Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
😂 Fun DNS facts from kind
🎁 Beyond one-click Kubernetes upgrades
🤖 We moved our cloud operations to an operator
🧐 Exploring OCI container registries
👮♀️ Authorization modes overview
Read it now: https://learnk8s.io/issues/58
😂 Fun DNS facts from kind
🎁 Beyond one-click Kubernetes upgrades
🤖 We moved our cloud operations to an operator
🧐 Exploring OCI container registries
👮♀️ Authorization modes overview
Read it now: https://learnk8s.io/issues/58
In this article, you'll use the Shellshock vulnerability as a guiding framework to demonstrate the importance of strong security measures and AppArmor's role in safeguarding containerized applications.
More: https://itnext.io/kubernetes-security-standoff-6116a312fedd
More: https://itnext.io/kubernetes-security-standoff-6116a312fedd
Forwarded from Kube Architect
In this tutorial, you'll learn how to use Argo Workflow to create a CI/CD pipeline for scanning, building, and deploying an image using tools like Trivy, CodeQL, buildctl, and cosign.
More: https://medium.com/@chukmunnlee/argo-workflow-a-pipeline-to-build-and-deploy-containers-f03775d8e01b
More: https://medium.com/@chukmunnlee/argo-workflow-a-pipeline-to-build-and-deploy-containers-f03775d8e01b
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Match Group
💰 $146.5K to $176K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ba9a7f80-b1f4-415b-8bd2-1017afc81339?s=55
Security Architect with Verisign
💰 $128.7K to $174.1K a year
🏠🏃🏻♂️🌎 Reston, VA, USA
→ https://kube.careers/t/09ccfe74-827e-466f-8e38-c3e85db8806d?s=55
DevSecOps Engineer with Accenture Federal Services
💰 $105.2K to $196.5K a year
👨💻 Remote from the United States
→ https://kube.careers/t/344f20e2-0379-4ca6-8d38-74d717cd1b77?s=55
👉 Browse all 379 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Match Group
💰 $146.5K to $176K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ba9a7f80-b1f4-415b-8bd2-1017afc81339?s=55
Security Architect with Verisign
💰 $128.7K to $174.1K a year
🏠🏃🏻♂️🌎 Reston, VA, USA
→ https://kube.careers/t/09ccfe74-827e-466f-8e38-c3e85db8806d?s=55
DevSecOps Engineer with Accenture Federal Services
💰 $105.2K to $196.5K a year
👨💻 Remote from the United States
→ https://kube.careers/t/344f20e2-0379-4ca6-8d38-74d717cd1b77?s=55
👉 Browse all 379 Kubernetes jobs on Kube Careers https://kube.careers
In this article, you will learn how to use KubeArmor to define policies and protect your containerized workloads.
You will test the setup against the ShellShock vulnerability and compare it to AppArmor.
More: https://itnext.io/protecting-your-kubernetes-environment-with-kubearmor-76b02fc2209b
You will test the setup against the ShellShock vulnerability and compare it to AppArmor.
More: https://itnext.io/protecting-your-kubernetes-environment-with-kubearmor-76b02fc2209b
This article introduces Gatekeeper and shows you how to use it to create and enforce policies and governance for your Kubernetes clusters.
More: https://itnext.io/how-to-apply-policies-in-kubernetes-using-open-policy-agent-opa-gatekeeper-2d9948d9516b
More: https://itnext.io/how-to-apply-policies-in-kubernetes-using-open-policy-agent-opa-gatekeeper-2d9948d9516b
In this article, you will explore three approaches for securely passing secrets to applications in Kubernetes:
1. Volumes.
2. Side containers.
3. Secret injector.
More: https://adityaoo7.hashnode.dev/secure-secret-management-in-kubernetes-exploring-different-approaches
1. Volumes.
2. Side containers.
3. Secret injector.
More: https://adityaoo7.hashnode.dev/secure-secret-management-in-kubernetes-exploring-different-approaches
In this article, you'll learn two advanced features of the Validation Admission Policies (VAPs):
1. Resource matching and filtering.
2. Parameters in policies.
You will also learn some tips for migrating from Validating Admission Webhooks to VAPs.
More: https://engineering.doit.com/validating-admission-policies-in-kubernetes-advanced-use-cases-9bebe13029eb
1. Resource matching and filtering.
2. Parameters in policies.
You will also learn some tips for migrating from Validating Admission Webhooks to VAPs.
More: https://engineering.doit.com/validating-admission-policies-in-kubernetes-advanced-use-cases-9bebe13029eb
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
✅ Validation WebHook troubleshooting
🤳 Self-Managed Kubernetes
📈 The internals and the latest trends of container runtimes
⚙️ Containers from scratch in C
👮♀️ Kubernetes security standoff
Read it now: https://learnk8s.io/issues/59
✅ Validation WebHook troubleshooting
🤳 Self-Managed Kubernetes
📈 The internals and the latest trends of container runtimes
⚙️ Containers from scratch in C
👮♀️ Kubernetes security standoff
Read it now: https://learnk8s.io/issues/59
In this tutorial, you will learn how to secure your Nginx Ingress controller (or any 3rd party reverse proxy you may use in GKE) behind Cloud Armor or Identity-Aware Proxy (IAP).
