Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Stephan Schwarz walks through his systematic approach to performance testing Kubernetes applications.
You will learn:
- Why shared Kubernetes components skew results and how ingress controllers, service meshes, etc. create testing challenges that require careful consideration of the entire request chain
- Practical approaches to HPA configuration, including how to account for scaling latency and planning for spare capacity based on your SLA requirements
- The role of observability tools like OpenTelemetry in production environments where load testing isn't feasible, and how distributed tracing helps isolate performance bottlenecks across interdependent services
Watch (or listen to) it here: https://ku.bz/yY-FnmGfH
🌟 This episode is brought to you by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training https://learnk8s.io/training
With @Birthmarkb "Not Open Source" Farrell
You will learn:
- Why shared Kubernetes components skew results and how ingress controllers, service meshes, etc. create testing challenges that require careful consideration of the entire request chain
- Practical approaches to HPA configuration, including how to account for scaling latency and planning for spare capacity based on your SLA requirements
- The role of observability tools like OpenTelemetry in production environments where load testing isn't feasible, and how distributed tracing helps isolate performance bottlenecks across interdependent services
Watch (or listen to) it here: https://ku.bz/yY-FnmGfH
🌟 This episode is brought to you by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training https://learnk8s.io/training
With @Birthmarkb "Not Open Source" Farrell
This article breaks down a critical RCE flaw in Kubernetes Log Query.
Attackers could inject PowerShell commands through unvalidated pattern input, leading to SYSTEM-level access on Windows nodes.
More: https://ku.bz/nN2VkHfFM
Attackers could inject PowerShell commands through unvalidated pattern input, leading to SYSTEM-level access on Windows nodes.
More: https://ku.bz/nN2VkHfFM
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 133:
🧙♀️ A journey of writing my own Kubernetes
📊 Scaling Virtual Machines in Kubernetes Clusters: Insights for Kubernetes Applications
🕵️ Exploring the Kubernetes API Server Proxy
🥋 CVE-2024–10220: Attack and Defense
👧 Exploit me, baby, one more time: command injection in Kubernetes Log Query
Read it now: https://learnk8s.io/issues/133
⭐️ This newsletter is sponsored by Fairwinds — expert-led, fully managed Kubernetes that frees your engineers from infrastructure headaches and puts you on the fast track to production-grade success https://ku.bz/sSRQp8xDH
🧙♀️ A journey of writing my own Kubernetes
📊 Scaling Virtual Machines in Kubernetes Clusters: Insights for Kubernetes Applications
🕵️ Exploring the Kubernetes API Server Proxy
🥋 CVE-2024–10220: Attack and Defense
👧 Exploit me, baby, one more time: command injection in Kubernetes Log Query
Read it now: https://learnk8s.io/issues/133
⭐️ This newsletter is sponsored by Fairwinds — expert-led, fully managed Kubernetes that frees your engineers from infrastructure headaches and puts you on the fast track to production-grade success https://ku.bz/sSRQp8xDH
Namespace Hound is a tool that identifies and assesses potential security vulnerabilities and risks in Kubernetes clusters used by multiple tenants
More: https://ku.bz/pt-TskhHX
More: https://ku.bz/pt-TskhHX
Security research exposes critical OPA Gatekeeper vulnerabilities: Attackers can bypass misconfigured repository policies through subdomain manipulation, enabling unauthorized container image deployments across cloud environments.
More: https://ku.bz/8hr1BhMf3
More: https://ku.bz/8hr1BhMf3
This article investigates container drift in cloud environments by examining forensic methods for detecting unauthorized changes in container images and running instances.
Learn practical approaches for drift detection, response, and incident analysis.
More: https://ku.bz/X-YSMs1DW
Learn practical approaches for drift detection, response, and incident analysis.
More: https://ku.bz/X-YSMs1DW
Adevinta's SRE team replaced OPA's Gatekeeper with Kyverno to mitigate memory spikes caused by
Kyverno’s API-based dynamic context handling slashed Gatekeeper usage from 8GB to 2.7GB.
More: https://ku.bz/gNrNqqbM1
data.inventory syncing in high-churn clusters.Kyverno’s API-based dynamic context handling slashed Gatekeeper usage from 8GB to 2.7GB.
