Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshop!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online course starts next week: https://ku.bz/DX6TPV4P_
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online course starts next week: https://ku.bz/DX6TPV4P_
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
kube-bench is a tool that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.
More: https://ku.bz/3J4LYSktJ
More: https://ku.bz/3J4LYSktJ
Learn how to simplify certificate management in your Kubernetes workloads with a scalable and automated solution.
Discover how Kyverno, Helm, and cert-manager can help you achieve consistent and secure deployment across your environment.
More: https://ku.bz/-Gd2LvSN9
Discover how Kyverno, Helm, and cert-manager can help you achieve consistent and secure deployment across your environment.
More: https://ku.bz/-Gd2LvSN9
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
John McBride, VP of Infrastructure and AI Engineering at the Linux Foundation shares how using Kubernetes and open-source AI models saved them tens of thousands of dollars.
You will learn:
- How to deploy VLLM on Kubernetes to serve open-source LLMs like Mistral and Llama
- How running inference workloads on your own infrastructure with T4 GPUs can reduce costs from tens of thousands to just a couple thousand dollars monthly
- Practical approaches to monitoring GPU workloads in production, including handling unpredictable failures and VRAM consumption issues
Watch (or listen to) it here: https://ku.bz/wP6bTlrFs
🌟 This episode is brought to you by StackGen! Don't let infrastructure block your teams. StackGen deterministically generates secure cloud infrastructure from any input - existing cloud environments, IaC or application code https://ku.bz/t0gBX9qQz
With @Birthmarkb "SWAG expert" Farrell
You will learn:
- How to deploy VLLM on Kubernetes to serve open-source LLMs like Mistral and Llama
- How running inference workloads on your own infrastructure with T4 GPUs can reduce costs from tens of thousands to just a couple thousand dollars monthly
- Practical approaches to monitoring GPU workloads in production, including handling unpredictable failures and VRAM consumption issues
Watch (or listen to) it here: https://ku.bz/wP6bTlrFs
🌟 This episode is brought to you by StackGen! Don't let infrastructure block your teams. StackGen deterministically generates secure cloud infrastructure from any input - existing cloud environments, IaC or application code https://ku.bz/t0gBX9qQz
With @Birthmarkb "SWAG expert" Farrell
Pinniped is an authentication service for Kubernetes clusters.
It supports various authenticator types and OIDC identity providers and implements different integration strategies for various Kubernetes distributions to facilitate authentication.
More: https://ku.bz/6KZM5b9nV
It supports various authenticator types and OIDC identity providers and implements different integration strategies for various Kubernetes distributions to facilitate authentication.
More: https://ku.bz/6KZM5b9nV
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 123:
🏎️ Faster machine learning deployments: why we disabled GKE image streaming
📈 How we handled pod kills due to memory spikes while running heavy noscripts
🌲 Feature-branches: vanilla Kubernetes + Bitbucket pipelines
✮ Scheduling shenanigans: the wild world of cloud wrangling from Kubernetes to Microsoft’s bandwidth-hungry octopus
🦾 Developing an ETL pipeline for massive NOAA sensor data: from raw files to predictive insights
Read it now: https://learnk8s.io/issues/123
⭐️ ⭐️ This newsletter is brought to you by MetalBear — run local code like in your Kubernetes cluster without deploying first with mirrord https://ku.bz/JC7mHPQXw
🏎️ Faster machine learning deployments: why we disabled GKE image streaming
📈 How we handled pod kills due to memory spikes while running heavy noscripts
🌲 Feature-branches: vanilla Kubernetes + Bitbucket pipelines
✮ Scheduling shenanigans: the wild world of cloud wrangling from Kubernetes to Microsoft’s bandwidth-hungry octopus
🦾 Developing an ETL pipeline for massive NOAA sensor data: from raw files to predictive insights
Read it now: https://learnk8s.io/issues/123
⭐️ ⭐️ This newsletter is brought to you by MetalBear — run local code like in your Kubernetes cluster without deploying first with mirrord https://ku.bz/JC7mHPQXw
In this article, you will learn how to secure Argo CD in a multi-tenant environment using application projects, security policies, user groups, and roles.
