In this article, you will learn how to configure Sealed Secrets with ArgoCD.

More: https://dev.to/timtsoitt/argo-cd-and-sealed-secrets-is-a-perfect-match-1dbf

kubectl-exec-user lets you exec as a specified user into a Kubernetes container.

More: https://github.com/kingdonb/kubectl-exec-user

registry-creds is a tool that refreshes credentials for AWS ECR, Google Registry, & Azure Container Registry via ImagePullSecrets.

More: https://github.com/upmc-enterprises/registry-creds

In this article, you will discuss how you can secure a Kubernetes cluster using Kubescape and kube-bench.

More: https://infracloud.io/blogs/securing-kubernetes-cluster-kubescape-kubebench

What does it take to get a job as a Kubernetes engineer?

Do you need a Kubernetes certification to apply for a job?

What's the average salary for a Kubernetes engineer?

We analyzed 86 Kubernetes jobs for July, August and September and found that:

- The average Kubernetes job pays €89,729 in Europe and $139,269 in North America.
- The majority of the job listings are for Senior DevOps Engineers.
- There is a drop in remote working! Companies are asking employees to go back to the office.
- As usual, AWS, Python, Terraform, Prometheus and Jenkins 😭 are the top terms mentioned in any Kubernetes job denoscriptions.

You can read the full report here: https://kube.careers/kubernetes-trend-report-2022-q3

This repo contains the demo code of a MutatingWebhook with 2 containers:

1. The init container creates the certificates, registers the webhook, and creates a Secret.
2. The webhook container mounts the Secret and serves the endpoint.

More: https://github.com/cloud-ark/sample-mutatingwebhook

This blog post explains three vulnerabilities detected in the AWS IAM Authenticator for Kubernetes all caused by the same code line.

More: https://blog.lightspin.io/exploiting-eks-authentication-vulnerability-in-aws-iam-authenticator

This repository contains the tool and the policy library for validating GKE clusters against configuration best practices.

More: https://github.com/google/gke-policy-automation

YaraHunter scans container images, running Docker containers and filesystems to find malware.

It uses a YARA ruleset to identify resources that match known malware signatures and may indicate that the container or filesystem has been compromised.

More: https://github.com/deepfence/YaRadare

aws-secret-sidecar-injector is a mutating webhook that fetches secrets from AWS Secrets Manager.

More: https://github.com/aws-samples/aws-secret-sidecar-injector

We've just released "Learn Kubernetes weekly", a newsletter that features curated Kubernetes news, events, and job opportunities.

What you can expect:

- The best articles and tutorials to sharpen your Kubernetes skills.
- The best meetups, conferences, and training that you should attend.
- Libraries, frameworks, and tools that you can use in your projects.

The newsletter is not a collection of links or an essay; instead, we opted for a few short sentences for each article or project — so it's easier to judge if you should read the article or skip it.

The first issue is due tomorrow, and you can subscribe here: https://learnk8s.io/learn-kubernetes-weekly

RBAC Manager is an operator that supports declarative configuration for RBAC with new custom resources.

Instead of managing role bindings or service accounts directly, you can specify the desired state and RBAC Manager will make the necessary changes.

More: https://github.com/FairwindsOps/rbac-manager

In this tutorial, you will learn how to integrate tools such as kube-bench and Kubespace to identify potential vulnerabilities in a CI/CD pipeline before they reach the cluster.

More: https://medium.com/@sdevsecops/how-to-implement-devsecops-in-a-kubernetes-cluster-environment-github-actions-and-azure-devops-522bdd121e34

In this article, you will find a curated (but not exhaustive) list of FOSS projects addressing multi-tenancy challenges in Kuberntes.

More: https://divya-mohan0209.medium.com/mo-tenancy-mo-problems-f031f75374f7

The purpose of The Kubernetes networking guide is to provide an overview of various Kubernetes networking components with a specific focus on exactly how they implement the required functionality.

More: https://tkng.io

With Kyverno:

- Invalid resources can be blocked with helpful errors.
- Misconfigured resources can be corrected on the fly.
- New resources can be dynamically generated.

Learn how to use Kyverno to govern multi-tenant clusters in this article.

More: https://medium.com/compass-true-north/governing-multi-tenant-kubernetes-clusters-with-kyverno-3e11ba4a64ad

In Kubernetes, external traffic (e.g. north-south) is a major source of security risk.

In this article, you'll have a look at **tools to mitigate such risks. **

More: https://medium.com/slalom-build/managing-ingress-traffic-on-kubernetes-platforms-ebd537cdfb46

Kubescape is a tool that provides risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning.

More: https://github.com/kubescape/kubescape

This tutorial will provide you with all the steps and commands to set up SOPS in your shell, Kubernetes, Helm and Visual Studio Code.

More: https://itnext.io/goodbye-sealed-secrets-hello-sops-3ee6a92662bb

In this tutorial, you'll learn how to inject secrets in your Pods directly from AWS Secret Manager using the AWS Secrets Manager CSI Driver.

More: https://faun.pub/lets-do-devops-k8s-fetching-aws-secrets-manager-secrets-on-pod-launch-securely-be447fe2c0ff

In this article, you will expose the differences between Layer 7 security in Cilium vs Istio.

More: https://solo.io/blog/exploring-cilium-layer-7-capabilities-compared-to-istio