In this article, you'll discuss three ways to secure Kubernetes pods using AppArmor, Seccomp, and immutable pods.
These techniques can help to prevent malicious attacks and protect your Kubernetes cluster.
More: https://medium.com/@seifeddinerajhi/securing-kubernetes-a-comprehensive-guide-to-runtime-security-and-system-hardening-33f5a5328f1
These techniques can help to prevent malicious attacks and protect your Kubernetes cluster.
More: https://medium.com/@seifeddinerajhi/securing-kubernetes-a-comprehensive-guide-to-runtime-security-and-system-hardening-33f5a5328f1
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55
👉 Browse all 456 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
DevSecOps Engineer with Verkada
💰 $130K to $280K a year
🏠 From the office in San Mateo, CA, USA
→ https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55
👉 Browse all 456 Kubernetes jobs on Kube Careers https://kube.careers
Kubeconform is a Kubernetes manifests validation tool.
Similar to Kubeval, but with the following improvements:
1. High performance.
2. Remote or local schemas locations.
3. Up-to-date schemas for all recent versions of Kubernetes.
More: https://github.com/yannh/kubeconform
Similar to Kubeval, but with the following improvements:
1. High performance.
2. Remote or local schemas locations.
3. Up-to-date schemas for all recent versions of Kubernetes.
More: https://github.com/yannh/kubeconform
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
This article will show how to implement a Zero Trust Architecture on Kubernetes with Istio.
1. What is Zero Trust Architecture.
2. Istio Architecture.
3. How to enable mTLS.
4. How to enable access control and authorization between your microservices.
More: https://medium.com/@lupass93/zero-trust-architecture-on-kubernetes-with-istio-service-mesh-eade6c5a3c53
1. What is Zero Trust Architecture.
2. Istio Architecture.
3. How to enable mTLS.
4. How to enable access control and authorization between your microservices.
More: https://medium.com/@lupass93/zero-trust-architecture-on-kubernetes-with-istio-service-mesh-eade6c5a3c53
Forwarded from LearnKube news
Get ready for a 3-part, free educational program on building Kubernetes platforms with Learnk8s and Loft labs!
Each session comes with a webinar, code samples and a step-by-step article:
- Unit 1: Architecting Kubernetes clusters: single shared cluster or to each their own.
- Unit 2: Kubernetes namespaces offer no isolation, and how you can work around it
- Unit 3: Building a self-serve Kubernetes platform from scratch
You can register here (it's free): https://www.vcluster.com/building-a-multi-tenant-kubernetes-platform/
Each session comes with a webinar, code samples and a step-by-step article:
- Unit 1: Architecting Kubernetes clusters: single shared cluster or to each their own.
- Unit 2: Kubernetes namespaces offer no isolation, and how you can work around it
- Unit 3: Building a self-serve Kubernetes platform from scratch
You can register here (it's free): https://www.vcluster.com/building-a-multi-tenant-kubernetes-platform/
Forwarded from LearnKube news
In this article, the author argues that Kubernetes needs a Long Term Release (LTS) plan in addition to keeping the current release cycle of one every 15 weeks.
Mat also cites the newly formed LTS workgroup as something to look forward to.
More: https://matduggan.com/why-kubernetes-needs-an-lts
Mat also cites the newly formed LTS workgroup as something to look forward to.
More: https://matduggan.com/why-kubernetes-needs-an-lts
This media is not supported in your browser
VIEW IN TELEGRAM
Zarf eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments.
More: https://github.com/defenseunicorns/zarf
More: https://github.com/defenseunicorns/zarf
Forwarded from Kube Careers
Kubernetes job trends: learn all about the latest salary trends, the most requested skills and which jobs are famous for remote work.
Kube Careers crunched the numbers for this latest report and found that:
💰 The average Kubernetes job pays from $144,030 to $202,202 in North America and from €64,023 to €84,584 in Europe.
🚉 The most sought-after roles are Software, Platform and Senior Reliability engineers (in this order).
🌎 72% of jobs include remote work, but only less than 1% are fully remote (no restrictions).
🏆 The top three technologies mentioned in each job denoscription are: Docker, Kafka and PostgreSQL.
It's always fascinating to look into the data and see how Kubernetes is perceived by employees and employers worldwide!
You can check out the full report here: https://kube.careers/state-of-kubernetes-jobs-2023-q4
Kube Careers crunched the numbers for this latest report and found that:
💰 The average Kubernetes job pays from $144,030 to $202,202 in North America and from €64,023 to €84,584 in Europe.
🚉 The most sought-after roles are Software, Platform and Senior Reliability engineers (in this order).
🌎 72% of jobs include remote work, but only less than 1% are fully remote (no restrictions).
🏆 The top three technologies mentioned in each job denoscription are: Docker, Kafka and PostgreSQL.
It's always fascinating to look into the data and see how Kubernetes is perceived by employees and employers worldwide!
You can check out the full report here: https://kube.careers/state-of-kubernetes-jobs-2023-q4
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
On average, Kubernetes nodes running on ARM instances are 20% cheaper than their AMD counterpart.