More: https://ku.bz/dZcXtynfD
More: https://ku.bz/dZcXtynfD
argocd-vault-plugin is an Argo CD plugin that retrieves secrets from Secret Management tools and injects them into Kubernetes.
More: https://ku.bz/sZdfR-DDj
More: https://ku.bz/sZdfR-DDj
In Kubernetes 1.31, 'read-only' pod permissions aren't truly read-only: websocket changes now allow users with GET rights to potentially execute commands, exposing a critical RBAC security nuance.
More: https://ku.bz/mgmFKY4xT
More: https://ku.bz/mgmFKY4xT
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Hillai Ben-Sasson and Ronen Shustin, Security Researchers at Wiz, recommend the Peach framework, an open-source project designed to build isolated environments either in the Cloud or on-premises.
Developed with contributions from various industry experts, Peach ensures proper isolation for tenants and customers.
Watch the full episode: https://ku.bz/yr16qNTFx
Developed with contributions from various industry experts, Peach ensures proper isolation for tenants and customers.
Watch the full episode: https://ku.bz/yr16qNTFx
Falco is a cloud-native security tool designed for Linux systems.
It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts.
More: https://ku.bz/ClJryQ999
It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts.
More: https://ku.bz/ClJryQ999
Forwarded from KubeFM
🎉 KubeFM's first book! A compilation of raw, unfiltered experiences from cloud-native practitioners who have faced cluster outages, scaled systems beyond their designed capacities and emerged with invaluable insights.
This book combines the most interesting conversations from the KubeFM podcast, curated by Gulcan Topcu and featuring a foreword by @Birthmarkb (the Vivacious voice behind KubeFM).
Inside, you'll discover firsthand accounts from engineers at organizations like Adidas, Getir, and Mercari who have pushed Kubernetes to its breaking point and documented what they learned.
The complete book is available as a free download, and you can get your copy here: https://ku.bz/Z0j-v-pdG
For those attending KubeCon, we'll be giving away 50 physical copies at Booth N583 (StormForge)
This book combines the most interesting conversations from the KubeFM podcast, curated by Gulcan Topcu and featuring a foreword by @Birthmarkb (the Vivacious voice behind KubeFM).
Inside, you'll discover firsthand accounts from engineers at organizations like Adidas, Getir, and Mercari who have pushed Kubernetes to its breaking point and documented what they learned.
The complete book is available as a free download, and you can get your copy here: https://ku.bz/Z0j-v-pdG
For those attending KubeCon, we'll be giving away 50 physical copies at Booth N583 (StormForge)
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Tim Miller CEO and Co-founder at Kusari challenges the common belief that minimal container images automatically mean better security.
He explains that while removing unnecessary binaries and shells is a good practice, the real focus should be on validating each component's purpose in the container. Tim emphasizes two key aspects of container security: ensuring transparency (knowing what's inside) and verification (confirming the image is truly minimal).
Watch the full interview: https://ku.bz/-2Sqn9Jb9
This interview is a reaction to Harsha Koushik's episode https://ku.bz/n_sJ04xMY
He explains that while removing unnecessary binaries and shells is a good practice, the real focus should be on validating each component's purpose in the container. Tim emphasizes two key aspects of container security: ensuring transparency (knowing what's inside) and verification (confirming the image is truly minimal).
Watch the full interview: https://ku.bz/-2Sqn9Jb9
This interview is a reaction to Harsha Koushik's episode https://ku.bz/n_sJ04xMY
Learn how to store and access sensitive data in Kubernetes with secrets securely.
Mount secrets as environment variables or files using secretKeyRef, envFrom, or secret volumes.
More: https://ku.bz/GjXlr7glV
Mount secrets as environment variables or files using secretKeyRef, envFrom, or secret volumes.
