Forwarded from Kube Builders
Project Quay runs as a service inside or outside Kubernetes, storing images in S3 or local storage.
It scans images for vulnerabilities with Clair, supports image signing, and enforces repository access and security policies via webhooks and RBAC.
More: https://ku.bz/mXXL2JPl4
It scans images for vulnerabilities with Clair, supports image signing, and enforces repository access and security policies via webhooks and RBAC.
More: https://ku.bz/mXXL2JPl4
This project provides a RESTful API interface over the Bitwarden Rust SDK to enable the External Secrets Operator to fetch vault secrets securely.
More: https://ku.bz/t-WF03pc3
More: https://ku.bz/t-WF03pc3
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 153:
🌍 Why Environments Beat Clusters for Developer Experience
🧩 Image Compatibility in Cloud Native Environments
🔁 From Terraform to Crossplane: Real-World IaC in Kubernetes for AWS
📊 Why Kube-State-Metrics Matters for Kubernetes Observability
⚙️ Optimising Kubernetes Deployment with Local Continuous Development Tooling
Read it now: https://kube.today/issues/153
⭐️ This newsletter is brought to you by Testkube - your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/Zfrty_fcC
🌍 Why Environments Beat Clusters for Developer Experience
🧩 Image Compatibility in Cloud Native Environments
🔁 From Terraform to Crossplane: Real-World IaC in Kubernetes for AWS
📊 Why Kube-State-Metrics Matters for Kubernetes Observability
⚙️ Optimising Kubernetes Deployment with Local Continuous Development Tooling
Read it now: https://kube.today/issues/153
⭐️ This newsletter is brought to you by Testkube - your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/Zfrty_fcC
This article shows how to build enterprise-level secret management in an MLOps setup using tools like Sealed Secrets, Git encryption, and clear team boundaries for secure, scalable credential handling.
More: https://ku.bz/2Dlnrr0W7
More: https://ku.bz/2Dlnrr0W7
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Jim Bugwadia, Co-Founder & CEO @ Nirmata, explains how to transform security compliance from a boring obligation into an exciting part of engineering culture.
He emphasizes that security is often viewed as a "day two" concern that impedes productivity, but argues there's a balance between security, productivity, and agility. Jim suggests that treating "security as code" or "compliance as code" (similar to infrastructure as code) makes security more engaging for platform engineers, allowing teams to integrate security best practices directly into their GitOps platforms and automate them rather than treating them as separate processes.
Watch the full interview: https://ku.bz/hYZXTmPV9
He emphasizes that security is often viewed as a "day two" concern that impedes productivity, but argues there's a balance between security, productivity, and agility. Jim suggests that treating "security as code" or "compliance as code" (similar to infrastructure as code) makes security more engaging for platform engineers, allowing teams to integrate security best practices directly into their GitOps platforms and automate them rather than treating them as separate processes.
Watch the full interview: https://ku.bz/hYZXTmPV9
This media is not supported in your browser
VIEW IN TELEGRAM
cnquery is a command-line tool that lets you inspect and query your cloud, Kubernetes, and servers from one place.
More: https://ku.bz/Jml2KcQ-N
More: https://ku.bz/Jml2KcQ-N
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
🎥 The Making of Flux finale: From GitOps tool to platform backbone
Episode 4 brings together the platform builders—GitLab, Microsoft, and Mirantis—who are embedding Flux at the heart of their enterprise offerings.
Bryan Ross (GitLab), Jane Yan (Microsoft), Sean O'Meara, and William Rizzo (Mirantis) reveal how GitOps has evolved from experiment to essential infrastructure.
Key insights:
- Why Microsoft chose Flux for Azure Arc's managed GitOps service
- How GitLab bridges the CI/CD to infrastructure gap with Flux
- Mirantis's vision for multi-cluster platform engineering with Cordant
Plus: Bryan's take on how AI will transform GitOps workflows (spoiler: less YAML, more architecture thinking).