Optimising your cloud bill is tempting, but how do you seamlessly migrate existing workloads to a different architecture?
And how do you do it at scale, with more than 1500 engineers and 30 clusters in 4 regions?
In this episode of KubeFM, Thibault and Miguel explain how Adevinta built an internal platform on Kubernetes for mixed AMD and ARM workloads.
You will learn:
- The challenges they faced with validating containers for mixed architecture with a mutating webhook and the open source solution they came up with: noe.
- Building an internal platform requires careful planning and designing simple interfaces that are backwards compatible.
- How to not DDoS your container registries.
Watch it here: https://kube.fm/arm-nodes-thibault-miguel
Optimising your cloud bill is tempting, but how do you seamlessly migrate existing workloads to a different architecture?
And how do you do it at scale, with more than 1500 engineers and 30 clusters in 4 regions?
In this episode of KubeFM, Thibault and Miguel explain how Adevinta built an internal platform on Kubernetes for mixed AMD and ARM workloads.
You will learn:
- The challenges they faced with validating containers for mixed architecture with a mutating webhook and the open source solution they came up with: noe.
- Building an internal platform requires careful planning and designing simple interfaces that are backwards compatible.
- How to not DDoS your container registries.
Watch it here: https://kube.fm/arm-nodes-thibault-miguel
In this 2-part series, you will learn what admission webhooks are and when and how to use them.
You will also learn how to make your admission webhooks.
More: https://blog.wtcx.dev/2021/05/02/the-making-of-admission-webhooks-part-1-the-concept
You will also learn how to make your admission webhooks.
More: https://blog.wtcx.dev/2021/05/02/the-making-of-admission-webhooks-part-1-the-concept
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🧳 The State of Kubernetes Jobs
💸 Reducing Kubernetes cost by $300k
👵 Why Kubernetes needs an LTS
👷♀️ The making of admission webhooks
Read it now: https://learnk8s.io/issues/64
🧳 The State of Kubernetes Jobs
💸 Reducing Kubernetes cost by $300k
👵 Why Kubernetes needs an LTS
👷♀️ The making of admission webhooks
Read it now: https://learnk8s.io/issues/64
aws-auth-manager is a Kubernetes controller designed to manage the aws-auth ConfigMap in EKS using a new AWSAuthItem CRD.
More: https://github.com/maruina/aws-auth-manager
More: https://github.com/maruina/aws-auth-manager
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Whatnot
💰 $178K to $235K a year
👨💻 Remote from the United States
→ https://kube.careers/t/549e1e0d-82e4-431d-83a9-5f0dd82e1cf6?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
👉 Browse all 431 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Whatnot
💰 $178K to $235K a year
👨💻 Remote from the United States
→ https://kube.careers/t/549e1e0d-82e4-431d-83a9-5f0dd82e1cf6?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
👉 Browse all 431 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
This article teaches you the basics of RBAC (i.e. Role, ClusterRole, RoleBinding, and ClusterRoleBinding) and the advantages:
1. Granular control.
2. Centralized management.
3. Separation of responsibilities.
4. Least privilege principle.
More: https://medium.com/@ahmetmesutal/kubernetes-rbac-role-based-access-control-creating-serviceaccounts-useraccounts-116e4ecd0150
1. Granular control.
2. Centralized management.
3. Separation of responsibilities.
4. Least privilege principle.
More: https://medium.com/@ahmetmesutal/kubernetes-rbac-role-based-access-control-creating-serviceaccounts-useraccounts-116e4ecd0150
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
In this KubeFM episode, you will learn how to reduce your cloud bill by using mixed pools with AMD and ARM nodes in an EKS cluster.
Watch it here: https://kube.fm/arm-nodes-thibault-miguel
Watch it here: https://kube.fm/arm-nodes-thibault-miguel
Forwarded from LearnKube news
In this article, you will learn how to instrument your Kubernetes jobs and trace kernel panics back to Kubernetes using
More: https://netflixtechblog.com/kubernetes-and-kernel-panics-ed620b9c6225
netconsole and "Last Gasp" packets.More: https://netflixtechblog.com/kubernetes-and-kernel-panics-ed620b9c6225
In this case study, you'll learn how DoubleVerify's DevOps team used Kyverno to ensure critical workload protection, TLS compliance, and balancing developer ease with policy enforcement.
More: https://medium.com/doubleverify-engineering/runtime-kubernetes-policies-in-production-with-kyverno-6cb520d43bfd
More: https://medium.com/doubleverify-engineering/runtime-kubernetes-policies-in-production-with-kyverno-6cb520d43bfd
Forwarded from LearnKube news
ldap-operator is a Kubernetes operator for deploying and managing LDAP directories.
More: https://github.com/gpu-ninja/openldap-operator
More: https://github.com/gpu-ninja/openldap-operator
This repository contains a reading list for software supply-chain security.
More: https://github.com/chainguard-dev/ssc-reading-list
More: https://github.com/chainguard-dev/ssc-reading-list