In this post you’ll integrate Kubernetes with Keycloak.
No more sharing KUBECONFIG files and forgetting to export different KUBECONFIG paths!
Read more http://talkingquickly.co.uk/setting-up-oidc-login-kubernetes-kubectl-with-keycloak

Kubernetes security & vulnerability scanning tools: checkov, kube-hunter, kube-bench & Starboard
Read more https://aninditabasak.medium.com/a-lap-around-kubernetes-security-vulnerability-scanning-tools-checkov-kube-hunter-kube-bench-4ffda92c4cf1

Comparing popular Kubernetes security and compliance frameworks, how they differ, when to use, common goals, and suggested tools
Read more https://armosec.io/blog/kubernetes-security-frameworks-and-guidance

Explore how Kubernetes dashboard can be exploited to gain access to a Kubernetes cluster
Read more https://blog.aquasec.com/kubernetes-ui-tools-security-threat

Database security best practices on Kubernetes
Read more https://blog.crunchydata.com/blog/multifactor-sso-authentication-for-postgres-on-kubernetes

This article explains how to deploy Keycloak with Infinispan, the in-memory data store for caching user metadata, on a Kubernetes cluster
Read more https://blog.flant.com/ha-keycloak-infinispan-kubernetes

Guidelines for hardening your kubernetes cluster
Read more https://blog.gitguardian.com/hardening-your-k8s-pt-2

Learn Kubernetes on the 20th of January!

Learnk8s is running the first 4-day Advanced Kubernetes course of 2022 next week.

If you're looking to get your hands dirty with Kubernetes, join us for a session packed with labs and demos!

Sign up here: https://learnk8s.io/training

An overview of Fulcio — a community-driven code signing Certificate Authority.
Read more https://chainguard.dev/posts/2021-11-12-fulcio-deep-dive

How do packets flow inside and outside a Kubernetes cluster?

In this article, you will learn to trace the traffic in your cluster, starting from the initial web request and down to the container hosting the application.

You will learn:

1. How containers in the same pod behave as if they are on the same host.
2. How pods reach other pods in the cluster.
3. How pods reach Services and how Services load balance requests.

https://learnk8s.io/kubernetes-network-packets

Securing LDAP with TLS certificates using ClusterIssuer in Tanzu Kubernetes Grid
Read more https://cormachogan.com/2021/11/24/securing-ldap-with-tls-certificates-in-tkg-v1-4

How to Secure Your Kubernetes Cluster with OpenID Connect and RBAC
Read more https://dev.to/oktadev/how-to-secure-your-kubernetes-cluster-with-openid-connect-and-rbac-5hic

What's the average salary for a Kubernetes engineer?

Do you need a Kubernetes certification to apply for a job?

What technologies and cloud providers are often used with Kubernetes?

We analyzed 276 Kubernetes jobs from 2021 and found that:

- If you know AWS and Python, the world is your oyster.
- CKA is the top Kubernetes certification. But only a few employers require one.
- Jenkins is more alive than ever. Gitlab CI/CD is a very distant second.
- Prometheus is synonymous with monitoring. No one comes close.

You can read the full report here: https://kube.careers/report-2021-q4

Kubeletmein is a simple penetration testing tool which takes advantage of public cloud provider approaches to providing kubelet credentials to nodes in order to gain privileged access to the k8s API
Read more https://github.com/4ARMED/kubeletmein

Cosign keyless Kubernetes admission webhook is a Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
Read more https://github.com/appvia/cosign-keyless-admission-webhook

Rego library for detecting miss-configurations in Kubernetes manifests
Read more https://github.com/armosec/regolibrary

AAD Pod Identity enables Kubernetes applications to access cloud resources securely with Azure Active Directory.

Using Kubernetes primitives, administrators configure identities and bindings to match pods
Read more https://github.com/Azure/aad-pod-identity

This repository contains a proof of concept that uses cosign and GitHub's in built OIDC to sign container images. It proves that what is in the registry came from your GitHub action
Read more https://github.com/chrisns/cosign-keyless-demo

Kubelogin is a kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login)
Read more https://github.com/int128/kubelogin

Cloud Secret Resolvers is a set of tools to help your applications (on Kubernetes) to retrieve any credentials from cloud managed vaults without the needed to write additional boilerplate code in your applications
Read more https://github.com/kubeopsskills/cloud-secret-resolvers

aws-auth-manager is a kuberneres controller to manage the aws-auth configmap in EKS using a new AWSAuthItem CRD.
Read more https://github.com/maruina/aws-auth-manager