Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts this October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The course starts this October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023
This article delves into an intriguing journey of stumbling across a security bug in Kyverno, a Kubernetes admission webhook server used for validating and mutating resources with customizable policies.
More: https://medium.com/defense-unicorns/kyverno-cve-2023-34091-bypassing-policies-using-kubernetes-finalizers-14e51843016e
More: https://medium.com/defense-unicorns/kyverno-cve-2023-34091-bypassing-policies-using-kubernetes-finalizers-14e51843016e
KBOM (Kubernetes Bill of Materials) is a CLI tool that can generate a software bill of materials for your Kubernetes cluster.
More: https://github.com/ksoclabs/kbom
More: https://github.com/ksoclabs/kbom
Forwarded from LearnKube news
In this tutorial, you'll learn how to use Secrets in Kubernetes and:
1. Create literal secrets as source files and with kubectl.
2. Observe how secrets are encoded.
3. Create a MySQL Deployment to consume the secrets.
More: https://medium.com/@bm54cloud/kubernetes-secrets-77a798f412aa
1. Create literal secrets as source files and with kubectl.
2. Observe how secrets are encoded.
3. Create a MySQL Deployment to consume the secrets.
More: https://medium.com/@bm54cloud/kubernetes-secrets-77a798f412aa
Forwarded from KubeFM
The KubeFM podcast is now live!
🗞️Discover all the great things happening in the world of Kubernetes
🙉 Learn (controversial) opinions from the experts and
🧐 Explore the successes (and failures) of running Kubernetes at scale
Watch the first episode: https://kube.fm/planternetes-grace-nguyen
🗞️Discover all the great things happening in the world of Kubernetes
🙉 Learn (controversial) opinions from the experts and
🧐 Explore the successes (and failures) of running Kubernetes at scale
Watch the first episode: https://kube.fm/planternetes-grace-nguyen
This article explains the use of client certificates and OIDC identity providers for authentication and highlights the drawbacks of client certificates, including their hard manageability and risk of compromise.
More: https://medium.com/@xpiotrkleban/simplifying-management-of-rbac-and-authentication-in-kubernetes-606148ec2680
More: https://medium.com/@xpiotrkleban/simplifying-management-of-rbac-and-authentication-in-kubernetes-606148ec2680
Forwarded from Kube Events
🎉 Kubernetes scaling: combining autoscalers for optimal resource allocations
📅 28 Sep
⏰ 8am PT | 5pm CET
In this session, you will learn the theory and practical tips for combining cluster autoscalers (e.g. HPA+CA).
https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc
📅 28 Sep
⏰ 8am PT | 5pm CET
In this session, you will learn the theory and practical tips for combining cluster autoscalers (e.g. HPA+CA).
https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc
Reflector is a Kubernetes addon designed to monitor changes to resources (secrets and configmaps) and reflect changes to mirror resources in the same or other namespaces.
More: https://github.com/emberstack/kubernetes-reflector
More: https://github.com/emberstack/kubernetes-reflector
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
👌 Developing high-quality Helm charts faster
⎈ Helm dependencies updates made easy
📝 GKE review
⛩️ The future of API gateways
🥷 Bypassing policies with finalizers
Read it now: https://learnk8s.io/issues/45
👌 Developing high-quality Helm charts faster
⎈ Helm dependencies updates made easy
📝 GKE review
⛩️ The future of API gateways
🥷 Bypassing policies with finalizers
Read it now: https://learnk8s.io/issues/45
The Security Profiles Operator is a feature-rich operator for Kubernetes to make managing seccomp, SELinux & AppArmor profiles easier than ever.
In this article, you will explore spoc — a little helper tool for recording and replaying seccomp profiles.
More: https://kubernetes.io/blog/2023/05/18/seccomp-profiles-edge
In this article, you will explore spoc — a little helper tool for recording and replaying seccomp profiles.
More: https://kubernetes.io/blog/2023/05/18/seccomp-profiles-edge
Forwarded from LearnKube news
Learn the best strategies to combine autoscalers (i.e. HPA + CA), minimise reaction time and reduce costs.
@SoulmanIqbal will cover:
- How the Cluster Autoscaler works.
- Preemptive scaling.
- Proactive scaling.
📅 28 Sep
⏰ 8am PT | 5pm CET
👉 https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc
@SoulmanIqbal will cover:
- How the Cluster Autoscaler works.
- Preemptive scaling.
- Proactive scaling.
📅 28 Sep
⏰ 8am PT | 5pm CET
👉 https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc
m9sweeper makes securing a cluster easy with:
- CVE Scanning
- Enforcement of CVE Scanning Rules.
- Reports and Dashboards.
- CIS Security Benchmarking.
- Pen Testing.
- Deployment Coaching.
- Intrusion Detection.
- Gatekeeper Policy Management.
More: https://github.com/m9sweeper/m9sweeper
- CVE Scanning
- Enforcement of CVE Scanning Rules.
- Reports and Dashboards.
