This article discusses the importance of static checking and validation of YAML files in the development lifecycle of Kubernetes resources.
More: https://blog.codewdhruv.com/validate-clean-secure-k8s-yaml-files
More: https://blog.codewdhruv.com/validate-clean-secure-k8s-yaml-files
Forwarded from LearnKube news
Join a 3-part, free educational program on Kubernetes cost optimization & efficiency:
📏 How to size your cluster for efficiency
🤏 Combining autoscalers for minimal resource allocations
⚖️ Dynamically rebalancing workloads
👉 bit.ly/k8s-optimize-1
📏 How to size your cluster for efficiency
🤏 Combining autoscalers for minimal resource allocations
⚖️ Dynamically rebalancing workloads
👉 bit.ly/k8s-optimize-1
This guide shows the step-by-step implementation of a multi-node HA Vault setup in Kubernetes using dynamic credentials through the Vault AWS secrets engine.
More: https://awstip.com/deploying-vault-ha-with-integrated-storage-in-kubernetes-using-aws-dynamic-secrets-engine-with-24b36a951f6f
More: https://awstip.com/deploying-vault-ha-with-integrated-storage-in-kubernetes-using-aws-dynamic-secrets-engine-with-24b36a951f6f
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🤝 Kubernetes contributions
⬆️ EKS upgrade journey from 1.26 to 1.27
🎖️ Quality-of-Service for memory resources
⚖️ Multus workloads with loxilb
💸 Cost of regional clusters—cross zonal egress
Read it now: https://learnk8s.io/issues/42
🤝 Kubernetes contributions
⬆️ EKS upgrade journey from 1.26 to 1.27
🎖️ Quality-of-Service for memory resources
⚖️ Multus workloads with loxilb
💸 Cost of regional clusters—cross zonal egress
Read it now: https://learnk8s.io/issues/42
In this article, you'll follow Amir's journey in debugging a too-strict NetworkPolicy in GKE that prevented the gcloud CLI from fetching Service Accounts from the metadata server.
More: https://amirbilu.medium.com/how-i-ended-up-debugging-google-clouds-cli-to-get-my-kubernetes-application-to-run-9adba1c78d9
More: https://amirbilu.medium.com/how-i-ended-up-debugging-google-clouds-cli-to-get-my-kubernetes-application-to-run-9adba1c78d9
In this repository, you will find online curated resources that will help you prepare for taking the Kubernetes Certified Kubernetes Security Specialist (CKS) exam.
More: https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist
More: https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist
In this article, you will discuss secrets management in Kubernetes:
- Secrets objects.
- Managing Kubernetes Secrets.
- Manual Secret Creation.
- Secrets in CI/CD pipelines.
- Kubernetes Secrets Store Container Storage Interface.
More: https://itnext.io/kubernetes-owasp-top-10-secrets-management-c996faa87b47
- Secrets objects.
- Managing Kubernetes Secrets.
- Manual Secret Creation.
- Secrets in CI/CD pipelines.
- Kubernetes Secrets Store Container Storage Interface.
More: https://itnext.io/kubernetes-owasp-top-10-secrets-management-c996faa87b47
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems.
It scans runtime Kubernetes clusters and CI/CD pipelines for enhanced software supply chain security.
More: https://github.com/openclarity/kubeclarity
It scans runtime Kubernetes clusters and CI/CD pipelines for enhanced software supply chain security.
More: https://github.com/openclarity/kubeclarity
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🗣️ Container-to-container comms
🏎️ From 0 to 10'000 Jenkins builds a week
💻 From a laptop to a containerized app
🔗 Multus for Rook Ceph networking
5️⃣ Network namespace and 5 of its use cases
Read it now: https://learnk8s.io/issues/43
🗣️ Container-to-container comms
🏎️ From 0 to 10'000 Jenkins builds a week
💻 From a laptop to a containerized app
🔗 Multus for Rook Ceph networking
5️⃣ Network namespace and 5 of its use cases
Read it now: https://learnk8s.io/issues/43
This article teaches how to add users and permissions to an AWS EKS cluster.
Permissions are granted using roles, cluster roles, role bindings, and cluster role bindings and then mapped to IAM roles.
More: https://medium.com/@jrkessl/kubernetes-kbac-permissions-model-and-how-to-add-users-to-aws-eks-c6d642f79a6d
Permissions are granted using roles, cluster roles, role bindings, and cluster role bindings and then mapped to IAM roles.
