The Secrets Store CSI Driver allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume.
Once the Volume is attached, its data is mounted into the container's file system.
More: https://github.com/kubernetes-sigs/secrets-store-csi-driver
Once the Volume is attached, its data is mounted into the container's file system.
More: https://github.com/kubernetes-sigs/secrets-store-csi-driver
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
💪 ARM nodes to 4,000 engineers
🔪 Our dev is on AWS, our prod on OVHcloud
⚖️ gRPC and custom push-based DNS resolution
🛑 Istio upstream Connect error
🐣 Kubernetes-101: Ingress
Read it now: https://learnk8s.io/issues/49
💪 ARM nodes to 4,000 engineers
🔪 Our dev is on AWS, our prod on OVHcloud
⚖️ gRPC and custom push-based DNS resolution
🛑 Istio upstream Connect error
🐣 Kubernetes-101: Ingress
Read it now: https://learnk8s.io/issues/49
This tutorial shows how to securely access services in a Kubernetes cluster using Cloudflare Zero Trust.
It involves setting up a tunnel, deploying cloudflared and securing access with the Warp client.
More: https://gtzsec.medium.com/accessing-kubernetes-services-using-cloudflare-zero-trust-cb594435da22
It involves setting up a tunnel, deploying cloudflared and securing access with the Warp client.
More: https://gtzsec.medium.com/accessing-kubernetes-services-using-cloudflare-zero-trust-cb594435da22
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with 1Password
💰 $180K to $244K a year
👨💻 Remote from the United States, Canada
→ https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55
DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55
DevSecOps Engineer with Verkada
💰 $120K to $285K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55
DevSecOps Engineer with Voltron Data
💰 $170K to $220K a year
🌎 Fully remote
→ https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55
DevSecOps Engineer with Visa
💰 $167.7K to $218K a year
🏠🏃🏻♂️🌎 Foster City, CA, USA
→ https://kube.careers/t/e909c1a6-db53-4b66-927f-150f134a727a?s=55
👉 Browse all 469 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with 1Password
💰 $180K to $244K a year
👨💻 Remote from the United States, Canada
→ https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55
DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55
DevSecOps Engineer with Verkada
💰 $120K to $285K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55
DevSecOps Engineer with Voltron Data
💰 $170K to $220K a year
🌎 Fully remote
→ https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55
DevSecOps Engineer with Visa
💰 $167.7K to $218K a year
🏠🏃🏻♂️🌎 Foster City, CA, USA
→ https://kube.careers/t/e909c1a6-db53-4b66-927f-150f134a727a?s=55
👉 Browse all 469 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
In this post, you'll simulate different network failures in a distributed system and see how they can be detected:
1. Network partitioning.
2. Network delay.
3. Packet loss.
More: https://coroot.com/blog/chaos-driven-observability-spotting-network-failures
1. Network partitioning.
2. Network delay.
3. Packet loss.
More: https://coroot.com/blog/chaos-driven-observability-spotting-network-failures
Kubewarden is a policy engine for Kubernetes.
It helps with keeping your Kubernetes clusters secure and compliant.
Kubewarden policies can be written using regular programming or Domain Specific Languages (DSL).
More: https://github.com/kubewarden
It helps with keeping your Kubernetes clusters secure and compliant.
Kubewarden policies can be written using regular programming or Domain Specific Languages (DSL).
More: https://github.com/kubewarden
Forwarded from Kube Architect
This repository contains a reference AWS Platform Configuration for Crossplane with stateful cloud services (RDS) designed to connect to the nodes in each EKS cluster securely.
More: https://github.com/upbound/platform-ref-aws
More: https://github.com/upbound/platform-ref-aws
In this post, you'll go over the Azure security baseline for Azure Kubernetes Service and give a shoutout to two tools that can aid you in the process of establishing your compliance with the baseline: kube-bench and popeye.
