Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Anthropic
💰 $40.5M to $48.5M a year
🏠 From the office in San Francisco, CA, USA
→ https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with Tailscale
💰 $16.01M to $20.04M a year
🌎 Fully remote
→ https://ku.bz/J9Cs7QBBp
DevSecOps Engineer with Accenture Federal Services
💰 $11.49M to $15.13M a year
👨💻 Remote from
→ https://ku.bz/bsl59cPMh
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with xAI
💰 $180K to $440K a year
👨💻 Remote from
→ https://ku.bz/R4vBYC5mW
👉 Browse 2270 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Anthropic
💰 $40.5M to $48.5M a year
🏠 From the office in San Francisco, CA, USA
→ https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with Tailscale
💰 $16.01M to $20.04M a year
🌎 Fully remote
→ https://ku.bz/J9Cs7QBBp
DevSecOps Engineer with Accenture Federal Services
💰 $11.49M to $15.13M a year
👨💻 Remote from
→ https://ku.bz/bsl59cPMh
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with xAI
💰 $180K to $440K a year
👨💻 Remote from
→ https://ku.bz/R4vBYC5mW
👉 Browse 2270 jobs on Kube Careers https://kube.careers
kseal is a kubeseal companion CLI for viewing, exporting, encrypting, and offline decrypting Kubernetes Sealed Secrets without needing live cluster access.
More: https://ku.bz/JbNY0d2Ch
More: https://ku.bz/JbNY0d2Ch
Push-to-K8s is a Kubernetes controller written in Go that automatically synchronizes labeled secrets from a source namespace to all other namespaces in the cluster with real-time change detection propagating updates in 5-10 seconds.
More: https://ku.bz/z-7ytwsb-
More: https://ku.bz/z-7ytwsb-
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Radosław from aleno migrated from ECS to Kubernetes — spot instances broke at 20+ containers, firewalls silently dropped traffic, and the wrong memory metric caused OOM kills.
You will learn:
- Why ECS spot instances have no built-in fallback mechanism — and how Karpenter's flexible instance selection solves it
- How running Flux and Argo CD together gives infra teams git-push workflows while developers get a UI
- Why the default Kubernetes memory metric includes evictable caches — and switching to working set fixed OOM errors
- How jemalloc cut memory usage by 20% and fixed HPA autoscaling for WebSocket containers
Watch (or listen to) it here: https://ku.bz/x6wFMhVsx
🌟 This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person, or remote training https://learnkube.com/training
With @Birthmarkb
You will learn:
- Why ECS spot instances have no built-in fallback mechanism — and how Karpenter's flexible instance selection solves it
- How running Flux and Argo CD together gives infra teams git-push workflows while developers get a UI
- Why the default Kubernetes memory metric includes evictable caches — and switching to working set fixed OOM errors
- How jemalloc cut memory usage by 20% and fixed HPA autoscaling for WebSocket containers
Watch (or listen to) it here: https://ku.bz/x6wFMhVsx
🌟 This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person, or remote training https://learnkube.com/training
With @Birthmarkb
This article explains how EKS authentication tokens work by pre-signing AWS STS GetCallerIdentity calls, and how you can use this technique to implement IAM-based authentication in your own services.
More: https://ku.bz/3WRXBcqzd
More: https://ku.bz/3WRXBcqzd
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 172:
🔥 Google Cloud Shell Container Escape
🌐 Azure Kubernetes Service Deep Dive Into Azure CNI Pod Subnet
💭 How I Think About Kubernetes
📦 How We Shrunk a Kubernetes Sidecar from 421MB to 90MB (With No OS Inside)
🎯 Kube Resource Orchestrator: Manage any group of resources as one unit
Read it now: https://kube.today/issues/172
⭐️ This newsletter is brought to you by Kubex — Automated Resource Optimization for Kubernetes, GPUs and AI Workloads https://ku.bz/y98T8bWXP
🔥 Google Cloud Shell Container Escape
🌐 Azure Kubernetes Service Deep Dive Into Azure CNI Pod Subnet
💭 How I Think About Kubernetes
📦 How We Shrunk a Kubernetes Sidecar from 421MB to 90MB (With No OS Inside)
🎯 Kube Resource Orchestrator: Manage any group of resources as one unit
Read it now: https://kube.today/issues/172
⭐️ This newsletter is brought to you by Kubex — Automated Resource Optimization for Kubernetes, GPUs and AI Workloads https://ku.bz/y98T8bWXP
Guardon is a browser extension that catches Kubernetes security misconfigurations during GitHub/GitLab code reviews, providing instant feedback, actionable YAML fixes, a custom rule engine, and Kyverno policy import, with no CI setup required.
