Securing Kubernetes with open-source tools has become increasingly prevalent.
Read all you need to know about this shift in this detailed report.
More: https://landing.armosec.io/state-of-kubernetes-open-source-security-2022
Read all you need to know about this shift in this detailed report.
More: https://landing.armosec.io/state-of-kubernetes-open-source-security-2022
In this tutorial, you will learn how to use oauth2-proxy as a sidecar container to authorize requests to your Identity Provider of choice.
More: https://dev.to/gabrielbiasi/automatic-sso-in-kubernetes-workloads-using-a-sidecar-container-3752
More: https://dev.to/gabrielbiasi/automatic-sso-in-kubernetes-workloads-using-a-sidecar-container-3752
A researcher gained root access to the host and was able to execute commands on other pods in GCP.
Mitigations include blocking network connections, removing unnecessary capabilities, and using a different IP address for the node.
More: https://medium.com/@chenshiri/taking-over-google-cloud-shell-by-utilizing-capabilities-and-kubelet-fd5e2417f286
Mitigations include blocking network connections, removing unnecessary capabilities, and using a different IP address for the node.
More: https://medium.com/@chenshiri/taking-over-google-cloud-shell-by-utilizing-capabilities-and-kubelet-fd5e2417f286
Forwarded from LearnKube news
In this article, you will learn the thought process, design decision and code that led to writing a custom controller to copy secrets from Hashicorp Vault to Kubernetes.
More: https://medium.com/kts-digital-services-integrator/why-we-developed-own-kubernetes-controller-to-copy-secrets-e46368ae6db9
More: https://medium.com/kts-digital-services-integrator/why-we-developed-own-kubernetes-controller-to-copy-secrets-e46368ae6db9
One way to make your Kubernetes cluster more secure is to hide the control plane behind a firewall.
That means kubectl is not available on the public internet.
In this post, you will learn how to create an SSH tunnel to connect to your private cluster.
More: https://banach.net.pl/posts/2022/accessing-kubernetes-cluster-using-ssh-tunnel
That means kubectl is not available on the public internet.
In this post, you will learn how to create an SSH tunnel to connect to your private cluster.
More: https://banach.net.pl/posts/2022/accessing-kubernetes-cluster-using-ssh-tunnel
Forwarded from Kube Careers
What does it take to get a job as a Kubernetes engineer in 2023?
Do you need a certification? If yes, which one should you study for?
What about salaries? How much is a Kubernetes Engineer worth?
We analyzed 102 Kubernetes jobs from January to March of 2023 and found that:
- The average Kubernetes job pays €87,378 in Europe and $125,898 in North America.
- Most job listings are for Senior DevOps Engineers (but there's an uptick in demand for junior roles).
- Remote-only jobs have decreased by 64% quarter on quarter.
- Gitlab CI has passed Jenkins's mentions for the first time EVER.
You can read the full report here: https://kube.careers/kubernetes-trend-report-2023-q1
Do you need a certification? If yes, which one should you study for?
What about salaries? How much is a Kubernetes Engineer worth?
We analyzed 102 Kubernetes jobs from January to March of 2023 and found that:
- The average Kubernetes job pays €87,378 in Europe and $125,898 in North America.
- Most job listings are for Senior DevOps Engineers (but there's an uptick in demand for junior roles).
- Remote-only jobs have decreased by 64% quarter on quarter.
- Gitlab CI has passed Jenkins's mentions for the first time EVER.
You can read the full report here: https://kube.careers/kubernetes-trend-report-2023-q1
Forwarded from LearnKube news
In this story, you will follow Qasim's journey in identifying and resolving an issue with iptables in a minikube cluster.
The author ended up learning a lot about Linux networking and filtering.
More: https://medium.com/zeal-tech-blog/kubernetes-debug-story-side-effect-of-a-privileged-container-446d56a7a422
The author ended up learning a lot about Linux networking and filtering.