More: https://community.ops.io/the_cozma/kube-bench-and-popeye-a-power-duo-for-aks-security-compliance-4f8c
More: https://community.ops.io/the_cozma/kube-bench-and-popeye-a-power-duo-for-aks-security-compliance-4f8c
In this tutorial, you will show how to deploy and configure the Ingress and Egress Gateway with Istio Service Mesh to implement a Zero Trust Architecture on Kubernetes for ingoing and outgoing traffic.
More: https://medium.com/@lupass93/ingress-and-egress-traffic-in-zero-trust-architecture-with-istio-service-mesh-on-kubernetes-771aa5ebcb2a
More: https://medium.com/@lupass93/ingress-and-egress-traffic-in-zero-trust-architecture-with-istio-service-mesh-on-kubernetes-771aa5ebcb2a
The Secrets Store CSI driver provides a Kubernetes-native way of mounting secrets into pods while managing the whole lifecycle of the secret in an enterprise-grade secret provider.
Learn how to use it in this article.
More: https://blog.ediri.io/advanced-secret-management-on-kubernetes-with-pulumi-secrets-store-csi-driver
Learn how to use it in this article.
More: https://blog.ediri.io/advanced-secret-management-on-kubernetes-with-pulumi-secrets-store-csi-driver
Forwarded from Kube Architect
traefik-jwt-plugin is a Traefik plugin for verifying JSON Web Tokens (JWT).
It supports:
- Public keys, certificates or JWKS endpoints.
- RSA, ECDSA and symmetric keys.
- Open Policy Agent (OPA) for additional authorization checks.
More: https://github.com/team-carepay/traefik-jwt-plugin
It supports:
- Public keys, certificates or JWKS endpoints.
- RSA, ECDSA and symmetric keys.
- Open Policy Agent (OPA) for additional authorization checks.
More: https://github.com/team-carepay/traefik-jwt-plugin
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🙅 It's not always DNS
💥 Chaos-driven observability
👨🔬 Pod as an internet egress network appliance
🎏 Kubernetes API and flow control
🧐 Understanding the kubelet
Read it now: https://learnk8s.io/issues/50
🙅 It's not always DNS
💥 Chaos-driven observability
👨🔬 Pod as an internet egress network appliance
🎏 Kubernetes API and flow control
🧐 Understanding the kubelet
Read it now: https://learnk8s.io/issues/50
In this tutorial, you'll learn how to use Kyverno to:
- Enforce controls on components.
- Enrich components to standardize or enable global features.
- Generate components automatically.
More: https://yodamad.hashnode.dev/keep-your-cluster-under-control-with-kyverno
- Enforce controls on components.
- Enrich components to standardize or enable global features.
- Generate components automatically.
More: https://yodamad.hashnode.dev/keep-your-cluster-under-control-with-kyverno
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with 1Password
💰 $180K to $244K a year
👨💻 Remote from the United States, Canada
→ https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55
DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55
DevSecOps Engineer with Verkada
💰 $120K to $285K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55
DevSecOps Engineer with Voltron Data
💰 $170K to $220K a year
🌎 Fully remote
→ https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55
DevSecOps Engineer with Visa
💰 $167.7K to $218K a year
🏠🏃🏻♂️🌎 Foster City, CA, USA
→ https://kube.careers/t/e909c1a6-db53-4b66-927f-150f134a727a?s=55
👉 Browse all 442 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with 1Password
💰 $180K to $244K a year
👨💻 Remote from the United States, Canada
→ https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55
DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55
DevSecOps Engineer with Verkada
💰 $120K to $285K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55
DevSecOps Engineer with Voltron Data
💰 $170K to $220K a year
🌎 Fully remote
→ https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55
DevSecOps Engineer with Visa
💰 $167.7K to $218K a year
🏠🏃🏻♂️🌎 Foster City, CA, USA
→ https://kube.careers/t/e909c1a6-db53-4b66-927f-150f134a727a?s=55
👉 Browse all 442 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next courses are in Amsterdam, Munich and online and you can find them here: https://learnk8s.io/training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next courses are in Amsterdam, Munich and online and you can find them here: https://learnk8s.io/training
In this blog article, you'll learn how you could leverage the new Validating Admission Policies feature and the Common Expression Language (CEL) in GKE.
