aws-auth-manager is a Kubernetes controller designed to manage the aws-auth ConfigMap in EKS using a new AWSAuthItem CRD.

More: https://github.com/maruina/aws-auth-manager

This week on the Learn Kubernetes Weekly:

🔨 Reducing Pod volume update times
👯‍♀️ Multi-cluster with Cluster API and ArgoCD
💥 From Amazon VPC CNI to Cilum with zero downtime
🧐 Intelligently estimating resource needs

Read it now: https://learnk8s.io/learn-kubernetes-weekly

In this guide, you will discuss how to create key/certificate pairs using OpenSSL to facilitate secure communication between Kubernetes Cluster components.

More: https://ahmedy.hashnode.dev/creating-tls-certificates-for-k8s-components-with-openssl

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The next course is on the 24th of April and you can sign up here: https://learnk8s.io/online-advanced-april-2023

This 2-part series summarizes the methods and experience of attacking Kubernetes components, external services of nodes, business pods, and container escaping, including lateral attacks, as well as attacks on the Kubernetes management platform.

More: https://dev.to/tutorialboy/a-detailed-talk-about-k8s-cluster-security-from-the-perspective-of-attackers-part-1-3mm5

In this article, you will learn how to set up TLS for your Ingress in Kubernetes.

More: https://dev.to/otomato_io/possible-paths-2hfc

This article details the security flaws discovered in Kubernetes and GitOps tools due to improper configurations.

It also demonstrates how an attacker could perform post-exploitation attacks, increasing their privileges and the attack surface.

More: https://medium.com/cloudyrion/kubernetes-end-to-end-chain-exploit-c2be32688fd0

This week on the Learn Kubernetes Weekly:

⛓ Kubernetes end-to-end chain exploit
♻️ GitOps using Flux and Flagger
🍬 EKS practical tips
🚪 Access Kubernetes from /Proc
🤩 nubenetes/awesome-kubernetes

Read it now: https://learnk8s.io/learn-kubernetes-weekly

Learn how to recreate the Kubernetes RBAC authorization model from scratch and practice the relationships between Roles, ServiceAccounts, RoleBindings, etc.

More: https://learnk8s.io/rbac-kubernetes

In this blog post, you'll learn how to encrypt only specific yaml fields in values.yaml, and how to configure ArgoCD to decrypt these secrets on the fly before installing a Helm release.

More: https://medium.com/@samuelbagattin/partial-helm-values-encryption-using-aws-kms-with-argocd-aca1c0d36323

In this tutorial, you will find an example of how to manage secrets on Kubernetes with Pulumi and GitOps using Sealed Secrets and ArgoCD.

More: https://blog.ediri.io/advanced-secret-management-on-kubernetes-with-pulumi-and-gitops-sealed-secrets-controller

KubeStalk is a tool to discover Kubernetes and related infrastructure based attack surface from a black-box perspective.

More: https://github.com/redhuntlabs/kubestalk

In this article, you will have a look at 12 security scanners for Kubernetes.

More: https://towardsdev.com/12-scanners-to-find-security-vulnerabilities-and-misconfigurations-in-kubernetes-332a738d076d

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The next course is next week and you can sign up here: https://learnk8s.io/online-advanced-april-2023

This week on the Learn Kubernetes Weekly:

☁️ Using topology aware hints in EKS
👮‍♀️ 12 security scanners for Kubernetes
👻 Temporary environments with ApplicationSet
🦐 oslabs-beta/Palaemon
📦 Endpoints monitoring with blackbox-exporter

Read it now: https://learnk8s.io/learn-kubernetes-weekly

Google Secret Manager Provider for Secret Store CSI Driver allows you to access secrets stored in Secret Manager as files mounted in Kubernetes pods.

More: https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp

In this article, you will learn how to deploy the same app across multiple Kubernetes clusters with ArgoCD, vcluster and Kyverno.

More: https://piotrminkowski.com/2022/12/09/manage-multiple-kubernetes-clusters-with-argocd

In this article, you will learn how to prevent a Denial-of-Service (DoS) attack in Kubernetes, and how to use cloud-native tools such as Calico and Falco to detect it.

More: https://sysdig.com/blog/denial-of-service-kubernetes-calico-falco

This post discusses using SSO authentication and authorization to secure apps in Kubernetes.

The tutorial uses Dex and Traefik Forward Auth (or Oauth2-Proxy) to add additional security to ingresses or apps that do not support built-in OIDC.

More: https://allanjohn909.medium.com/sso-authentication-for-applications-in-kubernetes-aedc3c189d89

In this tutorial, you will deploy a vulnerable app to SQL and XSS injections in Kubernetes and learn how to protect it using Pipy and sidecar containers.

More: https://dev.to/flomesh/pipy-protecting-kubernetes-apps-from-sql-injection-xss-attacks-dol

In this article, you will learn how to manage secrets securely on Kubernetes in the GitOps approach using Sealed Secrets, ArgoCD, and Terraform.

More: https://piotrminkowski.com/2022/12/14/sealed-secrets-on-kubernetes-with-argocd-and-terraform