One way to make your Kubernetes cluster more secure is to hide the control plane behind a firewall.
That means kubectl is not available on the public internet.
In this post, you will learn how to create an SSH tunnel to connect to your private cluster.
More: https://banach.net.pl/posts/2022/accessing-kubernetes-cluster-using-ssh-tunnel
That means kubectl is not available on the public internet.
In this post, you will learn how to create an SSH tunnel to connect to your private cluster.
More: https://banach.net.pl/posts/2022/accessing-kubernetes-cluster-using-ssh-tunnel
Forwarded from Kube Careers
What does it take to get a job as a Kubernetes engineer in 2023?
Do you need a certification? If yes, which one should you study for?
What about salaries? How much is a Kubernetes Engineer worth?
We analyzed 102 Kubernetes jobs from January to March of 2023 and found that:
- The average Kubernetes job pays €87,378 in Europe and $125,898 in North America.
- Most job listings are for Senior DevOps Engineers (but there's an uptick in demand for junior roles).
- Remote-only jobs have decreased by 64% quarter on quarter.
- Gitlab CI has passed Jenkins's mentions for the first time EVER.
You can read the full report here: https://kube.careers/kubernetes-trend-report-2023-q1
Do you need a certification? If yes, which one should you study for?
What about salaries? How much is a Kubernetes Engineer worth?
We analyzed 102 Kubernetes jobs from January to March of 2023 and found that:
- The average Kubernetes job pays €87,378 in Europe and $125,898 in North America.
- Most job listings are for Senior DevOps Engineers (but there's an uptick in demand for junior roles).
- Remote-only jobs have decreased by 64% quarter on quarter.
- Gitlab CI has passed Jenkins's mentions for the first time EVER.
You can read the full report here: https://kube.careers/kubernetes-trend-report-2023-q1
Forwarded from LearnKube news
In this story, you will follow Qasim's journey in identifying and resolving an issue with iptables in a minikube cluster.
The author ended up learning a lot about Linux networking and filtering.
More: https://medium.com/zeal-tech-blog/kubernetes-debug-story-side-effect-of-a-privileged-container-446d56a7a422
The author ended up learning a lot about Linux networking and filtering.
More: https://medium.com/zeal-tech-blog/kubernetes-debug-story-side-effect-of-a-privileged-container-446d56a7a422
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🥷 Taking over "Google Cloud shell"
4️⃣ 4 container design patterns
🏡 Why and how I use Kubernetes for my personal stuff
📈 Upgrading Kubernetes: a practical guide
🪵 Contextual logging
Read it now: https://learnk8s.io/learn-kubernetes-weekly
🥷 Taking over "Google Cloud shell"
4️⃣ 4 container design patterns
🏡 Why and how I use Kubernetes for my personal stuff
📈 Upgrading Kubernetes: a practical guide
🪵 Contextual logging
Read it now: https://learnk8s.io/learn-kubernetes-weekly
Here is a list of all the main Kubernetes vulnerabilities from 2022.
More: https://armosec.io/blog/kubernetes-vulnerabilities-2022
More: https://armosec.io/blog/kubernetes-vulnerabilities-2022
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 4 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 4 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
kubeseal-convert is a tool for importing secrets from pre-existing secrets management systems (e.g. Vault, Secrets Manager) into a SealedSecret.
More: https://github.com/EladLeev/kubeseal-convert
More: https://github.com/EladLeev/kubeseal-convert
Sysdig analysed over 250,000 Linux images on Docker Hub to detect malicious payloads hidden in the container's images.
Learn what was discovered in this article.
More: https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
Learn what was discovered in this article.
More: https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
Datree is a cloud-native solution to prevent Kubernetes misconfigurations by blocking resources that do not meet your policies.