More: https://medium.com/google-cloud/secure-your-nginx-ingress-controller-behind-cloud-armor-805d6109af86
More: https://medium.com/google-cloud/secure-your-nginx-ingress-controller-behind-cloud-armor-805d6109af86
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Match Group
💰 $146.5K to $176K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ba9a7f80-b1f4-415b-8bd2-1017afc81339?s=55
Security Architect with Verisign
💰 $128.7K to $174.1K a year
🏠🏃🏻♂️🌎 Reston, VA, USA
→ https://kube.careers/t/09ccfe74-827e-466f-8e38-c3e85db8806d?s=55
DevSecOps Engineer with Accenture Federal Services
💰 $105.2K to $196.5K a year
👨💻 Remote from the United States
→ https://kube.careers/t/344f20e2-0379-4ca6-8d38-74d717cd1b77?s=55
👉 Browse all 375 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Match Group
💰 $146.5K to $176K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ba9a7f80-b1f4-415b-8bd2-1017afc81339?s=55
Security Architect with Verisign
💰 $128.7K to $174.1K a year
🏠🏃🏻♂️🌎 Reston, VA, USA
→ https://kube.careers/t/09ccfe74-827e-466f-8e38-c3e85db8806d?s=55
DevSecOps Engineer with Accenture Federal Services
💰 $105.2K to $196.5K a year
👨💻 Remote from the United States
→ https://kube.careers/t/344f20e2-0379-4ca6-8d38-74d717cd1b77?s=55
👉 Browse all 375 Kubernetes jobs on Kube Careers https://kube.careers
In this tutorial, you will learn how to validate Kubernetes resources with Validating Admission Policies (VAPs) and Common Expression Language (CEL).
More: https://www.doit.com/effortless-in-cluster-validation-with-kubernetes-introducing-validating-admission-policies
More: https://www.doit.com/effortless-in-cluster-validation-with-kubernetes-introducing-validating-admission-policies
This article describes how to:
1. Enable Vault to Kubernetes cluster integration.
2. Create a shell noscript file that defines secret values as environment variables in Kubernetes pods.
More: https://medium.com/@igorkanshyn/external-vault-to-kubernetes-clusters-integration-5b74a67b85e
1. Enable Vault to Kubernetes cluster integration.
2. Create a shell noscript file that defines secret values as environment variables in Kubernetes pods.
More: https://medium.com/@igorkanshyn/external-vault-to-kubernetes-clusters-integration-5b74a67b85e
This tutorial provides a guide on integrating the Open Policy Agent (OPA) with Kubernetes.
It includes three examples detailing how to enforce policies in different scenarios.
More: https://blog.zelarsoft.com/integrating-opa-gatekeeper-as-an-admission-controller-with-kubernetes-7687f30ba0f6
It includes three examples detailing how to enforce policies in different scenarios.
More: https://blog.zelarsoft.com/integrating-opa-gatekeeper-as-an-admission-controller-with-kubernetes-7687f30ba0f6
Self-signed certificates are common within enterprise companies.
But how do you distribute them and enable their use in Kubernetes as a user and a vendor?
Learn more in this article.
More: https://blog.alexellis.io/what-if-your-pods-need-to-trust-self-signed-certificates
But how do you distribute them and enable their use in Kubernetes as a user and a vendor?
Learn more in this article.
More: https://blog.alexellis.io/what-if-your-pods-need-to-trust-self-signed-certificates
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
⛵️ From RSS to WSS: Kubernetes memory metrics
⏩ Portless ports
📝 Trusting self-signed certificates
🔗 Binding to Low Ports as a Non-root User
⚙️ PIDs limit: how to change them
Read it now: https://learnk8s.io/issues/60
⛵️ From RSS to WSS: Kubernetes memory metrics
⏩ Portless ports
📝 Trusting self-signed certificates
🔗 Binding to Low Ports as a Non-root User
⚙️ PIDs limit: how to change them
Read it now: https://learnk8s.io/issues/60
This article explores the fundamental concepts, syntax, semantics, and implementation considerations associated with Network Policies.
It also delves into best practices and real-world examples to illustrate their practical application and benefits.
More: https://blog.slycreator.com/network-policies-understanding-kubernetes-network-policies
It also delves into best practices and real-world examples to illustrate their practical application and benefits.
More: https://blog.slycreator.com/network-policies-understanding-kubernetes-network-policies
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55
DevSecOps Engineer with KoBold Metals
💰 $150K to $225K a year
👨💻 Remote from the United States, Canada
→ https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55
👉 Browse all 485 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55
DevSecOps Engineer with KoBold Metals
💰 $150K to $225K a year
👨💻 Remote from the United States, Canada
→ https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55
👉 Browse all 485 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts next month in Amsterdam: https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts next month in Amsterdam: https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
In this article, you will learn how the Vault Agent interacts with Vault and how it can be integrated with Kubernetes using response-wrapping tokens.
More: https://medium.com/google-cloud/vault-agent-with-gke-7b8731f32375
More: https://medium.com/google-cloud/vault-agent-with-gke-7b8731f32375
Learn how Aqua Security's Trivy now works with Kubernetes Bills of Material (KBOM) to scan for cluster vulnerabilities in real-time.
More: https://blog.aquasec.com/scanning-kbom-for-vulnerabilities-with-trivy
More: https://blog.aquasec.com/scanning-kbom-for-vulnerabilities-with-trivy