kubectl-np-viewer is a kubectl plugin to visualize network policy rules.

More: https://github.com/runoncloud/kubectl-np-viewer

This week's 6 best Kubernetes vacancies that focus on security are:

Security Architect with Reddit
💰 $198.2K to $297.3K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/a58310f4-745b-499e-bded-d29ef2353e11?s=55

DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55

DevSecOps Engineer with Robinhood
💰 $169K to $255K a year
🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA
→ https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55

DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻‍♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55

👉 Browse all 441 Kubernetes jobs on Kube Careers https://kube.careers

This article will discuss how Kubernetes combines and uses several authorization modes (e.g. RBAC, Node, ABAC, etc.).

More: https://yuminlee2.medium.com/kubernetes-authorization-part1-authorization-modes-overview-18538759e2d5

In this article, you'll learn about admission controllers and their benefits in ensuring a secure and compliant cluster environment.

You'll also create a custom admission controller in Go that restricts users from deploying PVCs larger than 10GB.

More: https://ashwinphilipgeorge.medium.com/kubernetes-admission-controllers-enhance-security-and-ensure-compliance-6b61e85d6f24

In this article, you will learn different use cases of secrets management within Kubernetes:

1. Kubernetes secrets.
2. Sealed secrets.
3. External secrets.

You will also cover how to reload secrets with Stakater's reloader.

More: https://medium.com/adevinta-tech-blog/managing-kubernetes-secrets-like-a-pro-93283fb4f06d

In this article, you will explore how to use the Nginx Plus Ingress Controller with OpenID Connect (OIDC) for authentication and authorization in Kubernetes.

More: https://adityaoo7.hashnode.dev/authentication-authorization-in-kubernetes-nginx-plus-ingress-controller-with-oidc-policy

This week on the Learn Kubernetes Weekly:

😂 Fun DNS facts from kind
🎁 Beyond one-click Kubernetes upgrades
🤖 We moved our cloud operations to an operator
🧐 Exploring OCI container registries
👮‍♀️ Authorization modes overview

Read it now: https://learnk8s.io/issues/58

In this article, you'll use the Shellshock vulnerability as a guiding framework to demonstrate the importance of strong security measures and AppArmor's role in safeguarding containerized applications.

More: https://itnext.io/kubernetes-security-standoff-6116a312fedd

In this tutorial, you'll learn how to use Argo Workflow to create a CI/CD pipeline for scanning, building, and deploying an image using tools like Trivy, CodeQL, buildctl, and cosign.

More: https://medium.com/@chukmunnlee/argo-workflow-a-pipeline-to-build-and-deploy-containers-f03775d8e01b

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55

DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻‍♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55

DevSecOps Engineer with Match Group
💰 $146.5K to $176K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/ba9a7f80-b1f4-415b-8bd2-1017afc81339?s=55

Security Architect with Verisign
💰 $128.7K to $174.1K a year
🏠🏃🏻‍♂️🌎 Reston, VA, USA
→ https://kube.careers/t/09ccfe74-827e-466f-8e38-c3e85db8806d?s=55

DevSecOps Engineer with Accenture Federal Services
💰 $105.2K to $196.5K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/344f20e2-0379-4ca6-8d38-74d717cd1b77?s=55

👉 Browse all 379 Kubernetes jobs on Kube Careers https://kube.careers

In this article, you will learn how to use KubeArmor to define policies and protect your containerized workloads.

You will test the setup against the ShellShock vulnerability and compare it to AppArmor.

More: https://itnext.io/protecting-your-kubernetes-environment-with-kubearmor-76b02fc2209b

This article introduces Gatekeeper and shows you how to use it to create and enforce policies and governance for your Kubernetes clusters.

More: https://itnext.io/how-to-apply-policies-in-kubernetes-using-open-policy-agent-opa-gatekeeper-2d9948d9516b

In this article, you will explore three approaches for securely passing secrets to applications in Kubernetes:

1. Volumes.
2. Side containers.
3. Secret injector.

More: https://adityaoo7.hashnode.dev/secure-secret-management-in-kubernetes-exploring-different-approaches

In this article, you'll learn two advanced features of the Validation Admission Policies (VAPs):

1. Resource matching and filtering.
2. Parameters in policies.

You will also learn some tips for migrating from Validating Admission Webhooks to VAPs.

More: https://engineering.doit.com/validating-admission-policies-in-kubernetes-advanced-use-cases-9bebe13029eb

This week on the Learn Kubernetes Weekly:

✅ Validation WebHook troubleshooting
🤳 Self-Managed Kubernetes
📈 The internals and the latest trends of container runtimes
⚙️ Containers from scratch in C
👮‍♀️ Kubernetes security standoff

Read it now: https://learnk8s.io/issues/59

In this tutorial, you will learn how to secure your Nginx Ingress controller (or any 3rd party reverse proxy you may use in GKE) behind Cloud Armor or Identity-Aware Proxy (IAP).

More: https://medium.com/google-cloud/secure-your-nginx-ingress-controller-behind-cloud-armor-805d6109af86

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55

DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻‍♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55

DevSecOps Engineer with Match Group
💰 $146.5K to $176K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/ba9a7f80-b1f4-415b-8bd2-1017afc81339?s=55

Security Architect with Verisign
💰 $128.7K to $174.1K a year
🏠🏃🏻‍♂️🌎 Reston, VA, USA
→ https://kube.careers/t/09ccfe74-827e-466f-8e38-c3e85db8806d?s=55

DevSecOps Engineer with Accenture Federal Services
💰 $105.2K to $196.5K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/344f20e2-0379-4ca6-8d38-74d717cd1b77?s=55

👉 Browse all 375 Kubernetes jobs on Kube Careers https://kube.careers

In this tutorial, you will learn how to validate Kubernetes resources with Validating Admission Policies (VAPs) and Common Expression Language (CEL).

More: https://www.doit.com/effortless-in-cluster-validation-with-kubernetes-introducing-validating-admission-policies

This article describes how to:

1. Enable Vault to Kubernetes cluster integration.
2. Create a shell noscript file that defines secret values as environment variables in Kubernetes pods.

More: https://medium.com/@igorkanshyn/external-vault-to-kubernetes-clusters-integration-5b74a67b85e

This tutorial provides a guide on integrating the Open Policy Agent (OPA) with Kubernetes.

It includes three examples detailing how to enforce policies in different scenarios.

More: https://blog.zelarsoft.com/integrating-opa-gatekeeper-as-an-admission-controller-with-kubernetes-7687f30ba0f6

Self-signed certificates are common within enterprise companies.

But how do you distribute them and enable their use in Kubernetes as a user and a vendor?

Learn more in this article.

More: https://blog.alexellis.io/what-if-your-pods-need-to-trust-self-signed-certificates