More: https://medium.com/@jrkessl/kubernetes-kbac-permissions-model-and-how-to-add-users-to-aws-eks-c6d642f79a6d
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts this September in London and you can sign up here: https://learnk8s.io/london-advanced-september-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts this September in London and you can sign up here: https://learnk8s.io/london-advanced-september-2023
Forwarded from Kube Events
🎉 [Webinar] How to (right) size your Kubernetes cluster for efficiency
📅 14 Sep
⏰ 8am PT | 5pm CET
In this session, you will learn the theory and practical tips for choosing the right cluster worker nodes.
https://kube.events/t/195986ac-2ec3-42ee-b10c-036d280d23e8
📅 14 Sep
⏰ 8am PT | 5pm CET
In this session, you will learn the theory and practical tips for choosing the right cluster worker nodes.
https://kube.events/t/195986ac-2ec3-42ee-b10c-036d280d23e8
Forwarded from Kube Architect
In this article, you will explore the power of Kubernetes 1.27 API with OpenAPI v3 validation.
You will learn usage examples and embrace flexible, reliable custom resources.
More: https://medium.com/cloud-native-daily/kubernetes-1-27-goes-galactic-with-openapi3-6ea228785c50
You will learn usage examples and embrace flexible, reliable custom resources.
More: https://medium.com/cloud-native-daily/kubernetes-1-27-goes-galactic-with-openapi3-6ea228785c50
KubeArmor is a cloud-native runtime security enforcement system that restricts the behaviour (such as process execution, file access, and networking operations) of pods, containers, and nodes (VMs) at the system level.
More: https://github.com/kubearmor/KubeArmor
More: https://github.com/kubearmor/KubeArmor
This article demonstrates how to set up the NGINX Ingress controller, create a self-signed TLS/SSL certificate, create the necessary rules to link the certificate to the controller and hook it up to a sample app service.
More: https://snyk.io/blog/setting-up-ssl-tls-for-kubernetes-ingress
More: https://snyk.io/blog/setting-up-ssl-tls-for-kubernetes-ingress
Learn how to recreate the Kubernetes RBAC authorization model from scratch and practice the relationships between Roles, ServiceAccounts, RoleBindings, etc.
More: https://learnk8s.io/rbac-kubernetes
More: https://learnk8s.io/rbac-kubernetes
Validating admission policies offer a declarative, in-process alternative to validating admission webhooks.
Validating admission policies use the Common Expression Language (CEL) to declare the validation rules.
This article explains how to use them.
More: https://douglasmakey.medium.com/unleashing-the-power-of-kubernetes-1-26-56979ee667fd
Validating admission policies use the Common Expression Language (CEL) to declare the validation rules.
This article explains how to use them.
More: https://douglasmakey.medium.com/unleashing-the-power-of-kubernetes-1-26-56979ee667fd
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🍡 Sticky sessions and canary releases
🧘♀️ Five Helm tools
💫 Kubernetes 1.27 goes galactic with OpenAPI3
⛩️ Guide to API gateways, Kubernetes gateways, and service meshes
👮♀️ RBAC permissions model
Read it now: https://learnk8s.io/issues/44
🍡 Sticky sessions and canary releases
🧘♀️ Five Helm tools
💫 Kubernetes 1.27 goes galactic with OpenAPI3
⛩️ Guide to API gateways, Kubernetes gateways, and service meshes
👮♀️ RBAC permissions model
Read it now: https://learnk8s.io/issues/44
In this tutorial, you'll learn how to use
More: https://medium.com/codex/cilium-networkpolicy-with-aws-security-group-rules-fc91d25712f4
toGroups rules in Cilium NetworkPolicy to control the traffic between the Kubernetes cluster and an EC2 VM.More: https://medium.com/codex/cilium-networkpolicy-with-aws-security-group-rules-fc91d25712f4
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts this October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts this October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023
This article delves into an intriguing journey of stumbling across a security bug in Kyverno, a Kubernetes admission webhook server used for validating and mutating resources with customizable policies.
More: https://medium.com/defense-unicorns/kyverno-cve-2023-34091-bypassing-policies-using-kubernetes-finalizers-14e51843016e
More: https://medium.com/defense-unicorns/kyverno-cve-2023-34091-bypassing-policies-using-kubernetes-finalizers-14e51843016e