Forwarded from Kube Events
Hello,
We wanted to share some discounts we received from the Conference organisers. We hope you will find these helpful.
We share more in our newsletter. You can subscribe to our Newsletter here: https://kube.events
1. SKILup Festival: London (50% off)
Date: September 13, 2022
Discount code: https://www.skilupfestival.io/london-22?promo=KubeEvents
2. SREday 2022, London (30% off)
Date: September 15-16, 2022 https://checkout.eventcreate.com/sreday/select-buy Coupon code: SREDAY-KUBE-EVENTS
3. DevOpsDays Washington DC 2022 (20% off)
Date: September 15-16, 2022 https://www.eventbrite.com/e/345684861727/?discount=K8SEVENTSFRIENDS
The Strange Loop conference ($75 off) Date: September 22-24, 2022
Tickets page: https://ti.to/strange-loop/2022
Coupon code: KUBE
We wanted to share some discounts we received from the Conference organisers. We hope you will find these helpful.
We share more in our newsletter. You can subscribe to our Newsletter here: https://kube.events
1. SKILup Festival: London (50% off)
Date: September 13, 2022
Discount code: https://www.skilupfestival.io/london-22?promo=KubeEvents
2. SREday 2022, London (30% off)
Date: September 15-16, 2022 https://checkout.eventcreate.com/sreday/select-buy Coupon code: SREDAY-KUBE-EVENTS
3. DevOpsDays Washington DC 2022 (20% off)
Date: September 15-16, 2022 https://www.eventbrite.com/e/345684861727/?discount=K8SEVENTSFRIENDS
The Strange Loop conference ($75 off) Date: September 22-24, 2022
Tickets page: https://ti.to/strange-loop/2022
Coupon code: KUBE
Kube Events
Kubernetes events | Kube Events
Curated meetups, conferences, training and webinars on Kubernetes
Forwarded from LearnKube news
Master Kubernetes with this a 4-day Advanced Kubernetes workshop on the 22nd of September (in 2 weeks)!
_What should you expect?_
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- **Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
You can sign up here: https://learnk8s.io/online-advanced-september-2022
_What should you expect?_
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- **Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
You can sign up here: https://learnk8s.io/online-advanced-september-2022
What happens if an attacker accesses your Prometheus server?
How much information can they get for fingerprinting the cluster?
In this article, you will learn how attackers use this information and how to secure your cluster.
More: https://sysdig.com/blog/exposed-prometheus-exploit-kubernetes-kubeconeu
How much information can they get for fingerprinting the cluster?
In this article, you will learn how attackers use this information and how to secure your cluster.
More: https://sysdig.com/blog/exposed-prometheus-exploit-kubernetes-kubeconeu
This article will look into how you can secure Ingress resources via adding TLS to Ingress and then procuring TLS/SSL certificates.
More: https://armosec.io/blog/kubernetes-ingress-security
More: https://armosec.io/blog/kubernetes-ingress-security
ARMO
How to secure Kubernetes ingress? | ARMO
This article will look into how we can secure Ingress resources via adding TLS to Ingress and then procuring TLS/SSL certificates
In this article you will explore how users and workloads are authenticated with the Kubernes API server.
More: https://learnk8s.io/authentication-kubernetes
More: https://learnk8s.io/authentication-kubernetes
Forwarded from LearnKube news
Reducing infrastructure costs boils down to turning apps off when you don't use them.
However, the challenge is figuring out how to turn them on automatically when needed.
Take the example of a Kubernetes dev cluster: you might want not to run any service during the weekend.
In this webinar, Salman will demo live how you can use KEDA and the HTTP scaler to intercept and monitor the requests to your services and scale your pods accordingly.
In the process, you will discover how you can scale to zero and create pods only when you need them.
You can register here (it's free): https://kube.events/t/8d60478c-573e-4e07-bd3d-972706ea8307
However, the challenge is figuring out how to turn them on automatically when needed.
Take the example of a Kubernetes dev cluster: you might want not to run any service during the weekend.
In this webinar, Salman will demo live how you can use KEDA and the HTTP scaler to intercept and monitor the requests to your services and scale your pods accordingly.
In the process, you will discover how you can scale to zero and create pods only when you need them.
You can register here (it's free): https://kube.events/t/8d60478c-573e-4e07-bd3d-972706ea8307
In this article, you will learn about Kubernetes security and architecture by reviewing reports from Chekov — a tool designed to find misconfigurations before they’re deployed.
More: https://blog.frankel.ch/learning-auditing-kubernetes-manifests
More: https://blog.frankel.ch/learning-auditing-kubernetes-manifests
A Java geek
Learning by auditing Kubernetes manifests
Last year, I spoke at the National DevOps Conference that took place at the British Museum. I had already visited the museum before, but speaking there was a fantastic experience. Besides, we had the museum all for ourselves for a couple of hours. If you’ve…
Over 900k Kubernetes exposures were observed across the internet during a routine threat-hunting exercise.
While this does not imply that all exposed instances are vulnerable to attacks, it still makes them a target.
You can learn more in this report.
More: https://blog.cyble.com/2022/06/27/exposed-kubernetes-clusters
While this does not imply that all exposed instances are vulnerable to attacks, it still makes them a target.
You can learn more in this report.
More: https://blog.cyble.com/2022/06/27/exposed-kubernetes-clusters
All unpatched versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server.
More: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31036
More: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31036
cve.mitre.org
CVE -
CVE-2022-31036
CVE-2022-31036
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
Secrets in Kubernetes are used to store sensitive information.
