This media is not supported in your browser
VIEW IN TELEGRAM
Dracan is a lightweight middleware for Kubernetes that enhances filtering and validation capabilities.
It ensures that only valid requests reach your applications.
More: https://ku.bz/PyX7LNrhJ
It ensures that only valid requests reach your applications.
More: https://ku.bz/PyX7LNrhJ
AWS EKS Pod Identity streamlines IAM permissions for pods, bypassing OIDC/IRSA's trust policies and scaling limits.
It uses session tags for fine-grained access, works exclusively with EKS, and coexists with IRSA.
More: https://ku.bz/rFs8Np0Gr
It uses session tags for fine-grained access, works exclusively with EKS, and coexists with IRSA.
More: https://ku.bz/rFs8Np0Gr
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Nicholas Morey, Senior Developer Advocate at Akuity, advises against managing your own secrets manager.
Drawing from personal experience, he highlights the challenges of misconfigurations, troubleshooting outages, and maintaining security.
Watch the full interview: https://ku.bz/KCX-qwJ7M
This interview is a reaction to Mac's episode https://ku.bz/rFlp8Yj9s
Drawing from personal experience, he highlights the challenges of misconfigurations, troubleshooting outages, and maintaining security.
Watch the full interview: https://ku.bz/KCX-qwJ7M
This interview is a reaction to Mac's episode https://ku.bz/rFlp8Yj9s
Learn how Sigstore and HashiCorp Vault enable cryptographic container image signing, allowing organizations to verify image integrity and control deployments through automated, policy-driven signature validation.
More: https://ku.bz/QsG1kbj7q
More: https://ku.bz/QsG1kbj7q
This article outlines key practices for secure container images: run as non-root, use minimal base images (e.g., distroless), avoid hardcoded secrets, and sign/scan images to reduce vulnerabilities and ensure robust security.
More: https://ku.bz/p7knvnrB6
More: https://ku.bz/p7knvnrB6
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 126:
👮♀️ GitOps: How to manage dynamic Network Policy changes at scale across 25 clusters?
🧹 Automating the Kubernetes cleanup with Argo Workflows: because even admins need a break
0️⃣ Kubernetes: Scale to Zero with Karpenter
👽 A Brief overview of the Kubernetes node lifecycle
🕵️♀️ Demystifying Kubernetes CNI providers
Read it now: https://learnk8s.io/issues/126
⭐️ This newsletter is brought to you by Komodor — Simplify Kubernetes management at scale, from migration to day-to-day operations https://ku.bz/ZX4PSHsx8
👮♀️ GitOps: How to manage dynamic Network Policy changes at scale across 25 clusters?
🧹 Automating the Kubernetes cleanup with Argo Workflows: because even admins need a break
0️⃣ Kubernetes: Scale to Zero with Karpenter
👽 A Brief overview of the Kubernetes node lifecycle
🕵️♀️ Demystifying Kubernetes CNI providers
Read it now: https://learnk8s.io/issues/126
⭐️ This newsletter is brought to you by Komodor — Simplify Kubernetes management at scale, from migration to day-to-day operations https://ku.bz/ZX4PSHsx8
This tutorial shows how to deploy & use the Tailscale Kubernetes operator to share private Kubernetes apps securely.
More: https://ku.bz/fGGyM_1tK
More: https://ku.bz/fGGyM_1tK
KSOPS is a kustomize exec plugin for SOPS encrypted resources.
KSOPS can be used to decrypt any Kubernetes resource, but is most commonly used to decrypt encrypted Kubernetes Secrets and ConfigMaps.
More: https://ku.bz/ynzVK8y_0
KSOPS can be used to decrypt any Kubernetes resource, but is most commonly used to decrypt encrypted Kubernetes Secrets and ConfigMaps.
More: https://ku.bz/ynzVK8y_0
Forwarded from LearnKube news
Kubernetes in action: from pods to production-ready clusters!
📆 Learnk8s runs a 4-day online Advanced Kubernetes course in May!
You will learn how to:
1️⃣ Architect and design resilient clusters (in the cloud or on-prem).
2️⃣ Master deployment strategies and resource management.
3️⃣ Wire the cluster network and trace packets flowing through it.
4️⃣ Secure your cluster with the latest best practices.
5️⃣ Autoscale, manage data and stateful workloads, monitoring and more.
What you need to know:
✅ 40% lecture, 60% hands-on labs.
✅ Small groups for personalized learning.
✅ Progresses from basics to advanced topics.
✅ Lifetime access to course materials and Slack community.
Ticket and info: https://ku.bz/Zz7jkHy7q
Corporate training: https://learnk8s.io/corporate-training
📆 Learnk8s runs a 4-day online Advanced Kubernetes course in May!
You will learn how to:
1️⃣ Architect and design resilient clusters (in the cloud or on-prem).
2️⃣ Master deployment strategies and resource management.
3️⃣ Wire the cluster network and trace packets flowing through it.
4️⃣ Secure your cluster with the latest best practices.
5️⃣ Autoscale, manage data and stateful workloads, monitoring and more.
What you need to know:
✅ 40% lecture, 60% hands-on labs.
✅ Small groups for personalized learning.
✅ Progresses from basics to advanced topics.
✅ Lifetime access to course materials and Slack community.
Ticket and info: https://ku.bz/Zz7jkHy7q
Corporate training: https://learnk8s.io/corporate-training
This Simulated EKS attack shows command injection in a web app escalates to cluster takeover via JWT theft, IMDS abuse, and AWS credential misuse.