More: https://medium.com/zeal-tech-blog/kubernetes-debug-story-side-effect-of-a-privileged-container-446d56a7a422
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🥷 Taking over "Google Cloud shell"
4️⃣ 4 container design patterns
🏡 Why and how I use Kubernetes for my personal stuff
📈 Upgrading Kubernetes: a practical guide
🪵 Contextual logging
Read it now: https://learnk8s.io/learn-kubernetes-weekly
🥷 Taking over "Google Cloud shell"
4️⃣ 4 container design patterns
🏡 Why and how I use Kubernetes for my personal stuff
📈 Upgrading Kubernetes: a practical guide
🪵 Contextual logging
Read it now: https://learnk8s.io/learn-kubernetes-weekly
Here is a list of all the main Kubernetes vulnerabilities from 2022.
More: https://armosec.io/blog/kubernetes-vulnerabilities-2022
More: https://armosec.io/blog/kubernetes-vulnerabilities-2022
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 4 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 4 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
kubeseal-convert is a tool for importing secrets from pre-existing secrets management systems (e.g. Vault, Secrets Manager) into a SealedSecret.
More: https://github.com/EladLeev/kubeseal-convert
More: https://github.com/EladLeev/kubeseal-convert
Sysdig analysed over 250,000 Linux images on Docker Hub to detect malicious payloads hidden in the container's images.
Learn what was discovered in this article.
More: https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
Learn what was discovered in this article.
More: https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
Datree is a cloud-native solution to prevent Kubernetes misconfigurations by blocking resources that do not meet your policies.
More: https://github.com/datreeio/datree
More: https://github.com/datreeio/datree
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
📈 Scale from 100 to 10,000 pods
🕷 Attacks through public container images
⏳ Back from disaster in (under) 15 mins
😈 Kubernetes vulnerabilities 2022
✅ Production ready EKS CoreDNS
Read it now: https://learnk8s.io/learn-kubernetes-weekly
📈 Scale from 100 to 10,000 pods
🕷 Attacks through public container images
⏳ Back from disaster in (under) 15 mins
😈 Kubernetes vulnerabilities 2022
✅ Production ready EKS CoreDNS
Read it now: https://learnk8s.io/learn-kubernetes-weekly
In this article, you will learn how you can combine manual and automatic unsealing of secrets in Kubernetes using multiple Vaults and Kubernetes.
More: https://dev.to/luafanti/vault-auto-unseal-using-transit-secret-engine-on-kubernetes-13k8
More: https://dev.to/luafanti/vault-auto-unseal-using-transit-secret-engine-on-kubernetes-13k8
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 3 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 3 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
Bridgekeeper helps you to enforce policies in your kubernetes cluster by providing a simple declarative way to define policies using the python programming language.
More: https://github.com/MaibornWolff/bridgekeeper
More: https://github.com/MaibornWolff/bridgekeeper
Helm is a useful tool for managing the Kubernetes applications lifecycle.
This article covers some best practices and helm security recommendations.
More: https://sysdig.com/blog/how-to-secure-helm
This article covers some best practices and helm security recommendations.
More: https://sysdig.com/blog/how-to-secure-helm
In this tutorial, you'll learn how to install the Trivy-Operator and continuously scan containers for security issues and misconfiguration.
You'll also export the metrics to Prometheus, visualize them in Grafana and receive alerts with AlertManager.
More: https://thomasroot.com/2023/01/16/trivy-operator-improve-container-runtime-security
You'll also export the metrics to Prometheus, visualize them in Grafana and receive alerts with AlertManager.
More: https://thomasroot.com/2023/01/16/trivy-operator-improve-container-runtime-security
This guide explains how to use IRSA, IAM Roles for Service Accounts, with Terraform and Kubernetes to provide secure and granular access to AWS services for EKS-hosted apps.
More: https://blog.mariano.cloud/irsa-in-eks-a-kubernetes-aws-bridge
More: https://blog.mariano.cloud/irsa-in-eks-a-kubernetes-aws-bridge
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🗻 Isolating pods for debugging
🔒 Vault auto-unseal
⎈ Helm security and best practices
❽ Kubernetes, Java & fabric8
💥 Manifest complexity
📝 Pod presets
Read it now: https://learnk8s.io/learn-kubernetes-weekly
🗻 Isolating pods for debugging
🔒 Vault auto-unseal
⎈ Helm security and best practices
❽ Kubernetes, Java & fabric8
💥 Manifest complexity
📝 Pod presets
Read it now: https://learnk8s.io/learn-kubernetes-weekly