Here is a list of all the main Kubernetes vulnerabilities from 2022.
More: https://armosec.io/blog/kubernetes-vulnerabilities-2022
More: https://armosec.io/blog/kubernetes-vulnerabilities-2022
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 4 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 4 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
kubeseal-convert is a tool for importing secrets from pre-existing secrets management systems (e.g. Vault, Secrets Manager) into a SealedSecret.
More: https://github.com/EladLeev/kubeseal-convert
More: https://github.com/EladLeev/kubeseal-convert
Sysdig analysed over 250,000 Linux images on Docker Hub to detect malicious payloads hidden in the container's images.
Learn what was discovered in this article.
More: https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
Learn what was discovered in this article.
More: https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images
Datree is a cloud-native solution to prevent Kubernetes misconfigurations by blocking resources that do not meet your policies.
More: https://github.com/datreeio/datree
More: https://github.com/datreeio/datree
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
📈 Scale from 100 to 10,000 pods
🕷 Attacks through public container images
⏳ Back from disaster in (under) 15 mins
😈 Kubernetes vulnerabilities 2022
✅ Production ready EKS CoreDNS
Read it now: https://learnk8s.io/learn-kubernetes-weekly
📈 Scale from 100 to 10,000 pods
🕷 Attacks through public container images
⏳ Back from disaster in (under) 15 mins
😈 Kubernetes vulnerabilities 2022
✅ Production ready EKS CoreDNS
Read it now: https://learnk8s.io/learn-kubernetes-weekly
In this article, you will learn how you can combine manual and automatic unsealing of secrets in Kubernetes using multiple Vaults and Kubernetes.
More: https://dev.to/luafanti/vault-auto-unseal-using-transit-secret-engine-on-kubernetes-13k8
More: https://dev.to/luafanti/vault-auto-unseal-using-transit-secret-engine-on-kubernetes-13k8
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 3 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course is in 3 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
Bridgekeeper helps you to enforce policies in your kubernetes cluster by providing a simple declarative way to define policies using the python programming language.
More: https://github.com/MaibornWolff/bridgekeeper
More: https://github.com/MaibornWolff/bridgekeeper
Helm is a useful tool for managing the Kubernetes applications lifecycle.
This article covers some best practices and helm security recommendations.
More: https://sysdig.com/blog/how-to-secure-helm
This article covers some best practices and helm security recommendations.
More: https://sysdig.com/blog/how-to-secure-helm
In this tutorial, you'll learn how to install the Trivy-Operator and continuously scan containers for security issues and misconfiguration.
You'll also export the metrics to Prometheus, visualize them in Grafana and receive alerts with AlertManager.
More: https://thomasroot.com/2023/01/16/trivy-operator-improve-container-runtime-security
You'll also export the metrics to Prometheus, visualize them in Grafana and receive alerts with AlertManager.
More: https://thomasroot.com/2023/01/16/trivy-operator-improve-container-runtime-security
This guide explains how to use IRSA, IAM Roles for Service Accounts, with Terraform and Kubernetes to provide secure and granular access to AWS services for EKS-hosted apps.
More: https://blog.mariano.cloud/irsa-in-eks-a-kubernetes-aws-bridge
More: https://blog.mariano.cloud/irsa-in-eks-a-kubernetes-aws-bridge
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🗻 Isolating pods for debugging
🔒 Vault auto-unseal
⎈ Helm security and best practices
❽ Kubernetes, Java & fabric8
💥 Manifest complexity
📝 Pod presets
Read it now: https://learnk8s.io/learn-kubernetes-weekly
🗻 Isolating pods for debugging
🔒 Vault auto-unseal
⎈ Helm security and best practices
❽ Kubernetes, Java & fabric8
💥 Manifest complexity
📝 Pod presets
Read it now: https://learnk8s.io/learn-kubernetes-weekly
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course is in 2 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course is in 2 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023
In EKS, by default, public access is enabled, which means the Kubernetes API server is accessible from the internet.
In this article, you'll learn how to access the EKS API server through the AWS client VPN.
More: https://medium.com/@Aleroawani/connect-to-an-eks-private-endpoint-with-aws-clientvpn-72b5000f558a
In this article, you'll learn how to access the EKS API server through the AWS client VPN.
More: https://medium.com/@Aleroawani/connect-to-an-eks-private-endpoint-with-aws-clientvpn-72b5000f558a
Sealed Secrets is a great solution to secure secrets in Git.
For larger teams and projects, the External Secrets Operator or the Secrets Store CSI Driver is a better solution to manage secrets securely.
Learn the pros and cons in this article.
More: https://auth0.com/blog/kubernetes-secrets-management
For larger teams and projects, the External Secrets Operator or the Secrets Store CSI Driver is a better solution to manage secrets securely.
Learn the pros and cons in this article.
More: https://auth0.com/blog/kubernetes-secrets-management
Forwarded from LearnKube news
The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store and mount them into Kubernetes pods.
More: https://github.com/aws/secrets-store-csi-driver-provider-aws
More: https://github.com/aws/secrets-store-csi-driver-provider-aws
Paranoia is a tool to analyse and export trust bundles (e.g., "ca-certificates") from container images.
These certificates identify the certificate authorities that your container trusts when establishing TLS connections.
More: https://github.com/jetstack/paranoia
These certificates identify the certificate authorities that your container trusts when establishing TLS connections.
More: https://github.com/jetstack/paranoia
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
📈 Scalability test for CNIs
📊 Cgroups — deep dive
🖥 Deploying microVMs on top of Kubernetes
💥 Non-graceful node shutdown
👻 Ephemeral environments with Helm
Read it now: https://learnk8s.io/learn-kubernetes-weekly
📈 Scalability test for CNIs
📊 Cgroups — deep dive
🖥 Deploying microVMs on top of Kubernetes
💥 Non-graceful node shutdown
👻 Ephemeral environments with Helm
Read it now: https://learnk8s.io/learn-kubernetes-weekly
In this (controversial) article, Tim argues that Kubernetes security should have clearly assigned responsibility and that it should be Product Security's scope.
More: https://timwilcoxson.com/dear-product-security-team-kubernetes-is-your-problem-acebffc2d788
More: https://timwilcoxson.com/dear-product-security-team-kubernetes-is-your-problem-acebffc2d788
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts next week and you can sign up here: https://learnk8s.io/online-advanced-june-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts next week and you can sign up here: https://learnk8s.io/online-advanced-june-2023