More: https://github.com/datreeio/datree
More: https://github.com/datreeio/datree
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
📈 Scale from 100 to 10,000 pods
🕷 Attacks through public container images
⏳ Back from disaster in (under) 15 mins
😈 Kubernetes vulnerabilities 2022
✅ Production ready EKS CoreDNS
Read it now: https://learnk8s.io/learn-kubernetes-weekly
📈 Scale from 100 to 10,000 pods
🕷 Attacks through public container images
⏳ Back from disaster in (under) 15 mins
😈 Kubernetes vulnerabilities 2022
✅ Production ready EKS CoreDNS
Read it now: https://learnk8s.io/learn-kubernetes-weekly
In this article, you will learn how you can combine manual and automatic unsealing of secrets in Kubernetes using multiple Vaults and Kubernetes.
More: https://dev.to/luafanti/vault-auto-unseal-using-transit-secret-engine-on-kubernetes-13k8
More: https://dev.to/luafanti/vault-auto-unseal-using-transit-secret-engine-on-kubernetes-13k8
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 3 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 3 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
Bridgekeeper helps you to enforce policies in your kubernetes cluster by providing a simple declarative way to define policies using the python programming language.
More: https://github.com/MaibornWolff/bridgekeeper
More: https://github.com/MaibornWolff/bridgekeeper
Helm is a useful tool for managing the Kubernetes applications lifecycle.
This article covers some best practices and helm security recommendations.
More: https://sysdig.com/blog/how-to-secure-helm
This article covers some best practices and helm security recommendations.
More: https://sysdig.com/blog/how-to-secure-helm
In this tutorial, you'll learn how to install the Trivy-Operator and continuously scan containers for security issues and misconfiguration.
You'll also export the metrics to Prometheus, visualize them in Grafana and receive alerts with AlertManager.
More: https://thomasroot.com/2023/01/16/trivy-operator-improve-container-runtime-security
You'll also export the metrics to Prometheus, visualize them in Grafana and receive alerts with AlertManager.
More: https://thomasroot.com/2023/01/16/trivy-operator-improve-container-runtime-security
This guide explains how to use IRSA, IAM Roles for Service Accounts, with Terraform and Kubernetes to provide secure and granular access to AWS services for EKS-hosted apps.
More: https://blog.mariano.cloud/irsa-in-eks-a-kubernetes-aws-bridge
More: https://blog.mariano.cloud/irsa-in-eks-a-kubernetes-aws-bridge
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🗻 Isolating pods for debugging
🔒 Vault auto-unseal
⎈ Helm security and best practices
❽ Kubernetes, Java & fabric8
💥 Manifest complexity
📝 Pod presets
Read it now: https://learnk8s.io/learn-kubernetes-weekly
🗻 Isolating pods for debugging
🔒 Vault auto-unseal
⎈ Helm security and best practices
❽ Kubernetes, Java & fabric8
💥 Manifest complexity
📝 Pod presets
Read it now: https://learnk8s.io/learn-kubernetes-weekly
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course is in 2 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course is in 2 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
In EKS, by default, public access is enabled, which means the Kubernetes API server is accessible from the internet.
In this article, you'll learn how to access the EKS API server through the AWS client VPN.
More: https://medium.com/@Aleroawani/connect-to-an-eks-private-endpoint-with-aws-clientvpn-72b5000f558a
In this article, you'll learn how to access the EKS API server through the AWS client VPN.
More: https://medium.com/@Aleroawani/connect-to-an-eks-private-endpoint-with-aws-clientvpn-72b5000f558a
Sealed Secrets is a great solution to secure secrets in Git.
For larger teams and projects, the External Secrets Operator or the Secrets Store CSI Driver is a better solution to manage secrets securely.
Learn the pros and cons in this article.
More: https://auth0.com/blog/kubernetes-secrets-management
For larger teams and projects, the External Secrets Operator or the Secrets Store CSI Driver is a better solution to manage secrets securely.
Learn the pros and cons in this article.
More: https://auth0.com/blog/kubernetes-secrets-management
Forwarded from LearnKube news
The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store and mount them into Kubernetes pods.
More: https://github.com/aws/secrets-store-csi-driver-provider-aws
More: https://github.com/aws/secrets-store-csi-driver-provider-aws