Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly newsletter:
👉 21 Articles
👉 1 Tutorial
👉 7 GitHub repos
📆 44 events (meetups, conferences, workshops) this week
📆 8 Call for paper expiring this week
Read it now: https://learnk8s.io/learn-kubernetes-weekly
👉 21 Articles
👉 1 Tutorial
👉 7 GitHub repos
📆 44 events (meetups, conferences, workshops) this week
📆 8 Call for paper expiring this week
Read it now: https://learnk8s.io/learn-kubernetes-weekly
Kyverno is a policy engine designed for Kubernetes.
It can validate, mutate, and generate configurations using admission controls and background scans.
Kyverno policies are Kubernetes resources and do not require learning a new language.
More: https://github.com/kyverno/kyverno
It can validate, mutate, and generate configurations using admission controls and background scans.
Kyverno policies are Kubernetes resources and do not require learning a new language.
More: https://github.com/kyverno/kyverno
Forwarded from Kube Architect
argocd-vault-replacer is an Argo CD plugin to replace placeholders in Kubernetes manifests with secrets stored in Hashicorp Vault.
The tool scans the current directory recursively for any YAML files and attempts to replace strings following a pattern.
More: https://github.com/crumbhole/argocd-vault-replacer
The tool scans the current directory recursively for any YAML files and attempts to replace strings following a pattern.
More: https://github.com/crumbhole/argocd-vault-replacer
Constellation is a Kubernetes engine that wraps your cluster into a single confidential context that is shielded from the underlying cloud infrastructure.
Everything inside is always encrypted, including at runtime in memory.
More: https://github.com/edgelesssys/constellation
Everything inside is always encrypted, including at runtime in memory.
More: https://github.com/edgelesssys/constellation
Badrobot is a Kubernetes Operator audit tool.
It statically analyses manifests for high-risk configurations such as lack of security restrictions on the deployed controller and the permissions of an associated clusterole.
More: https://github.com/controlplaneio/badrobot
It statically analyses manifests for high-risk configurations such as lack of security restrictions on the deployed controller and the permissions of an associated clusterole.
More: https://github.com/controlplaneio/badrobot
In this article, you will learn how to solve authentication in a reusable way using sidecar containers in Kubernetes.
More: https://betterprogramming.pub/kubernetes-authentication-sidecars-a-revelation-in-microservice-architecture-12c4608189ab
More: https://betterprogramming.pub/kubernetes-authentication-sidecars-a-revelation-in-microservice-architecture-12c4608189ab
Forwarded from LearnKube news
In this article, you'll learn how the team at Monzo gradually rolled out NetworkPolicies for over 1,500 microservices.
The article describes some interesting techniques for mapping in and outbound connections and some limitations of NetworkPolicies.
More: https://monzo.com/blog/we-built-network-isolation-for-1-500-services
The article describes some interesting techniques for mapping in and outbound connections and some limitations of NetworkPolicies.
More: https://monzo.com/blog/we-built-network-isolation-for-1-500-services
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly newsletter:
🚀 Network policies for 1500 microservices
👯 Scaling to 1000 pods in EKS
📈 HPA for celery workers
👮🏻♂️ PCI compliance
📆 44 events
📆 3 CFPs expiring this week
Read it now: https://learnk8s.io/learn-kubernetes-weekly
🚀 Network policies for 1500 microservices
👯 Scaling to 1000 pods in EKS
📈 HPA for celery workers
👮🏻♂️ PCI compliance
📆 44 events
📆 3 CFPs expiring this week
Read it now: https://learnk8s.io/learn-kubernetes-weekly
Vulhub is an open-source collection of pre-built vulnerable docker environments.
No pre-existing knowledge of docker is required, just execute two simple commands, and you have a vulnerable environment.
More: https://github.com/vulhub/vulhub
No pre-existing knowledge of docker is required, just execute two simple commands, and you have a vulnerable environment.
More: https://github.com/vulhub/vulhub
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops (starting next week)!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
You can sign up here: https://learnk8s.io/online-advanced-march-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
You can sign up here: https://learnk8s.io/online-advanced-march-2023
Forwarded from LearnKube news
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way.
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://github.com/bitnami-labs/sealed-secrets
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://github.com/bitnami-labs/sealed-secrets
In this post, you'll learn how you can implement supply chain security using open-source tools on Amazon EKS with AWS KMS and Cosign with Kyverno.