This blog post will show how to secure Kubernetes secrets using the Hashicorp vault.
More: https://infracloud.io/blogs/kubernetes-secrets-hashicorp-vault
This blog post will show how to secure Kubernetes secrets using the Hashicorp vault.
More: https://infracloud.io/blogs/kubernetes-secrets-hashicorp-vault
Forwarded from Kube Builders
Switchboard is a Kubernetes operator that automates the creation of DNS records and TLS certificates when using Traefik v2 and its IngressRoute custom resource.
More: https://github.com/borchero/switchboard
More: https://github.com/borchero/switchboard
Forwarded from Kube Events
When your Kubernetes cluster runs low on resources, the Cluster Autoscaler provision a new node and adds it to the cluster.
The cloud provider has to create a virtual machine from scratch, provision it and connect it to the cluster.
The process could take more than a few minutes from start to end.
But there's an alternative: you can proactively create nodes that are already provisioned when you need them.
In this webinar, Chris will demo live how you can configure Pod Priorities and a placeholder pod to pre-warm node instances for quicker scaling.
You can register here (it's free): https://kube.events/t/f60e2777-059f-4ef7-a11e-5d71150f956f
The cloud provider has to create a virtual machine from scratch, provision it and connect it to the cluster.
The process could take more than a few minutes from start to end.
But there's an alternative: you can proactively create nodes that are already provisioned when you need them.
In this webinar, Chris will demo live how you can configure Pod Priorities and a placeholder pod to pre-warm node instances for quicker scaling.
You can register here (it's free): https://kube.events/t/f60e2777-059f-4ef7-a11e-5d71150f956f
All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site noscripting (XSS) bug allowing a malicious user to inject a
More: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31035
javanoscript: link in the UI.More: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31035
In this article, you will learn why PodSecurityPolicies never made it as a GA feature, why they had to be replaced and what you should consider going forward.
More: https://macchaffee.com/blog/2022/psp-deprecation
More: https://macchaffee.com/blog/2022/psp-deprecation
In an affected version of KubeEdge a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server.
This bug has been fixed in Kubeedge
More: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31076
This bug has been fixed in Kubeedge
1.11.0, 1.10.1, and 1.9.3.More: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31076
In this article, you will explore how OpenShift provides a powerful mechanism to enhance the security of your AWS account by using short-lived credentials through STS, instead of static User credentials (Access Keys).
More: https://dev.to/mtulio/deep-dive-into-aws-oidc-identity-provider-when-installing-openshift-with-iam-sts-manual-sts-support-1bo7
More: https://dev.to/mtulio/deep-dive-into-aws-oidc-identity-provider-when-installing-openshift-with-iam-sts-manual-sts-support-1bo7
Paralus is a tool that enables controlled, audited access to Kubernetes infrastructure.
It comes with just-in-time service account creation and user-level credential management that integrates with your RBAC and SSO.
Ships as a GUI, API, and CLI.
More: https://github.com/paralus/paralus
It comes with just-in-time service account creation and user-level credential management that integrates with your RBAC and SSO.
Ships as a GUI, API, and CLI.
More: https://github.com/paralus/paralus
Forwarded from Kube Architect
This article focuses on how Teleport can be used to give developers secure access to a Kubernetes cluster.
More: https://edidiongasikpo.com/how-to-give-developers-secure-access-to-kubernetes-clusters
More: https://edidiongasikpo.com/how-to-give-developers-secure-access-to-kubernetes-clusters
Forwarded from Kube Events
One interesting challenge with Kubernetes is deploying workloads across several regions.
While you can technically have a cluster with several nodes located in different regions, this is generally regarded as something you should avoid due to the extra latency.
Another popular alternative is to deploy a cluster for each region and find a way to orchestrate them.
In this webinar, Daniele will demo live how to create, connect and operate three Kubernetes clusters in different regions.
You can register here (it's free): https://kube.events/t/a35a3a6f-2d32-458b-aca4-61bb9d8bb1ce
While you can technically have a cluster with several nodes located in different regions, this is generally regarded as something you should avoid due to the extra latency.
Another popular alternative is to deploy a cluster for each region and find a way to orchestrate them.
In this webinar, Daniele will demo live how to create, connect and operate three Kubernetes clusters in different regions.
You can register here (it's free): https://kube.events/t/a35a3a6f-2d32-458b-aca4-61bb9d8bb1ce
In this tutorial, you'll learn how to use Kyverno to automatically configure annotations that enable access logs for an AWS Network Load Balancer (NLB) to be forwarded to an S3 bucket for a service of type
More: https://silvr.medium.com/using-kyverno-to-enforce-aws-load-balancer-annotations-for-centralized-logging-to-s3-af5dc1f1f3e0
LoadBalancer.More: https://silvr.medium.com/using-kyverno-to-enforce-aws-load-balancer-annotations-for-centralized-logging-to-s3-af5dc1f1f3e0
This media is not supported in your browser
VIEW IN TELEGRAM
k8s-manifest-sigstore is a kubectl plugin that enables developers to sign and verify Kubernetes YAML files.
Also, the integrity of deployed manifests can be confirmed on a Kubernetes cluster.
More: https://github.com/sigstore/k8s-manifest-sigstore
Also, the integrity of deployed manifests can be confirmed on a Kubernetes cluster.
More: https://github.com/sigstore/k8s-manifest-sigstore