authentik is an open-source Identity Provider focused on flexibility and versatility.
More: https://github.com/goauthentik/authentik
More: https://github.com/goauthentik/authentik
open-appsec provides preemptive web app & API threat protection against OWASP-Top-10 and zero-day attacks.
It can be deployed as an add-on to Kubernetes Ingress, NGINX, Envoy and API Gateways.
More: https://github.com/openappsec/openappsec
It can be deployed as an add-on to Kubernetes Ingress, NGINX, Envoy and API Gateways.
More: https://github.com/openappsec/openappsec
The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store, and mount them into Kubernetes pods.
More: https://github.com/aws/secrets-store-csi-driver-provider-aws
More: https://github.com/aws/secrets-store-csi-driver-provider-aws
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🙅♀️ Ingress controller in bash
🧐 Pods health checks mystery
8️⃣ Comparing 8 managed Kubernetes providers
🚦 Advancements in traffic engineering
🔗 The problem of state
Read it now: https://learnk8s.io/learn-kubernetes-weekly
🙅♀️ Ingress controller in bash
🧐 Pods health checks mystery
8️⃣ Comparing 8 managed Kubernetes providers
🚦 Advancements in traffic engineering
🔗 The problem of state
Read it now: https://learnk8s.io/learn-kubernetes-weekly
This article has a few tips for hardening your GKE setup:
1. Network policies.
2. Custom service accounts.
3. Workload identities.
4. Pod Security admissions and admission controllers.
5. GKE sandbox.
More: https://medium.com/@pbijjala/considerations-for-hardening-your-gke-a-workload-perceptive-943be26949d2
1. Network policies.
2. Custom service accounts.
3. Workload identities.
4. Pod Security admissions and admission controllers.
5. GKE sandbox.
More: https://medium.com/@pbijjala/considerations-for-hardening-your-gke-a-workload-perceptive-943be26949d2
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in June and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in June and you can sign up here: https://learnk8s.io/online-advanced-june-2023
Konstraint is a CLI tool to assist with the creation and management of templates and constraints when using Gatekeeper.
More: https://github.com/plexsystems/konstraint
More: https://github.com/plexsystems/konstraint
With Seccomp, you can restrict processes' calls from userspace into kernel space.
In this article, you will learn how Kubernetes can automatically apply Seccomp profiles to Pods and containers.
More: https://levelup.gitconnected.com/seccomp-secure-computing-mode-kubernetes-docker-97130516662c
In this article, you will learn how Kubernetes can automatically apply Seccomp profiles to Pods and containers.
More: https://levelup.gitconnected.com/seccomp-secure-computing-mode-kubernetes-docker-97130516662c
Trivy is a comprehensive and versatile security scanner.
What Trivy can scan:
- Container Images.
- Filesystem.
- Git Repository (remote).
- Virtual Machine Image.
- Kubernetes.
- AWS.
More: https://github.com/aquasecurity/trivy
What Trivy can scan:
- Container Images.
- Filesystem.
- Git Repository (remote).
- Virtual Machine Image.
- Kubernetes.
- AWS.
More: https://github.com/aquasecurity/trivy
Forwarded from LearnKube news
In this article, you will learn how to map all the pods in the cluster and correlate IP with workloads, facilitating the management of cluster network status and speeding up debugging.
More: https://betterprogramming.pub/improve-cluster-monitoring-with-network-mapping-in-grafana-fa8bb479fd47
More: https://betterprogramming.pub/improve-cluster-monitoring-with-network-mapping-in-grafana-fa8bb479fd47
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🚦 Service communication monitoring
🕵️♀️ The life of a DNS query
🗺 Network mapping in Grafana
± Preview and diff Argo CD deployments
☁️ Istio multicluster deployment with Terraform
Read it now: https://learnk8s.io/learn-kubernetes-weekly
🚦 Service communication monitoring
🕵️♀️ The life of a DNS query
🗺 Network mapping in Grafana
± Preview and diff Argo CD deployments
☁️ Istio multicluster deployment with Terraform
Read it now: https://learnk8s.io/learn-kubernetes-weekly
Securing Kubernetes with open-source tools has become increasingly prevalent.
Read all you need to know about this shift in this detailed report.
More: https://landing.armosec.io/state-of-kubernetes-open-source-security-2022
Read all you need to know about this shift in this detailed report.
More: https://landing.armosec.io/state-of-kubernetes-open-source-security-2022
In this tutorial, you will learn how to use oauth2-proxy as a sidecar container to authorize requests to your Identity Provider of choice.