More: https://ku.bz/gNrNqqbM1
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
David explains how he built a platform with Kubernetes, Helm, and GitOps workflows, only to see it fail against FTP.
You will learn:
- The hidden costs of sophisticated tooling - How GitOps pipelines with multiple moving parts can create trust issues when developers lose local control and must rely on remote processes
- Cultural factors that trump technical benefits - Why customer expectations, existing infrastructure, and team readiness matter more than the elegance
- Practical strategies for incremental adoption - The importance of starting small, building operational expertise, and ensuring management advocacy at all levels
Watch it here: https://ku.bz/_MWX5m6G_
🌟 This episode is brought to you by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training https://learnk8s.io/training
With @Birthmarkb "Amazing with loose hair" Farrell
You will learn:
- The hidden costs of sophisticated tooling - How GitOps pipelines with multiple moving parts can create trust issues when developers lose local control and must rely on remote processes
- Cultural factors that trump technical benefits - Why customer expectations, existing infrastructure, and team readiness matter more than the elegance
- Practical strategies for incremental adoption - The importance of starting small, building operational expertise, and ensuring management advocacy at all levels
Watch it here: https://ku.bz/_MWX5m6G_
🌟 This episode is brought to you by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training https://learnk8s.io/training
With @Birthmarkb "Amazing with loose hair" Farrell
Overlock is a Kubernetes controller that continuously scans cluster resources and events using custom policies.
It generates alerts or triggers webhooks on violations, enabling automated, real-time detection of misconfigurations and security issues.
More: https://ku.bz/4fssS2nJP
It generates alerts or triggers webhooks on violations, enabling automated, real-time detection of misconfigurations and security issues.
More: https://ku.bz/4fssS2nJP
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 134:
😳 3000+ Clusters: The Journey to Edge Compute with Talos Linux
📏 Vertical Pod Autoscaler (VPA): A Deep Dive
🥷 OPA Gatekeeper bypass reveals risks in Kubernetes policy engines
💣 OPA memory usage considerations and lessons from our transition to Kyverno
💻 Turn an old laptop into a private Kubernetes cluster — enable others to connect to it
Read it now: https://learnk8s.io/issues/134
⭐️ This newsletter is sponsored by Hydrolix — Keep more log data and get better insights from analytics https://ku.bz/0HtlYKbnw
😳 3000+ Clusters: The Journey to Edge Compute with Talos Linux
📏 Vertical Pod Autoscaler (VPA): A Deep Dive
🥷 OPA Gatekeeper bypass reveals risks in Kubernetes policy engines
💣 OPA memory usage considerations and lessons from our transition to Kyverno
💻 Turn an old laptop into a private Kubernetes cluster — enable others to connect to it
Read it now: https://learnk8s.io/issues/134
⭐️ This newsletter is sponsored by Hydrolix — Keep more log data and get better insights from analytics https://ku.bz/0HtlYKbnw
Learn how to create a precise policy that tracks critical cluster events, secures sensitive data, and provides actionable security insights without overwhelming log volumes.
More: https://ku.bz/DPjh1dj2L
More: https://ku.bz/DPjh1dj2L
Kubewarden deploys as an admission controller, loading user-defined WebAssembly policies that inspect and validate API requests in real time.
It enforces resource compliance before persistence, supporting custom logic and dynamic updates cluster-wide.
More: https://ku.bz/C4jG7w4J6
It enforces resource compliance before persistence, supporting custom logic and dynamic updates cluster-wide.
More: https://ku.bz/C4jG7w4J6
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Tim Miller CEO and Co-founder at Kusari discusses the misconception of security automation in development.
He explains that while most security tools focus on creating barriers and gates to prevent bad things from happening, this approach often slows down development. Instead, Miller argues that effective security automation should enable teams to move faster and react quickly to threats — shifting the perspective from security as a blocker to security as an enabler.
Watch the full interview: https://ku.bz/-2Sqn9Jb9
He explains that while most security tools focus on creating barriers and gates to prevent bad things from happening, this approach often slows down development. Instead, Miller argues that effective security automation should enable teams to move faster and react quickly to threats — shifting the perspective from security as a blocker to security as an enabler.
