This week on the Learn Kubernetes Weekly:

⛵️ From RSS to WSS: Kubernetes memory metrics
⏩ Portless ports
📝 Trusting self-signed certificates
🔗 Binding to Low Ports as a Non-root User
⚙️ PIDs limit: how to change them

Read it now: https://learnk8s.io/issues/60

This article explores the fundamental concepts, syntax, semantics, and implementation considerations associated with Network Policies.

It also delves into best practices and real-world examples to illustrate their practical application and benefits.

More: https://blog.slycreator.com/network-policies-understanding-kubernetes-network-policies

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55

Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55

DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻‍♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55

DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55

DevSecOps Engineer with KoBold Metals
💰 $150K to $225K a year
👨‍💻 Remote from the United States, Canada
→ https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55

👉 Browse all 485 Kubernetes jobs on Kube Careers https://kube.careers

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The next course starts next month in Amsterdam: https://learnk8s.io/amsterdam-advanced-february-2024

We also run in-person courses and corporate training: https://learnk8s.io/corporate-training

In this article, you will learn how the Vault Agent interacts with Vault and how it can be integrated with Kubernetes using response-wrapping tokens.

More: https://medium.com/google-cloud/vault-agent-with-gke-7b8731f32375

Learn how Aqua Security's Trivy now works with Kubernetes Bills of Material (KBOM) to scan for cluster vulnerabilities in real-time.

More: https://blog.aquasec.com/scanning-kbom-for-vulnerabilities-with-trivy

The article provides an overview of Kubernetes security concepts, focusing on NetworkPolicies, ServiceAccounts, and Security Contexts.

More: https://dev.to/mattiasfjellstrom/kubernetes-101-security-concepts-2f4f

This tutorial explains configuring read-only access to EKS Pods across Namespaces using AWS IAM roles/groups and Kubernetes RBAC, detailing IAM policy creation, RBAC ClusterRole/RoleBindings, and kubectl access via AssumeRole.

More: https://itnext.io/aws-elastic-kubernetes-service-rbac-authorization-via-aws-iam-and-rbac-groups-7b70ded144b5

This week on the Learn Kubernetes Weekly:

💰 State of Kubernetes cost optimization
🙈 Bootstrap an air gapped cluster
✈️ Topology aware routing
🏃‍♂️ Velero AWS account migration
🐰 Video streaming at scale

Read it now: https://learnk8s.io/issues/61

In this article, you will learn how the vulnerability has been present since 2020 in the eks.Cluster component of CDK and how it was identified and fixed.

More: https://garden.io/blog/aws-security-issue

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55

Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55

DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻‍♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55

DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55

DevSecOps Engineer with KoBold Metals
💰 $150K to $225K a year
👨‍💻 Remote from the United States, Canada
→ https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55

👉 Browse all 453 Kubernetes jobs on Kube Careers https://kube.careers

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The next course starts in 2 weeks (online) or on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024

We also run in-person courses and corporate training: https://learnk8s.io/corporate-training

kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various security concerns, such as:

- Run as non-root.
- Use a read-only root filesystem.
- Drop scary capabilities, don't add new ones.
- Don't run privileged.

More: https://github.com/Shopify/kubeaudit

You can keep updated with the latest Kubernetes news, events, job opportunities and podcasts on Mastodon!

We've been on Mastodon for a while now, but since December 2023, we decided to migrate all our accounts to a private Mastodon instance: Learnk8s.news

Here's the list of all accounts and their handles:

- Learnk8s (Kubernetes news) https://learnk8s.news/@learnk8s
- Kubernetes Architect (K8s architecting and developing apps) https://learnk8s.news/@k8sarchitect
- Kubesploit (K8s Security) https://learnk8s.news/@kubesploit
- K3sDaily (K3s news) https://learnk8s.news/@k3sdaily
- Kube Careers (K8s Jobs) https://learnk8s.news/@KubeCareers
- Kube Events (K8s events) https://learnk8s.news/@k8sevents
- KubeFM (K8s podcast) https://learnk8s.news/@k8sfm

Of course, you can also find us on X/Twitter, LinkedIn, Facebook and Telegram. You can find all the links here: https://learnk8s.io/news-events-jobs

In this article, you'll look at the essential components needed to make your Kubernetes deployments secure, fast and reliable and answer what is required to build a complete DevSecOps platform on Kubernetes.

More: https://www.stakater.com/post/the-essentials-for-building-a-devsecops-platform-on-kubernetes

The Kubernetes Security Profiles Operator aims to make it easier for users to use SELinux, seccomp and AppArmor in Kubernetes clusters.

More: https://github.com/kubernetes-sigs/security-profiles-operator

What if Kubernetes was so easy to install and manage to be foolproof?

In this KubeFM, Mat argues that GKE is the only Kubernetes managed service that offers a beginner-friendly and thought-through experience in running a Kubernetes cluster.

Follow Mat's journey to AKS, GKE and EJS and learn:

- How GKE autopilot can help you optimize costs and reduce underutilized node resources.
- How the GKE container-optimized OS prevents and eliminates an entire set of security misconfigurations in node management.
- How GCP's application of machine learning on the IAM permissions can help you gradually refine security permissions as applications are deployed.

Watch it here: https://kube.fm/foolproof-gke-mat

Listen on:

- Apple Podcast https://kube.fm/apple
- Spotify https://kube.fm/spotify
- Amazon Music https://kube.fm/amazon
- Overcast https://kube.fm/overcast
- Pocket casts https://kube.fm/pocket-casts
- Deezer https://kube.fm/deezer

In this tutorial, you will use the open-source tool Zarf to deploy a Podinfo with Flux application to a Kubernetes cluster.

Then, you will test the same deployment but air-gapped.

More: https://medium.com/defense-unicorns/using-zarf-to-deploy-a-podinfo-flux-application-in-a-kubernetes-cluster-22dc6c02510c

This week on the Learn Kubernetes Weekly:

📊 The case for Kubernetes resource limits
❌ 3 common mistakes with PromQL
🤔 Different kinds of managed Kubernetes
⚛️ Helm's atomic
🤒 High availability for pods

Read it now: https://learnk8s.io/issues/62

This project provides an OCI hook to generate seccomp profiles by tracing the syscalls made by the container.

The generated profile would allow all the syscalls made and deny every other syscall.

More: https://github.com/containers/oci-seccomp-bpf-hook

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55

Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55

DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻‍♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55

DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55

DevSecOps Engineer with KoBold Metals
💰 $150K to $225K a year
👨‍💻 Remote from the United States, Canada
→ https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55

👉 Browse all 469 Kubernetes jobs on Kube Careers https://kube.careers