More: https://ku.bz/GjXlr7glV
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 124:
🍎 Kubernetes at Mercado Libre
💸 From Autopilot to Standard GKE: The Key to 15x Cheaper Istio
🧨 How We Built a Dynamic Kubernetes API Server for the API Aggregation Layer in Cozystack
🥇 All my DevOps pipelines from GitLab commit to ArgoCD got beaten by FTP
🕵️♂️ Examining approaches and patterns for debuggability: ephemeral containers and Argo Workflows
And more! If you prefer to receive the newsletter every week in your inbox, you can subscribe here: https://learnk8s.io/learn-kubernetes-weekly
Read it now: https://learnk8s.io/issues/124
⭐️ KubeFM published a book of battle-tested experiences from engineers who pushed Kubernetes to its limits and lived to tell the tale. Download for free here https://ku.bz/Z0j-v-pdG
🍎 Kubernetes at Mercado Libre
💸 From Autopilot to Standard GKE: The Key to 15x Cheaper Istio
🧨 How We Built a Dynamic Kubernetes API Server for the API Aggregation Layer in Cozystack
🥇 All my DevOps pipelines from GitLab commit to ArgoCD got beaten by FTP
🕵️♂️ Examining approaches and patterns for debuggability: ephemeral containers and Argo Workflows
And more! If you prefer to receive the newsletter every week in your inbox, you can subscribe here: https://learnk8s.io/learn-kubernetes-weekly
Read it now: https://learnk8s.io/issues/124
⭐️ KubeFM published a book of battle-tested experiences from engineers who pushed Kubernetes to its limits and lived to tell the tale. Download for free here https://ku.bz/Z0j-v-pdG
Learn how to build secure Docker images with Trivy, a tool for vulnerability scanning, and improve your application's security posture.
More: https://ku.bz/FvZDmCF5k
More: https://ku.bz/FvZDmCF5k
In this article, you will learn how Validating Admission Policy offers a native, declarative way to enforce cluster resource rules directly in the API server using CEL, replacing complex webhooks with simpler, performance-driven validation policies.
More: https://ku.bz/9L7yQfCvk
More: https://ku.bz/9L7yQfCvk
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Alexander Lawrence, Director of Cloud Security Strategy at Sysdig, explains why implementing security in Kubernetes environments is particularly challenging.
He highlights that 60% of containers live for less than a minute, making traditional security approaches ineffective. The scale and speed of Kubernetes operations create significant barriers to security adoption, with environment sprawl that makes the VMware era "look like child's play." Lawrence suggests that making security tools native, easy to use, and available out-of-the-box is essential for overcoming these adoption challenges.
Watch the full interview: https://ku.bz/-MqhJchmb
This interview is a reaction to John McBride's episode https://ku.bz/wP6bTlrFs
He highlights that 60% of containers live for less than a minute, making traditional security approaches ineffective. The scale and speed of Kubernetes operations create significant barriers to security adoption, with environment sprawl that makes the VMware era "look like child's play." Lawrence suggests that making security tools native, easy to use, and available out-of-the-box is essential for overcoming these adoption challenges.
Watch the full interview: https://ku.bz/-MqhJchmb
This interview is a reaction to John McBride's episode https://ku.bz/wP6bTlrFs
Tokenetes is an open-source, cloud-native Transaction Tokens (TraTs) Service that leverages the standards defined in the Transaction Tokens draft.
More: https://ku.bz/5kYH15LBX
More: https://ku.bz/5kYH15LBX
Sveltos simplifies secret management across Kubernetes clusters by automating distribution, storage, and propagation.
It centralizes secrets in the management cluster, reducing manual effort and enhancing security.
More: https://ku.bz/PTqdWvf_S
It centralizes secrets in the management cluster, reducing manual effort and enhancing security.
More: https://ku.bz/PTqdWvf_S
The ClusterSecret operator keeps matching namespaces updated with secrets:
- New matching namespaces receive the secret automatically. - Changes to the ClusterSecret update all related secrets, and deleting it also removes all cloned secrets.
More: https://ku.bz/vDWHTkPht
- New matching namespaces receive the secret automatically. - Changes to the ClusterSecret update all related secrets, and deleting it also removes all cloned secrets.
More: https://ku.bz/vDWHTkPht