More: https://ku.bz/0k8y0kWLM
More: https://ku.bz/0k8y0kWLM
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Harsha Koushik, a Security Researcher and Technical Product Manager at Palo Alto Networks, discusses the importance of container efficiency for developers.
He emphasizes the need for containers that can handle traffic spikes and scale quickly, for example, from 50 to 500 pods within two minutes.
Harsha explains that minimal containers are crucial as they reduce start time, space in registries, and pull time, making them more efficient and responsive to traffic demands.
Watch the full episode: https://ku.bz/n_sJ04xMY
He emphasizes the need for containers that can handle traffic spikes and scale quickly, for example, from 50 to 500 pods within two minutes.
Harsha explains that minimal containers are crucial as they reduce start time, space in registries, and pull time, making them more efficient and responsive to traffic demands.
Watch the full episode: https://ku.bz/n_sJ04xMY
AWS ACM Private CA is a module of the AWS Certificate Manager that can set up and manage private CAs.
This project acts as an addon to cert-manager that signs off certificate requests using AWS PCA.
More: https://ku.bz/jRGYV3XzS
This project acts as an addon to cert-manager that signs off certificate requests using AWS PCA.
More: https://ku.bz/jRGYV3XzS
Forwarded from LearnKube news
Bottlerocket is a free and open-source Linux-based operating system meant for hosting containers.
It is specifically designed to work with your container orchestrator (like Kubernetes) to automate the containers' lifecycle in your cluster.
More: https://github.com/bottlerocket-os/bottlerocket
It is specifically designed to work with your container orchestrator (like Kubernetes) to automate the containers' lifecycle in your cluster.
More: https://github.com/bottlerocket-os/bottlerocket
Confidential Containers simplifies confidential computing via "vault" sealed secrets, managed by Trustee components (KBS, AS, RVPS), ensuring secure secret access within Trusted Execution Environments (TEE) while maintaining Kubernetes compatibility.
More: https://ku.bz/l1LjZVL0W
More: https://ku.bz/l1LjZVL0W
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 127:
👯♀️ Using database read replicas in distributed systems
🕵️♂️ Kubernetes Cluster Networking: Differences Between Flannel and Calico
💰 The value of NGINX Upstreams
🤔 What is ProviderID in Kubernetes, Cluster API, and Cloud Controller Manager?
👌 Improving Kubernetes-Mixin API Server Rules Consistency
Read it now: https://learnk8s.io/issues/127
⭐️ This issue is sponsored by KubeFM — the new Kubernetes podcast episodes are starting next week. Don't miss them! https://kube.fm
👯♀️ Using database read replicas in distributed systems
🕵️♂️ Kubernetes Cluster Networking: Differences Between Flannel and Calico
💰 The value of NGINX Upstreams
🤔 What is ProviderID in Kubernetes, Cluster API, and Cloud Controller Manager?
👌 Improving Kubernetes-Mixin API Server Rules Consistency
Read it now: https://learnk8s.io/issues/127
⭐️ This issue is sponsored by KubeFM — the new Kubernetes podcast episodes are starting next week. Don't miss them! https://kube.fm
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure that applications adhere to best practices.
More: https://ku.bz/5V9YXG-Br
More: https://ku.bz/5V9YXG-Br
Over 300,000 Prometheus servers and exporters are exposed to the internet without authentication, posing significant security risks, including information disclosure, DoS attacks, and remote code execution through "RepoJacking" vulnerabilities
More: https://ku.bz/kfm9gDp_x
More: https://ku.bz/kfm9gDp_x
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way.
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/Gpl8p7ZQB
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/Gpl8p7ZQB
In this tutorial, you'll explore an approach to setting up a Keycloak token exchange in a local Kubernetes environment with Istio ingress.
More: https://ku.bz/bqrqDBxNw
More: https://ku.bz/bqrqDBxNw
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Andrew Charlton, Staff Software Engineer at Timescale, explains how they replaced Kubernetes StatefulSets with a custom operator called Popper for their PostgreSQL Cloud Platform.
You will learn:
- Why StatefulSets fall short for managing high-availability PostgreSQL clusters, particularly around pod ordering and volume management
- How Timescale's instance matching approach solves complex reconciliation challenges when managing heterogeneous database workloads
- The benefits of implementing discrete, idempotent actions rather than workflows in Kubernetes operators
Watch (or listen to) it here: https://ku.bz/fhZ_pNXM3
🌟 This episode is brought to you by [MetalBear] mirrord — run local code like in your Kubernetes cluster without deploying first https://ku.bz/lHtPqsdjq
With @Birthmarkb "Yo quiero Taco Bell" Farrell
You will learn:
- Why StatefulSets fall short for managing high-availability PostgreSQL clusters, particularly around pod ordering and volume management
- How Timescale's instance matching approach solves complex reconciliation challenges when managing heterogeneous database workloads
- The benefits of implementing discrete, idempotent actions rather than workflows in Kubernetes operators
Watch (or listen to) it here: https://ku.bz/fhZ_pNXM3
🌟 This episode is brought to you by [MetalBear] mirrord — run local code like in your Kubernetes cluster without deploying first https://ku.bz/lHtPqsdjq
With @Birthmarkb "Yo quiero Taco Bell" Farrell
Kubeconform is a Kubernetes manifests validation tool.
Similar to Kubeval, but with the following improvements:
1. High performance.
2. Remote or local schema locations
3. Up-to-date schemas for all recent versions of Kubernetes.
More: https://ku.bz/4MJn8zKDH
Similar to Kubeval, but with the following improvements:
1. High performance.
2. Remote or local schema locations
3. Up-to-date schemas for all recent versions of Kubernetes.
More: https://ku.bz/4MJn8zKDH