Forwarded from LearnKube news
Master Kubernetes this November with one of our Advanced Kubernetes workshops (London or online)!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- **Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
You can sign up here: https://learnk8s.io/online-advanced-november-2022
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- **Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
You can sign up here: https://learnk8s.io/online-advanced-november-2022
Enabling a Kubernetes multi-tenant architecture comes with significant challenges, especially regarding cluster isolation and fair resource allocation.
In this article, you'll learn about ten essential considerations when using Kubernetes multi-tenancy.
More: https://loft.sh/blog/10-essentials-for-kubernetes-multi-tenancy
In this article, you'll learn about ten essential considerations when using Kubernetes multi-tenancy.
More: https://loft.sh/blog/10-essentials-for-kubernetes-multi-tenancy
Forwarded from Kube Architect
In this article, you'll learn how to grant access to users of a vcluster using DEX as a federated OpenID provider and kubelogin as a plugin for OIDC integration.
More: https://justinpolidori.it/posts/20220611_vcluster_auth
More: https://justinpolidori.it/posts/20220611_vcluster_auth
Forwarded from Kube Architect
Prior to version 1.7.1, Argo Events had several
More: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31054
HandleRoute endpoints making use of the deprecated ioutil.ReadAll().ioutil.ReadAll() reads all the data into memory and an attacker might be able to use it and cause denial of service.More: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31054
This CoreDNS plugin enables the filtering of queries and responses based on expressions.
Since the plugin can also refer to other policy engines to determine the action to take, you could have it integrated with OPA or Kyverno.
More: https://github.com/coredns/policy
Since the plugin can also refer to other policy engines to determine the action to take, you could have it integrated with OPA or Kyverno.
More: https://github.com/coredns/policy
Cosign and Connaisseur allow us to secure the Kubernetes deployment with signature verification, ensuring that our images do not change.
More: https://sysdig.com/blog/secure-kubernetes-deployment-signature-verification
More: https://sysdig.com/blog/secure-kubernetes-deployment-signature-verification
Forwarded from Kube Events
🗓 Kubernetes events starting in the next 24 hours:
31 Oct 7:00 am GMT - Running arm64 and WebAssembly on Azure Kubernetes services | Coding Night NZ - 📍 Online meetup
→ See all Kubernetes events
31 Oct 7:00 am GMT - Running arm64 and WebAssembly on Azure Kubernetes services | Coding Night NZ - 📍 Online meetup
→ See all Kubernetes events
In this tutorial, you'll learn how to write an admission controller from scratch using minikube, go, make and ko.
More: https://kubesimplify.com/diy-how-to-build-a-kubernetes-policy-engine
More: https://kubesimplify.com/diy-how-to-build-a-kubernetes-policy-engine
Forwarded from Kube Architect
In this article, you will learn how to configure Sealed Secrets with ArgoCD.
More: https://dev.to/timtsoitt/argo-cd-and-sealed-secrets-is-a-perfect-match-1dbf
More: https://dev.to/timtsoitt/argo-cd-and-sealed-secrets-is-a-perfect-match-1dbf
kubectl-exec-user lets you exec as a specified user into a Kubernetes container.
More: https://github.com/kingdonb/kubectl-exec-user
More: https://github.com/kingdonb/kubectl-exec-user
registry-creds is a tool that refreshes credentials for AWS ECR, Google Registry, & Azure Container Registry via ImagePullSecrets.
More: https://github.com/upmc-enterprises/registry-creds
More: https://github.com/upmc-enterprises/registry-creds
In this article, you will discuss how you can secure a Kubernetes cluster using Kubescape and kube-bench.
More: https://infracloud.io/blogs/securing-kubernetes-cluster-kubescape-kubebench
More: https://infracloud.io/blogs/securing-kubernetes-cluster-kubescape-kubebench
Forwarded from Kube Careers
What does it take to get a job as a Kubernetes engineer?
Do you need a Kubernetes certification to apply for a job?
What's the average salary for a Kubernetes engineer?
We analyzed 86 Kubernetes jobs for July, August and September and found that:
- The average Kubernetes job pays €89,729 in Europe and $139,269 in North America.
- The majority of the job listings are for Senior DevOps Engineers.
- There is a drop in remote working! Companies are asking employees to go back to the office.
- As usual, AWS, Python, Terraform, Prometheus and Jenkins 😭 are the top terms mentioned in any Kubernetes job denoscriptions.