More: https://ku.bz/1dwsMRc7S
More: https://ku.bz/1dwsMRc7S
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Anthropic
💰 $40.5M to $48.5M a year
🏠 From the office in San Francisco, CA, USA
→ https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with Tailscale
💰 $15.95M to $19.97M a year
🌎 Fully remote
→ https://ku.bz/J9Cs7QBBp
DevSecOps Engineer with Accenture Federal Services
💰 $11.49M to $15.13M a year
👨💻 Remote from
→ https://ku.bz/bsl59cPMh
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with xAI
💰 $180K to $440K a year
👨💻 Remote from
→ https://ku.bz/R4vBYC5mW
👉 Browse 2373 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Anthropic
💰 $40.5M to $48.5M a year
🏠 From the office in San Francisco, CA, USA
→ https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with Tailscale
💰 $15.95M to $19.97M a year
🌎 Fully remote
→ https://ku.bz/J9Cs7QBBp
DevSecOps Engineer with Accenture Federal Services
💰 $11.49M to $15.13M a year
👨💻 Remote from
→ https://ku.bz/bsl59cPMh
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with xAI
💰 $180K to $440K a year
👨💻 Remote from
→ https://ku.bz/R4vBYC5mW
👉 Browse 2373 jobs on Kube Careers https://kube.careers
This tutorial teaches how to implement layered security in Kubernetes using Kyverno for admission control and KubeArmor for runtime protection to enforce guardrails.
More: https://ku.bz/SnYRwQhFR
More: https://ku.bz/SnYRwQhFR
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Shyam Jeedigunta, Principal Engineer at Amazon Web Services (AWS), explains the security challenges and solutions for onboarding Kubernetes nodes from different infrastructure providers.
He discusses how to handle identity management, certificate issuance, and trust establishment when nodes come from edge locations, on-premises infrastructure, or other cloud providers rather than the same infrastructure as the control plane.
Watch the full interview: https://ku.bz/m89tLbgcq
He discusses how to handle identity management, certificate issuance, and trust establishment when nodes come from edge locations, on-premises infrastructure, or other cloud providers rather than the same infrastructure as the control plane.
Watch the full interview: https://ku.bz/m89tLbgcq
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
"I don't want to see AI agents autonomously control clusters right now."
Nick Eberts draws a clear line: AI assistants are valuable for read-only troubleshooting — giving hints, explaining what's wrong. But making changes? That should go through pull requests and human review, especially in a GitOps workflow. He also flags an emerging challenge: securing agent-to-agent communication between MCP servers and clients, and extending Istio authorization policies into the agent layer.
The takeaway: AI should assist, not act — until the guardrails catch up.
Watch the full interview: https://ku.bz/G1QSYQTn2
This interview is a reaction to Mai Nishitani's episode https://ku.bz/3hWvQjXxp
Nick Eberts draws a clear line: AI assistants are valuable for read-only troubleshooting — giving hints, explaining what's wrong. But making changes? That should go through pull requests and human review, especially in a GitOps workflow. He also flags an emerging challenge: securing agent-to-agent communication between MCP servers and clients, and extending Istio authorization policies into the agent layer.
The takeaway: AI should assist, not act — until the guardrails catch up.
Watch the full interview: https://ku.bz/G1QSYQTn2
This interview is a reaction to Mai Nishitani's episode https://ku.bz/3hWvQjXxp
cert-manager-webhook-pdns is a PowerDNS webhook for cert-manager that enables automated Let's Encrypt certificate issuance using DNS-01 challenges by integrating with PowerDNS API for DNS record management.
More: https://ku.bz/x3vxd7ZpJ
More: https://ku.bz/x3vxd7ZpJ