Puzzlefs is a container filesystem designed to address the limitations of the existing OCI format.

The project's primary goals are reduced duplication, reproducible image builds, direct mounting support and memory safety guarantees.

More: https://github.com/project-machine/puzzlefs

In this tutorial, you will find a demo of a Kubernetes Dynamic Validating Admission controller.

You will learn how to write a webhook server in Go and plan for its reliability and availability.

More: https://dev.to/gkampitakis/kubernetes-dynamic-admission-control-1f9p

Gazal hinted at a 40% reduction in compute capacity when combining Bottlerocket OS and Karpenter (and 30% lower response times).

This and more on the new episode of the KubeFM podcast with Bart Farrell!

👉 https://kube.fm/gazal-eks-bottlerocket-karpenter

Learn how to rebalance workloads in your Kubernetes cluster to optimize resource allocations.

In this webinar, you'll learn:

- What the Decheduler is and how it works
- Policies to reallocate pods in your nodes

📅 12 Oct
⏰ 8am PT | 5pm CET

👉 https://kube.events/t/33c89654-e376-4a7f-8a43-15619a3502da

In this tutorial, you will learn how to set up an auto-rotating secret for a database connection using the External Secret Operator and Vault.

Secrets refresh every hour, and your apps stay connected to the database with new valid credentials.

More: https://dev.to/canelasevero/true-secrets-auto-rotation-with-eso-and-vault-1g4o

This week on the Learn Kubernetes Weekly:

🏃🏻‍♂️ Migrating etcd between clouds
🤔 What happens when… Kubernetes edition!
⚒️ Build your own Docker
💰 Upgrading 100s of clusters
🔙 S3 backups with Crossplane

Read it now: https://learnk8s.io/issues/48

This blog post examines Istio and how to leverage it to implement authentication and authorization policies to secure apps:

1. Native support for mTLS and JWT authentication.
2. Control and visibility over network traffic.
3. RBAC policies.

More: https://www.infracloud.io/blogs/istio-authentication-authorization-policies

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with 1Password
💰 $180K to $244K a year
👨‍💻 Remote from the United States, Canada
→ https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55

DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55

DevSecOps Engineer with Verkada
💰 $120K to $285K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55

DevSecOps Engineer with Voltron Data
💰 $170K to $220K a year
🌎 Fully remote
→ https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55

DevSecOps Engineer with Visa
💰 $167.7K to $218K a year
🏠🏃🏻‍♂️🌎 Foster City, CA, USA
→ https://kube.careers/t/e909c1a6-db53-4b66-927f-150f134a727a?s=55

👉 Browse all 468 Kubernetes jobs on Kube Careers https://kube.careers

Master Kubernetes with Learnk8s' Advanced Kubernetes workshop!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The course starts on the 30th of October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023

In this blog, you'll learn what access control is and how Kubernetes manages access permissions behind the scenes.

More: https://blog.kubesimplify.com/kubernetes-access-control-with-authentication-authorization-admission-control

Marvin is a CLI tool designed to help Kubernetes cluster administrators ensure the security and reliability of their environments.

It performs extensive checks on cluster resources, identifying potential issues, misconfigurations, and vulnerabilities.

More: https://github.com/undistro/marvin

Master Kubernetes with Learnk8s' Advanced Kubernetes workshop!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The course starts in 2 weeks in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023

This article discusses how to change passwords defined within a Sealed Secret.

The article outlines the various steps involved including converting the secret to Sealed Secret and merging updated values into an existing secret.

More: https://medium.com/@reefland/changing-sealed-secrets-passwords-in-kubernetes-897ce2a011ac

Are logs enough to troubleshoot your deployment and infrastructure?

Perhaps — but there's a better way to observe, monitor and debug your stack: embracing observability

This and more in this episode of KubeFM with Bart & Adriana

👉 https://kube.fm/adriana-hannah-unpacking-o11y

The Secrets Store CSI Driver allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume.

Once the Volume is attached, its data is mounted into the container's file system.

More: https://github.com/kubernetes-sigs/secrets-store-csi-driver

This week on the Learn Kubernetes Weekly:

💪 ARM nodes to 4,000 engineers
🔪 Our dev is on AWS, our prod on OVHcloud
⚖️ gRPC and custom push-based DNS resolution
🛑 Istio upstream Connect error
🐣 Kubernetes-101: Ingress

Read it now: https://learnk8s.io/issues/49

This tutorial shows how to securely access services in a Kubernetes cluster using Cloudflare Zero Trust.

It involves setting up a tunnel, deploying cloudflared and securing access with the Warp client.

More: https://gtzsec.medium.com/accessing-kubernetes-services-using-cloudflare-zero-trust-cb594435da22

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with 1Password
💰 $180K to $244K a year
👨‍💻 Remote from the United States, Canada
→ https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55

DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55

DevSecOps Engineer with Verkada
💰 $120K to $285K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55

DevSecOps Engineer with Voltron Data
💰 $170K to $220K a year
🌎 Fully remote
→ https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55

DevSecOps Engineer with Visa
💰 $167.7K to $218K a year
🏠🏃🏻‍♂️🌎 Foster City, CA, USA
→ https://kube.careers/t/e909c1a6-db53-4b66-927f-150f134a727a?s=55

👉 Browse all 469 Kubernetes jobs on Kube Careers https://kube.careers

In this post, you'll simulate different network failures in a distributed system and see how they can be detected:

1. Network partitioning.
2. Network delay.
3. Packet loss.

More: https://coroot.com/blog/chaos-driven-observability-spotting-network-failures

Kubewarden is a policy engine for Kubernetes.

It helps with keeping your Kubernetes clusters secure and compliant.

Kubewarden policies can be written using regular programming or Domain Specific Languages (DSL).

More: https://github.com/kubewarden

This repository contains a reference AWS Platform Configuration for Crossplane with stateful cloud services (RDS) designed to connect to the nodes in each EKS cluster securely.

More: https://github.com/upbound/platform-ref-aws