In this article, you will learn about man-in-the-middle attacks related to downloading container images and how you can prevent them using Connaisseur — an admission controller that integrates Container Image Signature Verification.

More: https://medium.com/linkbynet/trust-but-verify-3a4852d2420

In this article, you will compare the External Secrets Operator with Secret Storage CSI for using external secrets in a Kubernetes cluster. You will compare:

- Architecture.
- Authorization management.
- Resource usage.
- GitOps friendliness.

More: https://mixi-developers.mixi.co.jp/compare-eso-with-secret-csi-402bf37f20bc

This repository contains a reading list for software supply-chain security.

More: https://github.com/chainguard-dev/ssc-reading-list

Learn how Cilium can be configured to provide sidecar-free mTLS-based authentication with excellent security and performance characteristics (without the overhead of traditional service meshes).

More: https://isovalent.com/blog/post/2022-05-03-servicemesh-security

The External Secrets Operator provides an alternative to the Kubernetes Secret object.

It does this by providing Custom Resources, which define where secrets live and how to synchronize them.

Learn how to use it with the AWS secrets manager.

More: https://ptuladhar3.medium.com/getting-started-with-external-secrets-operator-on-kubernetes-using-aws-secrets-manager-6dc403d9630c

dexter is an OIDC (OpenId Connect) helper designed to create a hassle-free Kubernetes login experience powered by Google or Azure as Identity Provider.

All you need is a properly configured Google or Azure client ID & secret.

More: https://github.com/gini/dexter

Kubelogin is a Kubernetes credential (exec) plugin implementing the Azure authentication methods such as:

- Device code login.
- Non-interactive service principal login.
- Non-interactive workload identity login.
- OIDC provider for Azure AD.

And more.

More: https://github.com/Azure/kubelogin

In this article, you will learn why PodSecurityPolicies never made it as a GA feature, why they had to be replaced and what you should consider going forward.

More: https://macchaffee.com/blog/2022/psp-deprecation

In this post, you'll learn how to achieve continuous Runtime-Security monitoring for container-based workloads running on Kubernetes through custom integration between Falco, Falco-SideKick, WebUI, and AWS CloudWatch/PagerDuty.

More: https://aymen-abdelwahed.medium.com/falco-security-at-runtime-for-kubernetes-d9176cc76020

This article will cover Istio and:

- What is the sidecar pattern and what advantages does it have?
- How are the sidecar injections done in Istio?
- How does the sidecar proxy do transparent traffic hijacking?
- How is the traffic routed upstream?

More: https://jimmysong.io/en/blog/sidecar-injection-iptables-and-traffic-routing

Kubernetes is neither secure by default, nor by itself.

You absolutely can, and must, harden its configuration.

This article summarises the NSA/CISA guidelines on security hardening Kubernetes.

More: https://elastisys.com/nsa-cisa-kubernetes-security-hardening-guide-and-beyond-for-2022

Learnk8s and Linode are launching a three-part, free educational program on Kubernetes scaling.

Each session comes with a webinar, code samples and a step-by-step article:

- Unit 1: "Request-based autoscaling in Kubernetes: scaling to zero and back" (21st of Sept)
- Unit 2: "Proactive cluster autoscaling in Kubernetes" (28th of Sept)
- Unit 3: "Scaling Kubernetes to multiple clusters and regions" (5th of Oct)

What you can expect:

- A live webinar (Chris, Salman & Daniele will present them). The event is recorded, and you can watch it later too.
- A step-by-step tutorial on Linode's blog where you can try everything we demo live.
- A collection of noscripts and resources helpful to understand and (if you want) extend our code.

You can sign up here: bit.ly/k8s-scale

Permission Manager is an application that enables a super-easy and user-friendly RBAC management for Kubernetes.

With Permission Manager, you can create users, assign namespaces/permissions, and distribute Kubeconfig YAML files via a nice & easy web UI.

More: https://github.com/sighupio/permission-manager

Master Kubernetes with this a 4-day Advanced Kubernetes workshop on the 22nd of September (in 3 weeks)!

_What should you expect?_

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- **Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!


You can sign up here: https://learnk8s.io/online-advanced-september-2022

In this article, you will learn how to combine LDAP, Dex and Gangway to log in users in a Kubernetes cluster.

More: https://medium.com/upstream-engineering/kubernetes-authentication-using-ldap-and-oauth2-83c3457becf8

In this series of articles, you will explore:

1. How to secure image signing with cosign and AWS KMS.
2. How to use the sigstore Policy-controller to validate images in Kubernetes via admission controller.

More: https://medium.com/@slimm609/image-signing-validation-on-k8s-4b3202dbcd6c

🗓 Kubernetes events starting in the next 24 hours:

05 Sep 8:00 am GMT - 🔥 ContainerDays 2022 | ContainerDays - 📍 Online & in-person conference

05 Sep 1:00 pm GMT - Microsoft Azure virtual training day: cloud-native apps | Microsoft - 📍 Online webinar

→ See all Kubernetes events

Hello,

We wanted to share some discounts we received from the Conference organisers. We hope you will find these helpful.

We share more in our newsletter. You can subscribe to our Newsletter here: https://kube.events


1. SKILup Festival: London (50% off)
Date: September 13, 2022
Discount code: https://www.skilupfestival.io/london-22?promo=KubeEvents

2. SREday 2022, London (30% off)
Date: September 15-16, 2022 https://checkout.eventcreate.com/sreday/select-buy Coupon code: SREDAY-KUBE-EVENTS

3. DevOpsDays Washington DC 2022 (20% off)
Date: September 15-16, 2022 https://www.eventbrite.com/e/345684861727/?discount=K8SEVENTSFRIENDS
The Strange Loop conference ($75 off) Date: September 22-24, 2022
Tickets page: https://ti.to/strange-loop/2022
Coupon code: KUBE

Master Kubernetes with this a 4-day Advanced Kubernetes workshop on the 22nd of September (in 2 weeks)!

_What should you expect?_

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- **Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!


You can sign up here: https://learnk8s.io/online-advanced-september-2022

What happens if an attacker accesses your Prometheus server?

How much information can they get for fingerprinting the cluster?

In this article, you will learn how attackers use this information and how to secure your cluster.

More: https://sysdig.com/blog/exposed-prometheus-exploit-kubernetes-kubeconeu

This article will look into how you can secure Ingress resources via adding TLS to Ingress and then procuring TLS/SSL certificates.

More: https://armosec.io/blog/kubernetes-ingress-security