More: https://dev.to/gabrielbiasi/automatic-sso-in-kubernetes-workloads-using-a-sidecar-container-3752
More: https://dev.to/gabrielbiasi/automatic-sso-in-kubernetes-workloads-using-a-sidecar-container-3752
A researcher gained root access to the host and was able to execute commands on other pods in GCP.
Mitigations include blocking network connections, removing unnecessary capabilities, and using a different IP address for the node.
More: https://medium.com/@chenshiri/taking-over-google-cloud-shell-by-utilizing-capabilities-and-kubelet-fd5e2417f286
Mitigations include blocking network connections, removing unnecessary capabilities, and using a different IP address for the node.
More: https://medium.com/@chenshiri/taking-over-google-cloud-shell-by-utilizing-capabilities-and-kubelet-fd5e2417f286
Forwarded from LearnKube news
In this article, you will learn the thought process, design decision and code that led to writing a custom controller to copy secrets from Hashicorp Vault to Kubernetes.
More: https://medium.com/kts-digital-services-integrator/why-we-developed-own-kubernetes-controller-to-copy-secrets-e46368ae6db9
More: https://medium.com/kts-digital-services-integrator/why-we-developed-own-kubernetes-controller-to-copy-secrets-e46368ae6db9
One way to make your Kubernetes cluster more secure is to hide the control plane behind a firewall.
That means kubectl is not available on the public internet.
In this post, you will learn how to create an SSH tunnel to connect to your private cluster.
More: https://banach.net.pl/posts/2022/accessing-kubernetes-cluster-using-ssh-tunnel
That means kubectl is not available on the public internet.
In this post, you will learn how to create an SSH tunnel to connect to your private cluster.
More: https://banach.net.pl/posts/2022/accessing-kubernetes-cluster-using-ssh-tunnel
Forwarded from Kube Careers
What does it take to get a job as a Kubernetes engineer in 2023?
Do you need a certification? If yes, which one should you study for?
What about salaries? How much is a Kubernetes Engineer worth?
We analyzed 102 Kubernetes jobs from January to March of 2023 and found that:
- The average Kubernetes job pays €87,378 in Europe and $125,898 in North America.
- Most job listings are for Senior DevOps Engineers (but there's an uptick in demand for junior roles).
- Remote-only jobs have decreased by 64% quarter on quarter.
- Gitlab CI has passed Jenkins's mentions for the first time EVER.
You can read the full report here: https://kube.careers/kubernetes-trend-report-2023-q1
Do you need a certification? If yes, which one should you study for?
What about salaries? How much is a Kubernetes Engineer worth?
We analyzed 102 Kubernetes jobs from January to March of 2023 and found that:
- The average Kubernetes job pays €87,378 in Europe and $125,898 in North America.
- Most job listings are for Senior DevOps Engineers (but there's an uptick in demand for junior roles).
- Remote-only jobs have decreased by 64% quarter on quarter.
- Gitlab CI has passed Jenkins's mentions for the first time EVER.
You can read the full report here: https://kube.careers/kubernetes-trend-report-2023-q1
Forwarded from LearnKube news
In this story, you will follow Qasim's journey in identifying and resolving an issue with iptables in a minikube cluster.
The author ended up learning a lot about Linux networking and filtering.
More: https://medium.com/zeal-tech-blog/kubernetes-debug-story-side-effect-of-a-privileged-container-446d56a7a422
The author ended up learning a lot about Linux networking and filtering.
More: https://medium.com/zeal-tech-blog/kubernetes-debug-story-side-effect-of-a-privileged-container-446d56a7a422
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🥷 Taking over "Google Cloud shell"
4️⃣ 4 container design patterns
🏡 Why and how I use Kubernetes for my personal stuff
📈 Upgrading Kubernetes: a practical guide
🪵 Contextual logging
Read it now: https://learnk8s.io/learn-kubernetes-weekly
🥷 Taking over "Google Cloud shell"
4️⃣ 4 container design patterns
🏡 Why and how I use Kubernetes for my personal stuff
📈 Upgrading Kubernetes: a practical guide
🪵 Contextual logging
Read it now: https://learnk8s.io/learn-kubernetes-weekly
Here is a list of all the main Kubernetes vulnerabilities from 2022.
More: https://armosec.io/blog/kubernetes-vulnerabilities-2022
More: https://armosec.io/blog/kubernetes-vulnerabilities-2022
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 4 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 4 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023