https://ku.bz/mcPtH5395

🌟 This episode is brought to you by Learnk8s — Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop: https://learnk8s.io/training

With @Birthmarkb "Bella Ciao" Farrell

kubectl-view-secret is a tool that allows for easy decoding and viewing of Kubernetes secrets, providing a convenient alternative to manual decoding with base64.

More: https://github.com/elsesiy/kubectl-view-secret

This week on Learn Kubernetes Weekly 119:

🌪️ From chaos to harmony: a deep dive into centralizing kubernetes controller upgrades
🆙 Major update on the ingress controller
📦 OCI introduction: the full journey from code to container in a Kubernetes environment
🚦 Achieving high availability for Kubernetes control plane using dynamic DNS
🤗 Embracing cgroup v2: best practices for migrating Kubernetes clusters to AlmaLinux

Read it now: https://learnk8s.io/issues/119

⭐️ This newsletter is brought to you by Loft Labs to announce the launch of Multitenancy March https://ku.bz/yk4mJkv34

This article covers pentesting techniques, including enumeration and exploitation methods, to help you secure your Docker registries and restrict Docker daemon access.

By following these tips, you can improve your Docker security and prevent attacks

More: https://0xm154n7hr0p3.medium.com/pentesting-docker-101-0432dcf5b63d

This tutorial will teach you how to restrict traffic between pods and secure your application with network policies.

You'll learn how to set up a cluster with Cilium and kubeadm and implement network policies to control access to your application.

More: https://medium.com/@ashhadali2019/network-policies-hands-on-securing-traffic-in-kubernetes-61353829af03

Why can't you ping a Kubernetes service?

Learnk8s runs a 4-day Advanced Kubernetes course on Mar 20, and you will get to the bottom of questions like this (spoiler: services only exist in etcd).
You will also learn the nitty-gritty details of Kubernetes networking:

- How to plan and design a cluster network.
- How do the four Kubernetes services extend each other, and what do you gain from each?
- How CoreDNS, Ingress, and kube-proxy consume the Kubernetes currency: endpoints.

This (and much more) is covered on the third day of the course.

You can find the full agenda, a breakdown of the modules and how to sign up here: https://ku.bz/DX6TPV4P_

Are you training your team?
Customize the workshop in full with corporate training https://learnk8s.io/corporate-training

In this article, you'll learn how to improve observability and reduce costs for egress traffic in Kubernetes using Istio and caching, with a step-by-step guide on implementing Varnish Cache, TLS termination, and trust management.

More: https://medium.com/@kburjack/observing-and-caching-egress-traffic-in-kubernetes-with-istio-fa547d7879e9

Master Kubernetes security with RBAC and Service Accounts.

Learn how to authenticate and authorize users, create roles and role bindings, and use kubectl and OpenSSL for secure cluster management

More: https://medium.com/@ammaurya46/detailed-overview-of-role-based-access-control-and-service-accounts-b989dcb53e15

kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication, also known as kubectl oidc-login.

More: https://github.com/int128/kubelogin

Isala Piyarisi, Senior Software Engineer at WSO2, shares how his team discovered that Cilium's default Pod CIDR (10.0.0.0/8) was conflicting with their Azure Firewall subnet assignments, causing traffic disruptions in their staging environment.

You will learn:

- How Cilium's default CIDR allocation can create routing conflicts with existing infrastructure
- A methodical process for debugging network issues using packet tracing, routing table analysis, and firewall logs
- The procedure for safely changing Pod CIDR ranges in production clusters

Watch (or listen to) it here: https://ku.bz/kJjXQlmTw

🌟 This episode is brought to you by Learnk8s — Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop: https://learnk8s.io/training

With @Birthmarkb "Nessie" Farrell

In this article, you will learn how to test RBAC policies using a custom-made Python noscript to ensure that only authorized users or service accounts have access to specific resources!

More: https://ku.bz/ZW6dFbLcb

This week on Learn Kubernetes Weekly 120:

🏎️ Ingesting F1 telemetry UDP real-time data in AWS EKS
🏆 Scaling infrastructure for millions: from challenges to triumphs
🥷 Pentesting Docker 101
⚛️ Atomic ConfigMap updates in Kubernetes: how symlinks and kubelet make it happen
🪫 Not enough resources? How to manage CPU and RAM!

Read it now: https://learnk8s.io/issues/120

⭐️ Don't let infrastructure block your teams. StackGen deterministically generates secure cloud infrastructure from any input - existing cloud environments, IaC or application code https://ku.bz/ftNR3t-XL

Improve your Kubernetes cluster security with Kyverno, an open-source tool that helps you validate deployments and secure resources.

Learn how to apply best practices and ensure a secure cluster.

More: https://ku.bz/WRklTnMWz

Learn how to extend Kubernetes Service accounts auth scope to application APIs using JWT and Envoy gateway for secure authentication between services in different clusters

More: https://ku.bz/VJ1TRHMn5

kubectl-validate is a SIG-CLI subproject to support the local validation of resources for native Kubernetes types and CRDs.

More: https://github.com/kubernetes-sigs/kubectl-validate

Detect and prevent threats in Argo CD pipelines.

Learn how to identify and mitigate initial admin password compromise, unauthorized application deployment, and other security risks with detection rules and hunting searches.

More: https://ku.bz/7Ly_ykVk6

John Howard, Senior Software Engineer at Solo.io, explains the complexities of implementing Mutual TLS (mTLS) in Kubernetes.

You will learn:

- Why DIY mTLS implementation in Kubernetes is challenging at scale, requiring certificate management, application updates, and careful transition planning
- How Service Mesh solutions offload security concerns from applications, allowing developers to focus on business logic while infrastructure handles encryption
- The advantages of Ambient Mesh's approach to simplifying mTLS implementation with its node proxy and waypoint proxy architecture

Watch (or listen to) it here: https://ku.bz/sk-ZF1PG9

🌟 This episode is brought to you by Learnk8s — Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop: https://learnk8s.io/training

With @Birthmarkb "Nessie" Farrell

Reflector is a Kubernetes addon designed to monitor changes to resources (Secrets and ConfigMaps) and reflect changes to mirror resources in the same or other namespaces.

More: https://ku.bz/-chnMYTMc

This week on Learn Kubernetes Weekly 121:

⚖️ Kubernetes networking: service, kube-proxy, load balancing
🆙 How Canonical Kubernetes CAPI providers handle in-place upgrades
🎡 Migrating from DC/OS to Kubernetes: a deep dive into the challenges and opportunities
👮‍♀️ Extend Kubernetes Service accounts auth scope to application APIs
🥷 Securing continuous delivery: Argo CD threat detection

Read it now: https://learnk8s.io/issues/121

⭐️ This newsletter is brought to you by Spectro Cloud: the Kubernetes management platform for enterprise, public sector — and you https://ku.bz/TjrMw39yF

In this article, you will learn how to simplify image pulls in on-premise Kubernetes using the kubelet-credential-provider-api, mimicking managed Kubernetes features.

More: https://ku.bz/0D8gqV4V6

Master Kubernetes with Learnk8s' Advanced Kubernetes workshop!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The next online courses start in 2 weeks: https://ku.bz/DX6TPV4P_

We also run in-person courses and corporate training: https://learnk8s.io/corporate-training