- CIS Security Benchmarking.
- Pen Testing.
- Deployment Coaching.
- Intrusion Detection.
- Gatekeeper Policy Management.
More: https://github.com/m9sweeper/m9sweeper
While Pod Security Admission can prevent common security risks, it lacks mutation ability, controller restriction, high-level violation reports, and fine-grained control options.
Learn more about it in this article.
More: https://devopsforyou.com/my-experiments-with-pod-security-admission-in-kubernetes-cluster-8028b7fc0249
Learn more about it in this article.
More: https://devopsforyou.com/my-experiments-with-pod-security-admission-in-kubernetes-cluster-8028b7fc0249
In this article, you will learn how to restrict access to S3 buckets using IAM Roles for Service Accounts.
More: https://towardsaws.com/restricting-s3-access-to-eks-and-k8s-pods-and-deployments-with-irsa-ebab1dd9a8dd
More: https://towardsaws.com/restricting-s3-access-to-eks-and-k8s-pods-and-deployments-with-irsa-ebab1dd9a8dd
Forwarded from Kube Architect
Discover the best strategies to combine autoscalers (i.e. HPA + CA), minimise reaction time and reduce costs.
In this webinar you'll learn:
- How the Cluster Autoscaler works.
- Preemptive scaling.
- Proactive scaling.
📅 28 Sep
⏰ 8am PT | 5pm CET
👉 https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc
In this webinar you'll learn:
- How the Cluster Autoscaler works.
- Preemptive scaling.
- Proactive scaling.
📅 28 Sep
⏰ 8am PT | 5pm CET
👉 https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc
The article explores two secret handling mechanisms in EKS:
1. Secrets Store CSI driver and ASCP.
2. External Secrets Operator.
The author argues that the latter is a better fit since it doesn't rely on DaemonSets.
More: https://medium.com/@chetlo/problems-using-secrets-store-csi-driver-and-securing-your-kubernetes-real-estate-f5baeaab50ae
1. Secrets Store CSI driver and ASCP.
2. External Secrets Operator.
The author argues that the latter is a better fit since it doesn't rely on DaemonSets.
More: https://medium.com/@chetlo/problems-using-secrets-store-csi-driver-and-securing-your-kubernetes-real-estate-f5baeaab50ae
Forwarded from LearnKube news
In this article, you will learn how the Spotify engineering team has developed a new method for conducting memory analysis on Google Kubernetes Engine (GKE) by combining three open source tools: AVML, dwarf2json, and Volatility 3.
More: https://engineering.atspotify.com/2023/06/analyzing-volatile-memory-on-a-google-kubernetes-engine-node
More: https://engineering.atspotify.com/2023/06/analyzing-volatile-memory-on-a-google-kubernetes-engine-node
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🖼️ Troubleshooting deployments
🔥 Firecracker-powered course platform
💥 Kubernetes pod IP conflict
🔍 Analyzing volatile memory on GKE
🏹 Understanding multi-arch containers
Read it now: https://learnk8s.io/issues/46
🖼️ Troubleshooting deployments
🔥 Firecracker-powered course platform
💥 Kubernetes pod IP conflict
🔍 Analyzing volatile memory on GKE
🏹 Understanding multi-arch containers
Read it now: https://learnk8s.io/issues/46
In this tutorial, you will learn how to use Kyverno to verify Kubernetes container images running in the control plane are signed.
More: https://medium.com/@charled.breteche/kyverno-verify-kubernetes-control-plane-images-372ea2fe1680
More: https://medium.com/@charled.breteche/kyverno-verify-kubernetes-control-plane-images-372ea2fe1680
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Tubi
💰 $197K to $259K a year
👨💻 Remote from the United States
→ https://kube.careers/t/fbfd93b4-e284-47f8-89a9-6e7cfa4c82ad?s=55
DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55
DevSecOps Engineer with Pure Storage
💰 $167K to $251K a year
🏠 From the office in Santa Clara, CA, USA
→ https://kube.careers/t/611fe80e-6e6d-4ece-b428-4af7561f7af7?s=55
DevSecOps Engineer with Verkada
💰 $120K to $285K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55
DevSecOps Engineer with Voltron Data
💰 $170K to $220K a year
🌎 Fully remote
→ https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55
👉 Browse all 486 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Tubi
💰 $197K to $259K a year
👨💻 Remote from the United States
→ https://kube.careers/t/fbfd93b4-e284-47f8-89a9-6e7cfa4c82ad?s=55
DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55
DevSecOps Engineer with Pure Storage
💰 $167K to $251K a year
🏠 From the office in Santa Clara, CA, USA
→ https://kube.careers/t/611fe80e-6e6d-4ece-b428-4af7561f7af7?s=55
DevSecOps Engineer with Verkada
💰 $120K to $285K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55
DevSecOps Engineer with Voltron Data
💰 $170K to $220K a year
🌎 Fully remote
→ https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55
👉 Browse all 486 Kubernetes jobs on Kube Careers https://kube.careers