More: https://medium.com/google-cloud/validating-admission-policies-with-gke-1-26-ed1321bcf739
More: https://medium.com/google-cloud/validating-admission-policies-with-gke-1-26-ed1321bcf739
Forwarded from LearnKube news
In this article, you will learn how to forward traffic to pods in Kubernetes using Wireguard as a VPN.
More: https://tech.j4m3s.eu/posts/vpn-forwarding-on-k8s
More: https://tech.j4m3s.eu/posts/vpn-forwarding-on-k8s
In this tutorial, you'll learn how to implement two security features of service meshes: request-level authentication and authorization using Istio and Keycloak.
More: https://www.infracloud.io/blogs/request-level-authentication-authorization-istio-keycloak
More: https://www.infracloud.io/blogs/request-level-authentication-authorization-istio-keycloak
This article explains what a Kubernetes Service Account is and how to create and use one.
It also includes a demonstration of using a Service Account for a Pod to communicate with the Kubernetes API.
More: https://medium.com/@jrkessl/kubernetes-service-accounts-what-they-are-and-how-to-implement-9b3701c667d0
It also includes a demonstration of using a Service Account for a Pod to communicate with the Kubernetes API.
More: https://medium.com/@jrkessl/kubernetes-service-accounts-what-they-are-and-how-to-implement-9b3701c667d0
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
How do you upgrade a Kubernetes cluster to the latest release without breaking anything?
And what if you had to upgrade hundreds of clusters simultaneously?
In this episode, Pierre explains the process, tooling and testing strategy in upgrading clusters at scale.
You will learn:
- How the team at Qovery keeps updated with the latest (vanilla) Kubernetes changes and managed services changelogs.
- How to upgrade Helm charts gradually and safely. Pierre has some tips for Custom Resource Definitions (CRDs).
- How to test API deprecations with end-to-end testing.
- How to automate the process of upgrading clusters.
You will also learn from Pierre's experience in managing stateful applications in Kubernetes with 4500 nodes on bare metal.
Watch it here: https://kube.fm/upgrading-100s-clusters-pierre
Listen on:
- Apple Podcast https://kube.fm/apple
- Spotify https://kube.fm/spotify
- Amazon Music https://kube.fm/amazon
- Overcast https://kube.fm/overcast
- Pocket casts https://kube.fm/pocket-casts
And what if you had to upgrade hundreds of clusters simultaneously?
In this episode, Pierre explains the process, tooling and testing strategy in upgrading clusters at scale.
You will learn:
- How the team at Qovery keeps updated with the latest (vanilla) Kubernetes changes and managed services changelogs.
- How to upgrade Helm charts gradually and safely. Pierre has some tips for Custom Resource Definitions (CRDs).
- How to test API deprecations with end-to-end testing.
- How to automate the process of upgrading clusters.
You will also learn from Pierre's experience in managing stateful applications in Kubernetes with 4500 nodes on bare metal.
Watch it here: https://kube.fm/upgrading-100s-clusters-pierre
Listen on:
- Apple Podcast https://kube.fm/apple
- Spotify https://kube.fm/spotify
- Amazon Music https://kube.fm/amazon
- Overcast https://kube.fm/overcast
- Pocket casts https://kube.fm/pocket-casts
In this article, you'll implement a robust approach to Kubernetes secret management with Go, AWS ParameterStore, OIDC, and Terraform.
More: https://medium.com/cloud-native-daily/eks-secret-management-with-golang-aws-parameterstore-and-terraform-b4c8c7ee1f9
More: https://medium.com/cloud-native-daily/eks-secret-management-with-golang-aws-parameterstore-and-terraform-b4c8c7ee1f9