In this article, you will explore the power of Kubernetes 1.27 API with OpenAPI v3 validation.

You will learn usage examples and embrace flexible, reliable custom resources.

More: https://medium.com/cloud-native-daily/kubernetes-1-27-goes-galactic-with-openapi3-6ea228785c50

KubeArmor is a cloud-native runtime security enforcement system that restricts the behaviour (such as process execution, file access, and networking operations) of pods, containers, and nodes (VMs) at the system level.

More: https://github.com/kubearmor/KubeArmor

This article demonstrates how to set up the NGINX Ingress controller, create a self-signed TLS/SSL certificate, create the necessary rules to link the certificate to the controller and hook it up to a sample app service.

More: https://snyk.io/blog/setting-up-ssl-tls-for-kubernetes-ingress

Learn how to recreate the Kubernetes RBAC authorization model from scratch and practice the relationships between Roles, ServiceAccounts, RoleBindings, etc.

More: https://learnk8s.io/rbac-kubernetes

Validating admission policies offer a declarative, in-process alternative to validating admission webhooks.

Validating admission policies use the Common Expression Language (CEL) to declare the validation rules.

This article explains how to use them.

More: https://douglasmakey.medium.com/unleashing-the-power-of-kubernetes-1-26-56979ee667fd

This week on the Learn Kubernetes Weekly:

🍡 Sticky sessions and canary releases
🧘‍♀️ Five Helm tools
💫 Kubernetes 1.27 goes galactic with OpenAPI3
⛩️ Guide to API gateways, Kubernetes gateways, and service meshes
👮‍♀️ RBAC permissions model

Read it now: https://learnk8s.io/issues/44

In this tutorial, you'll learn how to use toGroups rules in Cilium NetworkPolicy to control the traffic between the Kubernetes cluster and an EC2 VM.

More: https://medium.com/codex/cilium-networkpolicy-with-aws-security-group-rules-fc91d25712f4

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The course starts this October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023

This article delves into an intriguing journey of stumbling across a security bug in Kyverno, a Kubernetes admission webhook server used for validating and mutating resources with customizable policies.

More: https://medium.com/defense-unicorns/kyverno-cve-2023-34091-bypassing-policies-using-kubernetes-finalizers-14e51843016e

KBOM (Kubernetes Bill of Materials) is a CLI tool that can generate a software bill of materials for your Kubernetes cluster.

More: https://github.com/ksoclabs/kbom

In this tutorial, you'll learn how to use Secrets in Kubernetes and:

1. Create literal secrets as source files and with kubectl.
2. Observe how secrets are encoded.
3. Create a MySQL Deployment to consume the secrets.

More: https://medium.com/@bm54cloud/kubernetes-secrets-77a798f412aa

kubectl apply -f kubefm.yaml,bart_farrell.yaml

The KubeFM podcast is now live!

🗞️Discover all the great things happening in the world of Kubernetes
🙉 Learn (controversial) opinions from the experts and
🧐 Explore the successes (and failures) of running Kubernetes at scale

Watch the first episode: https://kube.fm/planternetes-grace-nguyen

This article explains the use of client certificates and OIDC identity providers for authentication and highlights the drawbacks of client certificates, including their hard manageability and risk of compromise.

More: https://medium.com/@xpiotrkleban/simplifying-management-of-rbac-and-authentication-in-kubernetes-606148ec2680

🎉 Kubernetes scaling: combining autoscalers for optimal resource allocations

📅 28 Sep
⏰ 8am PT | 5pm CET

In this session, you will learn the theory and practical tips for combining cluster autoscalers (e.g. HPA+CA).

https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc

Reflector is a Kubernetes addon designed to monitor changes to resources (secrets and configmaps) and reflect changes to mirror resources in the same or other namespaces.

More: https://github.com/emberstack/kubernetes-reflector

This week on the Learn Kubernetes Weekly:

👌 Developing high-quality Helm charts faster
⎈ Helm dependencies updates made easy
📝 GKE review
⛩️ The future of API gateways
🥷 Bypassing policies with finalizers

Read it now: https://learnk8s.io/issues/45

The Security Profiles Operator is a feature-rich operator for Kubernetes to make managing seccomp, SELinux & AppArmor profiles easier than ever.

In this article, you will explore spoc — a little helper tool for recording and replaying seccomp profiles.

More: https://kubernetes.io/blog/2023/05/18/seccomp-profiles-edge

Learn the best strategies to combine autoscalers (i.e. HPA + CA), minimise reaction time and reduce costs.

@SoulmanIqbal will cover:

- How the Cluster Autoscaler works.
- Preemptive scaling.
- Proactive scaling.

📅 28 Sep
⏰ 8am PT | 5pm CET

👉 https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc

m9sweeper makes securing a cluster easy with:

- CVE Scanning
- Enforcement of CVE Scanning Rules.
- Reports and Dashboards.
- CIS Security Benchmarking.
- Pen Testing.
- Deployment Coaching.
- Intrusion Detection.
- Gatekeeper Policy Management.

More: https://github.com/m9sweeper/m9sweeper

While Pod Security Admission can prevent common security risks, it lacks mutation ability, controller restriction, high-level violation reports, and fine-grained control options.

Learn more about it in this article.

More: https://devopsforyou.com/my-experiments-with-pod-security-admission-in-kubernetes-cluster-8028b7fc0249