More: https://aws.amazon.com/blogs/opensource/supply-chain-security-on-amazon-elastic-kubernetes-service-amazon-eks-using-aws-key-management-service-aws-kms-kyverno-and-cosign
More: https://aws.amazon.com/blogs/opensource/supply-chain-security-on-amazon-elastic-kubernetes-service-amazon-eks-using-aws-key-management-service-aws-kms-kyverno-and-cosign
jsPolicy is a policy engine for Kubernetes that allows you to write policies in JavaScript or TypeScript.
Learn how to use it in this tutorial.
More: https://pavan1999-kumar.medium.com/policies-as-code-in-kubernetes-using-jspolicy-8d358d064bfd
Learn how to use it in this tutorial.
More: https://pavan1999-kumar.medium.com/policies-as-code-in-kubernetes-using-jspolicy-8d358d064bfd
In this blog post, you'll cover the following topics:
1. What a NetworkPolicy is, and why do you need it.
2. How NetworkPolicies are structured.
3. Best practices for defining NetworkPolicies.
4. An example of defining NetworkPolicies.
More: https://medium.com/dynatrace-engineering/kubernetes-security-best-practices-part-2-network-policies-405b36ed9d94
1. What a NetworkPolicy is, and why do you need it.
2. How NetworkPolicies are structured.
3. Best practices for defining NetworkPolicies.
4. An example of defining NetworkPolicies.
More: https://medium.com/dynatrace-engineering/kubernetes-security-best-practices-part-2-network-policies-405b36ed9d94
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly newsletter:
📈 Kubernetes scalability thresholds
☁️ Cloud portability
🕵️♂️ Kubernetes traffic discovery
⛓ Supply chain security on EKS
👮♂️ Network policies
📆 3 CFPs expiring this week
Read it now: https://learnk8s.io/learn-kubernetes-weekly
📈 Kubernetes scalability thresholds
☁️ Cloud portability
🕵️♂️ Kubernetes traffic discovery
⛓ Supply chain security on EKS
👮♂️ Network policies
📆 3 CFPs expiring this week
Read it now: https://learnk8s.io/learn-kubernetes-weekly
In this article, you will discuss some security considerations and see how you can ensure (at least to some extent) that the application's specifications follow some of the best security practices.
More: https://itnext.io/journey-of-a-microservice-application-in-the-kubernetes-world-6abd625c60fe
More: https://itnext.io/journey-of-a-microservice-application-in-the-kubernetes-world-6abd625c60fe
In this 2-part series, you will address 12 common attack points in Kubernetes clusters and discuss various risks in cloud-native scenarios based on practical experience.
More: https://tutorialboy24.blogspot.com/2022/09/a-detailed-talk-about-k8s-cluster.html
More: https://tutorialboy24.blogspot.com/2022/09/a-detailed-talk-about-k8s-cluster.html
In this tutorial, you will learn how to deploy a Vault cluster on EKS with a Helm chart and consume the secrets from a Spring Boot app.
More: https://medium.com/@prithuadhikary/hashicorp-vault-cluster-on-the-aws-elastic-kubernetes-service-ddf185ba2e25
More: https://medium.com/@prithuadhikary/hashicorp-vault-cluster-on-the-aws-elastic-kubernetes-service-ddf185ba2e25
Pod Priority can be useful for some use cases, such as prioritizing critical applications, but definitely can catch you off guard if you don't have the right guardrails in place.
This post illustrates the potential consequences of not having them.
More: https://nunoadrego.com/posts/abusing-pod-priority
This post illustrates the potential consequences of not having them.
More: https://nunoadrego.com/posts/abusing-pod-priority
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly newsletter:
✈️ Kubernetes-like control plane
✅ Kubernetes checkpointing API
🚗 Tuning JVM limits for Kubernetes
👮♂️ Abusing pod priority
🦊 box/kube-iptables-tailer
📆 1 CFPs expiring this week
Read it now: https://learnk8s.io/learn-kubernetes-weekly
✈️ Kubernetes-like control plane
✅ Kubernetes checkpointing API
🚗 Tuning JVM limits for Kubernetes
👮♂️ Abusing pod priority
🦊 box/kube-iptables-tailer
📆 1 CFPs expiring this week
Read it now: https://learnk8s.io/learn-kubernetes-weekly
Shifting left can help organizations optimize their use of fully-managed cloud environments and managed services, and tools like Open Policy Agent and Gatekeeper can help organizations ensure compliance in these environments.
More: https://medium.com/google-cloud/shifting-even-further-left-on-kubernetes-resource-compliance-8f96fb8c72eb
More: https://medium.com/google-cloud/shifting-even-further-left-on-kubernetes-resource-compliance-8f96fb8c72eb