In this article, you'll learn two advanced features of the Validation Admission Policies (VAPs):
1. Resource matching and filtering.
2. Parameters in policies.
You will also learn some tips for migrating from Validating Admission Webhooks to VAPs.
More: https://engineering.doit.com/validating-admission-policies-in-kubernetes-advanced-use-cases-9bebe13029eb
1. Resource matching and filtering.
2. Parameters in policies.
You will also learn some tips for migrating from Validating Admission Webhooks to VAPs.
More: https://engineering.doit.com/validating-admission-policies-in-kubernetes-advanced-use-cases-9bebe13029eb
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
✅ Validation WebHook troubleshooting
🤳 Self-Managed Kubernetes
📈 The internals and the latest trends of container runtimes
⚙️ Containers from scratch in C
👮♀️ Kubernetes security standoff
Read it now: https://learnk8s.io/issues/59
✅ Validation WebHook troubleshooting
🤳 Self-Managed Kubernetes
📈 The internals and the latest trends of container runtimes
⚙️ Containers from scratch in C
👮♀️ Kubernetes security standoff
Read it now: https://learnk8s.io/issues/59
In this tutorial, you will learn how to secure your Nginx Ingress controller (or any 3rd party reverse proxy you may use in GKE) behind Cloud Armor or Identity-Aware Proxy (IAP).
More: https://medium.com/google-cloud/secure-your-nginx-ingress-controller-behind-cloud-armor-805d6109af86
More: https://medium.com/google-cloud/secure-your-nginx-ingress-controller-behind-cloud-armor-805d6109af86
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Match Group
💰 $146.5K to $176K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ba9a7f80-b1f4-415b-8bd2-1017afc81339?s=55
Security Architect with Verisign
💰 $128.7K to $174.1K a year
🏠🏃🏻♂️🌎 Reston, VA, USA
→ https://kube.careers/t/09ccfe74-827e-466f-8e38-c3e85db8806d?s=55
DevSecOps Engineer with Accenture Federal Services
💰 $105.2K to $196.5K a year
👨💻 Remote from the United States
→ https://kube.careers/t/344f20e2-0379-4ca6-8d38-74d717cd1b77?s=55
👉 Browse all 375 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Match Group
💰 $146.5K to $176K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ba9a7f80-b1f4-415b-8bd2-1017afc81339?s=55
Security Architect with Verisign
💰 $128.7K to $174.1K a year
🏠🏃🏻♂️🌎 Reston, VA, USA
→ https://kube.careers/t/09ccfe74-827e-466f-8e38-c3e85db8806d?s=55
DevSecOps Engineer with Accenture Federal Services
💰 $105.2K to $196.5K a year
👨💻 Remote from the United States
→ https://kube.careers/t/344f20e2-0379-4ca6-8d38-74d717cd1b77?s=55
👉 Browse all 375 Kubernetes jobs on Kube Careers https://kube.careers
In this tutorial, you will learn how to validate Kubernetes resources with Validating Admission Policies (VAPs) and Common Expression Language (CEL).
More: https://www.doit.com/effortless-in-cluster-validation-with-kubernetes-introducing-validating-admission-policies
More: https://www.doit.com/effortless-in-cluster-validation-with-kubernetes-introducing-validating-admission-policies
This article describes how to:
1. Enable Vault to Kubernetes cluster integration.
2. Create a shell noscript file that defines secret values as environment variables in Kubernetes pods.
More: https://medium.com/@igorkanshyn/external-vault-to-kubernetes-clusters-integration-5b74a67b85e
1. Enable Vault to Kubernetes cluster integration.
2. Create a shell noscript file that defines secret values as environment variables in Kubernetes pods.
More: https://medium.com/@igorkanshyn/external-vault-to-kubernetes-clusters-integration-5b74a67b85e
This tutorial provides a guide on integrating the Open Policy Agent (OPA) with Kubernetes.
It includes three examples detailing how to enforce policies in different scenarios.
More: https://blog.zelarsoft.com/integrating-opa-gatekeeper-as-an-admission-controller-with-kubernetes-7687f30ba0f6
It includes three examples detailing how to enforce policies in different scenarios.
More: https://blog.zelarsoft.com/integrating-opa-gatekeeper-as-an-admission-controller-with-kubernetes-7687f30ba0f6
Self-signed certificates are common within enterprise companies.
But how do you distribute them and enable their use in Kubernetes as a user and a vendor?
Learn more in this article.
More: https://blog.alexellis.io/what-if-your-pods-need-to-trust-self-signed-certificates
But how do you distribute them and enable their use in Kubernetes as a user and a vendor?