You can read the full report here: https://kube.careers/kubernetes-trend-report-2022-q3
Do you need a Kubernetes certification to apply for a job?
What's the average salary for a Kubernetes engineer?
We analyzed 86 Kubernetes jobs for July, August and September and found that:
- The average Kubernetes job pays €89,729 in Europe and $139,269 in North America.
- The majority of the job listings are for Senior DevOps Engineers.
- There is a drop in remote working! Companies are asking employees to go back to the office.
- As usual, AWS, Python, Terraform, Prometheus and Jenkins 😭 are the top terms mentioned in any Kubernetes job denoscriptions.
You can read the full report here: https://kube.careers/kubernetes-trend-report-2022-q3
This repo contains the demo code of a MutatingWebhook with 2 containers:
1. The init container creates the certificates, registers the webhook, and creates a Secret.
2. The webhook container mounts the Secret and serves the endpoint.
More: https://github.com/cloud-ark/sample-mutatingwebhook
1. The init container creates the certificates, registers the webhook, and creates a Secret.
2. The webhook container mounts the Secret and serves the endpoint.
More: https://github.com/cloud-ark/sample-mutatingwebhook
This blog post explains three vulnerabilities detected in the AWS IAM Authenticator for Kubernetes all caused by the same code line.
More: https://blog.lightspin.io/exploiting-eks-authentication-vulnerability-in-aws-iam-authenticator
More: https://blog.lightspin.io/exploiting-eks-authentication-vulnerability-in-aws-iam-authenticator
This repository contains the tool and the policy library for validating GKE clusters against configuration best practices.
More: https://github.com/google/gke-policy-automation
More: https://github.com/google/gke-policy-automation
YaraHunter scans container images, running Docker containers and filesystems to find malware.
It uses a YARA ruleset to identify resources that match known malware signatures and may indicate that the container or filesystem has been compromised.
More: https://github.com/deepfence/YaRadare
It uses a YARA ruleset to identify resources that match known malware signatures and may indicate that the container or filesystem has been compromised.
More: https://github.com/deepfence/YaRadare
aws-secret-sidecar-injector is a mutating webhook that fetches secrets from AWS Secrets Manager.
More: https://github.com/aws-samples/aws-secret-sidecar-injector
More: https://github.com/aws-samples/aws-secret-sidecar-injector
Forwarded from LearnKube news
This media is not supported in your browser
VIEW IN TELEGRAM
We've just released "Learn Kubernetes weekly", a newsletter that features curated Kubernetes news, events, and job opportunities.
What you can expect:
- The best articles and tutorials to sharpen your Kubernetes skills.
- The best meetups, conferences, and training that you should attend.
- Libraries, frameworks, and tools that you can use in your projects.
The newsletter is not a collection of links or an essay; instead, we opted for a few short sentences for each article or project — so it's easier to judge if you should read the article or skip it.
The first issue is due tomorrow, and you can subscribe here: https://learnk8s.io/learn-kubernetes-weekly
What you can expect:
- The best articles and tutorials to sharpen your Kubernetes skills.
- The best meetups, conferences, and training that you should attend.
- Libraries, frameworks, and tools that you can use in your projects.
The newsletter is not a collection of links or an essay; instead, we opted for a few short sentences for each article or project — so it's easier to judge if you should read the article or skip it.
The first issue is due tomorrow, and you can subscribe here: https://learnk8s.io/learn-kubernetes-weekly
Forwarded from Kube Builders
RBAC Manager is an operator that supports declarative configuration for RBAC with new custom resources.
Instead of managing role bindings or service accounts directly, you can specify the desired state and RBAC Manager will make the necessary changes.
More: https://github.com/FairwindsOps/rbac-manager
Instead of managing role bindings or service accounts directly, you can specify the desired state and RBAC Manager will make the necessary changes.
More: https://github.com/FairwindsOps/rbac-manager
In this tutorial, you will learn how to integrate tools such as kube-bench and Kubespace to identify potential vulnerabilities in a CI/CD pipeline before they reach the cluster.
More: https://medium.com/@sdevsecops/how-to-implement-devsecops-in-a-kubernetes-cluster-environment-github-actions-and-azure-devops-522bdd121e34
More: https://medium.com/@sdevsecops/how-to-implement-devsecops-in-a-kubernetes-cluster-environment-github-actions-and-azure-devops-522bdd121e34