Watch the full interview: https://ku.bz/-2Sqn9Jb9
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshop!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online course starts in June: https://ku.bz/bRfWBNxJc
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online course starts in June: https://ku.bz/bRfWBNxJc
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
ZTM (Zero Trust Mesh) offers a secure, decentralized alternative to Kubernetes service exposure methods like LoadBalancer and Ingress.
It uses encrypted tunnels and zero-trust principles to eliminate open ports and simplify cross-cluster/remote access.
More: https://ku.bz/n-93Zf4Zg
It uses encrypted tunnels and zero-trust principles to eliminate open ports and simplify cross-cluster/remote access.
More: https://ku.bz/n-93Zf4Zg
kubectl-rexec enforces auditable pod shell access by blocking native kubectl exec via a ValidatingWebhook and routing sessions through a proxied APIService that logs all activity.
More: https://ku.bz/Pr88Hr6S_
More: https://ku.bz/Pr88Hr6S_
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Molly discusses her team's approach to platform engineering. She explains why their initial one-cluster-per-team model became unsustainable and how they're transitioning to multi-tenant architectures.
You will learn:
- The operational reality of cluster proliferation - why managing hundreds of clusters becomes unsustainable
- Practical multi-tenancy implementation strategies including resource quotas, priority classes, and namespace organization patterns
- Better metrics for multi-tenant environments - how to build meaningful SLOs for distributed platform health
Watch it here: https://ku.bz/Rmpl8948_
🌟 This episode is brought to you by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training https://learnk8s.io/training
With @Birthmarkb "Free Spanish Lessons" Farrell
You will learn:
- The operational reality of cluster proliferation - why managing hundreds of clusters becomes unsustainable
- Practical multi-tenancy implementation strategies including resource quotas, priority classes, and namespace organization patterns
- Better metrics for multi-tenant environments - how to build meaningful SLOs for distributed platform health
Watch it here: https://ku.bz/Rmpl8948_
🌟 This episode is brought to you by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training https://learnk8s.io/training
With @Birthmarkb "Free Spanish Lessons" Farrell
Distroless images improve security but lack shell/debug tools.
This article shows two solutions: attach a temporary ephemeral container using kubectl debug, or define a persistent sidecar with a shared PID namespace.
More: https://ku.bz/W2qVr-ffR
This article shows two solutions: attach a temporary ephemeral container using kubectl debug, or define a persistent sidecar with a shared PID namespace.
More: https://ku.bz/W2qVr-ffR
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 135:
🛜 The Kubernetes networking guide
🐜 Configuration Management at Ant Group: Generated Manifest and Immutable Desired State
🪵 My favourite Kubernetes audit log policy
🙅♂️ Can't NAT after NAT
🥊 Readiness vs Liveness Probes: What is the Difference? (and Startup Probes!)
Read it now: https://learnk8s.io/issues/135
⭐️ This newsletter is brought to you by @arm — Explore learning paths and technical resources to start, accelerate, or complete your cloud migration https://ku.bz/xFNgz9S9h
🛜 The Kubernetes networking guide
🐜 Configuration Management at Ant Group: Generated Manifest and Immutable Desired State
🪵 My favourite Kubernetes audit log policy
🙅♂️ Can't NAT after NAT
🥊 Readiness vs Liveness Probes: What is the Difference? (and Startup Probes!)
Read it now: https://learnk8s.io/issues/135
⭐️ This newsletter is brought to you by @arm — Explore learning paths and technical resources to start, accelerate, or complete your cloud migration https://ku.bz/xFNgz9S9h
kpatch enables runtime kernel function patching by injecting precompiled replacement functions directly into the live kernel.
It's built on the
More: https://ku.bz/-mXRJ9kzM
It's built on the
CONFIG_LIVEPATCH infrastructure and uses ftrace to reroute function calls at runtime.More: https://ku.bz/-mXRJ9kzM
Learn how Confidential Containers use Kata Agent Policies to control container execution in secure environments.
This allows administrators to define granular rules restricting images, processes, and actions.
More: https://ku.bz/dcdvjJRry
This allows administrators to define granular rules restricting images, processes, and actions.
More: https://ku.bz/dcdvjJRry