Watch the series finale: https://ku.bz/tVqKwNYQH
🌟 Join the Flux maintainers and community at FluxCon, November 11th in Atlanta—register here
With @Birthmarkb
Episode 4 brings together the platform builders—GitLab, Microsoft, and Mirantis—who are embedding Flux at the heart of their enterprise offerings.
Bryan Ross (GitLab), Jane Yan (Microsoft), Sean O'Meara, and William Rizzo (Mirantis) reveal how GitOps has evolved from experiment to essential infrastructure.
Key insights:
- Why Microsoft chose Flux for Azure Arc's managed GitOps service
- How GitLab bridges the CI/CD to infrastructure gap with Flux
- Mirantis's vision for multi-cluster platform engineering with Cordant
Plus: Bryan's take on how AI will transform GitOps workflows (spoiler: less YAML, more architecture thinking).
Watch the series finale: https://ku.bz/tVqKwNYQH
🌟 Join the Flux maintainers and community at FluxCon, November 11th in Atlanta—register here
With @Birthmarkb
This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions.
More: https://ku.bz/PzHb6bP62
More: https://ku.bz/PzHb6bP62
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Mai Nishitani, Director of Enterprise Architecture at NTT Data and AWS Community Builder, demonstrates how Model Context Protocol (MCP) enables Claude to directly interact with Kubernetes clusters through natural language commands.
You will learn:
- How MCP servers work and why they're significant for standardizing AI integration with DevOps tools, moving beyond custom integrations to a universal protocol
- The practical capabilities and critical limitations of AI in Kubernetes operations
- Why fundamental troubleshooting skills matter more than ever as AI abstractions can fail in unexpected ways
Watch (or listen to) it here: https://ku.bz/3hWvQjXxp
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Hip hop back up dancer" Farrell
You will learn:
- How MCP servers work and why they're significant for standardizing AI integration with DevOps tools, moving beyond custom integrations to a universal protocol
- The practical capabilities and critical limitations of AI in Kubernetes operations
- Why fundamental troubleshooting skills matter more than ever as AI abstractions can fail in unexpected ways
Watch (or listen to) it here: https://ku.bz/3hWvQjXxp
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Hip hop back up dancer" Farrell
The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using
More: https://ku.bz/pQqpkgLM7
SubjectAccessReview.More: https://ku.bz/pQqpkgLM7
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 154:
🧩 Kubernetes Observability: Troubleshooting Packet Drops
⚙️ We Broke Our EKS Cluster Autoscaler and Fixed It
🌐 Managing Kubernetes Resources Across Multiple Clusters
🐝 From kube-proxy to eBPF (Cilium)
🚧 Diagnosing API Server Communication Issues
Read it now: https://kube.today/issues/154
⭐️ This newsletter is brought to you by Heroku — Discover the thriving ecosystem of contributors, companies, and career paths in the Kubernetes World book. Reserve your copy now https://ku.bz/B0nqF7jBW
🧩 Kubernetes Observability: Troubleshooting Packet Drops
⚙️ We Broke Our EKS Cluster Autoscaler and Fixed It
🌐 Managing Kubernetes Resources Across Multiple Clusters
🐝 From kube-proxy to eBPF (Cilium)
🚧 Diagnosing API Server Communication Issues
Read it now: https://kube.today/issues/154
⭐️ This newsletter is brought to you by Heroku — Discover the thriving ecosystem of contributors, companies, and career paths in the Kubernetes World book. Reserve your copy now https://ku.bz/B0nqF7jBW
This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges.
More: https://ku.bz/DzzV1cR4z
More: https://ku.bz/DzzV1cR4z
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way.
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/4ZQR0-Nf9
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/4ZQR0-Nf9
This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe.
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config.
More: https://ku.bz/5665x_NRr
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config.
