nodegizmo is a kubectl plugin for your Kubernetes nodes that displays:

- Generic node-related information (taints, topology, etc.).
- Nodepool settings.
- Node capacity.

You can also exec into any node using nsenter pods.

More: https://github.com/Kavinraja-G/node-gizmo

k8s-secret-expiry-controller is a Kubernetes controller that watches for the expiration of Kubernetes Secrets and raises events accordingly.

More: https://github.com/devops-360-online/k8s-secret-expiry-controller

This week on the Learn Kubernetes Weekly:

😩 Handling pods when nodes fail
🕵️ Troubleshooting missing logs
📈 Optimizing scalability and cost-efficiency with Karpenter
🗜️ Setting Java Heap size in Docker
💅 Labels and annotations

Read it now: https://learnk8s.io/issues/56

This article describes the challenges and solutions to connecting kubectl from your local computer to a private GKE cluster while impersonating a service account.

More: https://medium.com/compendium/accessing-private-gke-cluster-using-bastion-host-and-service-account-impersonating-bac11c86deac

This week's 6 best Kubernetes vacancies that focus on security are:

Security Architect with Reddit
💰 $198.2K to $297.3K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/a58310f4-745b-499e-bded-d29ef2353e11?s=55

DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55

DevSecOps Engineer with 1Password
💰 $180K to $244K a year
👨‍💻 Remote from the United States, Canada
→ https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55

DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55

👉 Browse all 423 Kubernetes jobs on Kube Careers https://kube.careers

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems.

It scans runtime Kubernetes clusters and CI/CD pipelines for enhanced software supply chain security.

More: https://github.com/openclarity/kubeclarity

This guide will explore the best practices for managing secrets in Kubernetes and how to integrate with AWS Secrets Manager to enhance security and simplify management.

More: https://sharonsahadevan.medium.com/kubernetes-secret-management-a-comprehensive-guide-with-aws-secrets-manager-bdebbd70d7b1

Hubble is a fully distributed networking and security observability platform for cloud native workloads.

It is built on top of Cilium and eBPF to enable deep visibility into the communication and behaviour of services and the networking infrastructure.

More: https://github.com/cilium/hubble

KubeHound is a Kubernetes attack graph tool that allows automated calculation of attack paths between assets in a cluster.

More: https://github.com/DataDog/KubeHound

Network Policy usage is inverted.

It's easier to list the services that you want to connect to, but Network Policy forces you to list all clients that can connect to your pod.

How would you even know that another team plans to connect your apps?

But if Network Policy is not the right tool, then what should you use?

In this KubeFM podcast, you will explore:

- How Network Policies are not as bad as you might think, but they are low-level APIs that are not always practical to use directly.
- Intent-based Access Control (IBAC) as a higher-level abstraction to describe your network segmentation requirements.
- How you can use IBAC to generate Network Policies, Istio Authorization Policies, AWS IAM & Roles, and more.

Watch it here: https://kube.fm/network-policies-ori

Listen on:

- Apple Podcast https://kube.fm/apple
- Spotify https://kube.fm/spotify
- Amazon Music https://kube.fm/amazon
- Overcast https://kube.fm/overcast
- Pocket casts https://kube.fm/pocket-casts
- Deezer https://kube.fm/deezer

ChaosMeta is a chaos engineering platform that embodies the methodologies, technologies and products that Ant Group has accumulated over many years in the practice of large-scale red and blue offensive and defensive drills.

More: https://github.com/traas-stack/chaosmeta

In this 2-part tutorial, you'll learn how to create policies, how to build and publish them as a bundle served by Nginx and register them with OPA.

You'll also look at example policies to restrict the tolerations that pods can use.

More: https://dev.to/gitguardian/open-policy-agent-with-kubernetes-tutorial-pt-1-3lfn

This week on the Learn Kubernetes Weekly:

🔌 Understanding how pods talk in Kubernetes networks
☔️ Container network packet drop in AKS
🛩️ Accessing a private GKE cluster
🥷 Secret management
🚔 Open Policy Agent

Read it now: https://learnk8s.io/issues/57

kubectl-np-viewer is a kubectl plugin to visualize network policy rules.

More: https://github.com/runoncloud/kubectl-np-viewer

This week's 6 best Kubernetes vacancies that focus on security are:

Security Architect with Reddit
💰 $198.2K to $297.3K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/a58310f4-745b-499e-bded-d29ef2353e11?s=55

DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55

DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55

DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻‍♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55

👉 Browse all 441 Kubernetes jobs on Kube Careers https://kube.careers

This article will discuss how Kubernetes combines and uses several authorization modes (e.g. RBAC, Node, ABAC, etc.).

More: https://yuminlee2.medium.com/kubernetes-authorization-part1-authorization-modes-overview-18538759e2d5

In this article, you'll learn about admission controllers and their benefits in ensuring a secure and compliant cluster environment.

You'll also create a custom admission controller in Go that restricts users from deploying PVCs larger than 10GB.

More: https://ashwinphilipgeorge.medium.com/kubernetes-admission-controllers-enhance-security-and-ensure-compliance-6b61e85d6f24

In this article, you will learn different use cases of secrets management within Kubernetes:

1. Kubernetes secrets.
2. Sealed secrets.
3. External secrets.

You will also cover how to reload secrets with Stakater's reloader.

More: https://medium.com/adevinta-tech-blog/managing-kubernetes-secrets-like-a-pro-93283fb4f06d

In this article, you will explore how to use the Nginx Plus Ingress Controller with OpenID Connect (OIDC) for authentication and authorization in Kubernetes.

More: https://adityaoo7.hashnode.dev/authentication-authorization-in-kubernetes-nginx-plus-ingress-controller-with-oidc-policy

This week on the Learn Kubernetes Weekly:

😂 Fun DNS facts from kind
🎁 Beyond one-click Kubernetes upgrades
🤖 We moved our cloud operations to an operator
🧐 Exploring OCI container registries
👮‍♀️ Authorization modes overview

Read it now: https://learnk8s.io/issues/58

In this article, you'll use the Shellshock vulnerability as a guiding framework to demonstrate the importance of strong security measures and AppArmor's role in safeguarding containerized applications.

More: https://itnext.io/kubernetes-security-standoff-6116a312fedd