In this tutorial, you will learn how to automatically schedule Kubeflow pipeline Pods from any number of namespaces on dedicated GKE node pools.

More: https://medium.com/dkatalis/creating-a-mutating-webhook-for-great-good-b21acb941207

Master Kubernetes with our Advanced Kubernetes workshops next week!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!

You can sign up here: https://learnk8s.io/online-advanced-january-2023

This article will teach you how to configure an AKS cluster to consume secrets, keys and certificates from an Azure KeyVault.

More: https://community.ops.io/javi_labs/configuring-aks-to-read-secrets-and-certificates-from-azure-keyvaults-17o1

This article covers the techniques for centralised policy enforcement in a Kubernetes cluster:

- CI/CD pipelines.
- Security Admission controller.
- OPA and Gatekeeper.
- IDE linting and plug-ins.

More: https://itnext.io/kubernetes-owasp-top-10-centralised-policy-enforcement-9adc53438e22

This post describes different EKS log types and ways to optimize costs.

Understanding the levers available for consuming logs not only helps you in optimizing costs but also allows you to focus on the root causes analysis and attribution.

More: https://aws.amazon.com/blogs/containers/understanding-and-cost-optimizing-amazon-eks-control-plane-logs

In this article, you will learn how to test if your EKS control plane is exposed to the public internet and how to fix it.

More: https://medium.com/@dotdc/is-your-kubernetes-api-server-exposed-learn-how-to-check-and-fix-609ab9638fae

This article compares popular Kubernetes security and compliance frameworks, how they differ, when to use them, common goals, and suggested tools.

More: https://armosec.io/blog/kubernetes-security-frameworks-and-guidance

The Kubesploit January digest just dropped!

In this recap, you will find a curated collection of the best Kubernetes, security-related articles, tutorials, libraries and tools republished in January.

https://medium.com/kubesploit/kubesploit-digest-january-2023-ec6253e2f0b3

Validkube combines the best open-source tools to help ensure Kubernetes YAML best practices, hygiene & security.

More: https://github.com/komodorio/validkube

In this article, you will discuss a few strategies to manage secrets using GitOps:

1. Sealed Secrets
2. Argo CD Vault plugin
3. SOPS (Secrets OPerationS)
4. Vault Agent
5. Secrets Store CSI Driver
6. External Secrets
7. Secrets Management and the cloud

More: https://akuity.io/blog/how-to-manage-kubernetes-secrets-gitops

kubeval is a tool for validating a Kubernetes YAML or JSON configuration file.

It does so using schemas generated from the Kubernetes OpenAPI specification, and therefore can validate schemas for multiple versions of Kubernetes.

More: https://github.com/instrumenta/kubeval

Troubleshooting in Kubernetes can be a daunting task. In this article, you will learn how to diagnose issues in Pods, Services and Ingress.

More: https://learnk8s.io/troubleshooting-deployments

Don't miss this week's "Learn Kubernetes weekly" newsletter with stories on:

→ Scaling requests
→ Proactive scaling
→ Capacity & resource management
→ State of persistent storage
→ Bandwidth exhaustion

And more!

https://learnk8s.io/learn-kubernetes-weekly

This tutorial shows how you can leverage Pipy to enforce admission control decisions in Kubernetes clusters without modifying or recompiling any components.

Also, policies can be modified on the fly to satisfy changing operational requirements.

More: https://blog.flomesh.io/using-pipy-as-a-kubernetes-policy-engine-e70a23c8d54c

What if we need to block an action performed by cluster admins?

You can't do it with RBAC: it only allows for adding permissions, not taking them away.

Learn how you can use Kyverno to do so in this tutorial.

More: https://marcusnoble.co.uk/2022-01-20-restricting-cluster-admin-permissions

Auditing Kubernetes authorization can be a bit of a tricky task.

In this article, you will learn what techniques and tools you can use to identify, reassign and manage RBAC rules in your cluster.

More: https://raesene.github.io/blog/2022/08/14/auditing-rbac-redux

When you use peering in AKS, with the "default" AKS deployment, your complete cluster, including all pods, is completely open and addressable from your complete peered network.

Learn how to fix in this article.

More: https://blog.coffeeapplied.com/securing-aks-in-peered-virtual-networks-using-only-network-security-groups-nsgs-c43d6a215f32

What does it take to get a job as a Kubernetes engineer?

Do you need a Kubernetes certification to apply for a job?

What's the average salary for a Kubernetes engineer?

We analyzed 373 Kubernetes jobs from January to December of 2022 and found that:

- The average Kubernetes job pays €82,554 in Europe and $133,918 in North America.
- The majority of the job listings are for Senior DevOps Engineers.
- There is a drop in remote working! Companies are asking employees to go back to the office.
- If you are well-versed in AWS, CI/CD, and Python, you are eligible for more than 60% of the Kubernetes jobs.

You can read the full report here: https://kube.careers/kubernetes-trend-report-2022-q4

Kubernetes Network Policies are designed to control the network's traffic flow in and out of the cluster.

This article will teach you how to use Network Policies with the Calico CNI.

More: https://medium.com/@arbnair97/introduction-to-kubernetes-network-policy-and-calico-based-network-policy-675a7fa6b5dc

In this tutorial, you will learn how to verify container images with Kyverno using KMS, Cosign, and Workload Identity.

More: https://blog.sigstore.dev/how-to-verify-container-images-with-kyverno-using-kms-cosign-and-workload-identity-1e07d2b85061

This tutorial will teach you how to use Mitmproxy to solve untrusted certificate issues in pods.

More: https://xxradar.medium.com/mitmproxy-and-kubernetes-e897e903b1cb