Learn more in this article.
More: https://blog.alexellis.io/what-if-your-pods-need-to-trust-self-signed-certificates
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
⛵️ From RSS to WSS: Kubernetes memory metrics
⏩ Portless ports
📝 Trusting self-signed certificates
🔗 Binding to Low Ports as a Non-root User
⚙️ PIDs limit: how to change them
Read it now: https://learnk8s.io/issues/60
⛵️ From RSS to WSS: Kubernetes memory metrics
⏩ Portless ports
📝 Trusting self-signed certificates
🔗 Binding to Low Ports as a Non-root User
⚙️ PIDs limit: how to change them
Read it now: https://learnk8s.io/issues/60
This article explores the fundamental concepts, syntax, semantics, and implementation considerations associated with Network Policies.
It also delves into best practices and real-world examples to illustrate their practical application and benefits.
More: https://blog.slycreator.com/network-policies-understanding-kubernetes-network-policies
It also delves into best practices and real-world examples to illustrate their practical application and benefits.
More: https://blog.slycreator.com/network-policies-understanding-kubernetes-network-policies
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55
DevSecOps Engineer with KoBold Metals
💰 $150K to $225K a year
👨💻 Remote from the United States, Canada
→ https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55
👉 Browse all 485 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55
DevSecOps Engineer with KoBold Metals
💰 $150K to $225K a year
👨💻 Remote from the United States, Canada
→ https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55
👉 Browse all 485 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts next month in Amsterdam: https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts next month in Amsterdam: https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
In this article, you will learn how the Vault Agent interacts with Vault and how it can be integrated with Kubernetes using response-wrapping tokens.
More: https://medium.com/google-cloud/vault-agent-with-gke-7b8731f32375
More: https://medium.com/google-cloud/vault-agent-with-gke-7b8731f32375
Learn how Aqua Security's Trivy now works with Kubernetes Bills of Material (KBOM) to scan for cluster vulnerabilities in real-time.
More: https://blog.aquasec.com/scanning-kbom-for-vulnerabilities-with-trivy
More: https://blog.aquasec.com/scanning-kbom-for-vulnerabilities-with-trivy
The article provides an overview of Kubernetes security concepts, focusing on NetworkPolicies, ServiceAccounts, and Security Contexts.
More: https://dev.to/mattiasfjellstrom/kubernetes-101-security-concepts-2f4f
More: https://dev.to/mattiasfjellstrom/kubernetes-101-security-concepts-2f4f
This tutorial explains configuring read-only access to EKS Pods across Namespaces using AWS IAM roles/groups and Kubernetes RBAC, detailing IAM policy creation, RBAC ClusterRole/RoleBindings, and
More: https://itnext.io/aws-elastic-kubernetes-service-rbac-authorization-via-aws-iam-and-rbac-groups-7b70ded144b5
kubectl access via AssumeRole.More: https://itnext.io/aws-elastic-kubernetes-service-rbac-authorization-via-aws-iam-and-rbac-groups-7b70ded144b5
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
💰 State of Kubernetes cost optimization
🙈 Bootstrap an air gapped cluster
✈️ Topology aware routing
🏃♂️ Velero AWS account migration
🐰 Video streaming at scale
Read it now: https://learnk8s.io/issues/61
💰 State of Kubernetes cost optimization
🙈 Bootstrap an air gapped cluster
✈️ Topology aware routing
🏃♂️ Velero AWS account migration
🐰 Video streaming at scale
Read it now: https://learnk8s.io/issues/61
In this article, you will learn how the vulnerability has been present since 2020 in the
More: https://garden.io/blog/aws-security-issue
eks.Cluster component of CDK and how it was identified and fixed.More: https://garden.io/blog/aws-security-issue
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55
DevSecOps Engineer with KoBold Metals
💰 $150K to $225K a year
👨💻 Remote from the United States, Canada
→ https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55
👉 Browse all 453 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55
DevSecOps Engineer with KoBold Metals
💰 $150K to $225K a year
👨💻 Remote from the United States, Canada
→ https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55
👉 Browse all 453 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts in 2 weeks (online) or on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts in 2 weeks (online) or on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various security concerns, such as:
- Run as non-root.
- Use a read-only root filesystem.
- Drop scary capabilities, don't add new ones.
- Don't run privileged.
More: https://github.com/Shopify/kubeaudit
- Run as non-root.
- Use a read-only root filesystem.
- Drop scary capabilities, don't add new ones.
- Don't run privileged.
More: https://github.com/Shopify/kubeaudit