More: https://ku.bz/5665x_NRr
This article shows why setting
More: https://ku.bz/Cy4YDVjJ4
hostUsers: false in PodSecurityPolicies or PodSecurity admission helps prevent pods from sharing host user IDs, reducing privilege risks.More: https://ku.bz/Cy4YDVjJ4
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Andrew Jeffree from SafetyCulture walks through their complete migration of 250+ microservices from a fragile Helm-based setup to GitOps with ArgoCD, all without any downtime.
You will learn:
- Zero-downtime migration techniques using temporary deployments with prune-last sync options to ensure healthy services before removing legacy ones
- How CUE lang improves on YAML by providing schema validation, early error detection, and a cleaner interface for developers
- Human-centric platform engineering approaches that prioritize developer experience and reduce on-call burden through empathy-driven design decisions
Watch (or listen to) it here: https://ku.bz/Xvyp1_Qcv
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Grafic Design Skills" Farrell
You will learn:
- Zero-downtime migration techniques using temporary deployments with prune-last sync options to ensure healthy services before removing legacy ones
- How CUE lang improves on YAML by providing schema validation, early error detection, and a cleaner interface for developers
- Human-centric platform engineering approaches that prioritize developer experience and reduce on-call burden through empathy-driven design decisions
Watch (or listen to) it here: https://ku.bz/Xvyp1_Qcv
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Grafic Design Skills" Farrell
SOPS: Secrets OPerationS is an operator for managing Kubernetes Secret Resources created from user-defined SopsSecrets CRDs, inspired by Bitnami SealedSecrets and sops.
More: https://ku.bz/Hmfb28_s_
More: https://ku.bz/Hmfb28_s_
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 155:
✅ Scaling Real-Time Video on AWS
⚠️ 7 K8s Anti-Patterns That Hurt Us in Production
🧠 Deep Dive into Kubernetes Leases
⚖️ Kubernetes Pod Scheduling
🚦 How Kubernetes Pod Priority and Preemption Work
Read it now: https://kube.today/issues/155
⭐️ Heading to KubeCon?
Check out the @YAMLGames — the only quiz series where knowing Kubernetes might actually work against you. https://yaml.games
Join the Platform Engineering Challenge. Teams of 4 race to build a production Kubernetes IDP in 90 minutes https://ku.bz/s2RsPDpgH
✅ Scaling Real-Time Video on AWS
⚠️ 7 K8s Anti-Patterns That Hurt Us in Production
🧠 Deep Dive into Kubernetes Leases
⚖️ Kubernetes Pod Scheduling
🚦 How Kubernetes Pod Priority and Preemption Work
Read it now: https://kube.today/issues/155
⭐️ Heading to KubeCon?
Check out the @YAMLGames — the only quiz series where knowing Kubernetes might actually work against you. https://yaml.games
Join the Platform Engineering Challenge. Teams of 4 race to build a production Kubernetes IDP in 90 minutes https://ku.bz/s2RsPDpgH
This tutorial walks you through running kube-bench for CIS compliance on Kubernetes, how to scan clusters using Jobs or CronJobs and understand which configurations pass or fail.
More: https://ku.bz/ZjVpsVqNR
More: https://ku.bz/ZjVpsVqNR
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Harsha Koushik, a Security Researcher and Technical Product Manager at Palo Alto Networks, explores the complexities of securing containers within a multi-layered infrastructure.
He outlines essential practices, including choosing secure base images, managing dependencies, conducting Software Composition Analysis (SCA), creating Software Bill of Materials (SBOMs), and validating the supply chain.
Watch the full episode: https://ku.bz/n_sJ04xMY
He outlines essential practices, including choosing secure base images, managing dependencies, conducting Software Composition Analysis (SCA), creating Software Bill of Materials (SBOMs), and validating the supply chain.
Watch the full episode: https://ku.bz/n_sJ04xMY
This tool automates the issuance and renewal of TLS certificates inside Kubernetes by introducing custom resources like
More: https://ku.bz/dcDQCrkPn
Certificate and Issuer.More: https://ku.bz/dcDQCrkPn