In this 2-part series, you will learn what admission webhooks are and when and how to use them.
You will also learn how to make your admission webhooks.
More: https://blog.wtcx.dev/2021/05/02/the-making-of-admission-webhooks-part-1-the-concept
You will also learn how to make your admission webhooks.
More: https://blog.wtcx.dev/2021/05/02/the-making-of-admission-webhooks-part-1-the-concept
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🧳 The State of Kubernetes Jobs
💸 Reducing Kubernetes cost by $300k
👵 Why Kubernetes needs an LTS
👷♀️ The making of admission webhooks
Read it now: https://learnk8s.io/issues/64
🧳 The State of Kubernetes Jobs
💸 Reducing Kubernetes cost by $300k
👵 Why Kubernetes needs an LTS
👷♀️ The making of admission webhooks
Read it now: https://learnk8s.io/issues/64
aws-auth-manager is a Kubernetes controller designed to manage the aws-auth ConfigMap in EKS using a new AWSAuthItem CRD.
More: https://github.com/maruina/aws-auth-manager
More: https://github.com/maruina/aws-auth-manager
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Whatnot
💰 $178K to $235K a year
👨💻 Remote from the United States
→ https://kube.careers/t/549e1e0d-82e4-431d-83a9-5f0dd82e1cf6?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
👉 Browse all 431 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Whatnot
💰 $178K to $235K a year
👨💻 Remote from the United States
→ https://kube.careers/t/549e1e0d-82e4-431d-83a9-5f0dd82e1cf6?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
👉 Browse all 431 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
This article teaches you the basics of RBAC (i.e. Role, ClusterRole, RoleBinding, and ClusterRoleBinding) and the advantages:
1. Granular control.
2. Centralized management.
3. Separation of responsibilities.
4. Least privilege principle.
More: https://medium.com/@ahmetmesutal/kubernetes-rbac-role-based-access-control-creating-serviceaccounts-useraccounts-116e4ecd0150
1. Granular control.
2. Centralized management.
3. Separation of responsibilities.
4. Least privilege principle.
More: https://medium.com/@ahmetmesutal/kubernetes-rbac-role-based-access-control-creating-serviceaccounts-useraccounts-116e4ecd0150
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
In this KubeFM episode, you will learn how to reduce your cloud bill by using mixed pools with AMD and ARM nodes in an EKS cluster.
Watch it here: https://kube.fm/arm-nodes-thibault-miguel
Watch it here: https://kube.fm/arm-nodes-thibault-miguel
Forwarded from LearnKube news
In this article, you will learn how to instrument your Kubernetes jobs and trace kernel panics back to Kubernetes using
More: https://netflixtechblog.com/kubernetes-and-kernel-panics-ed620b9c6225
netconsole and "Last Gasp" packets.More: https://netflixtechblog.com/kubernetes-and-kernel-panics-ed620b9c6225
In this case study, you'll learn how DoubleVerify's DevOps team used Kyverno to ensure critical workload protection, TLS compliance, and balancing developer ease with policy enforcement.
More: https://medium.com/doubleverify-engineering/runtime-kubernetes-policies-in-production-with-kyverno-6cb520d43bfd
More: https://medium.com/doubleverify-engineering/runtime-kubernetes-policies-in-production-with-kyverno-6cb520d43bfd
Forwarded from LearnKube news
ldap-operator is a Kubernetes operator for deploying and managing LDAP directories.
More: https://github.com/gpu-ninja/openldap-operator
More: https://github.com/gpu-ninja/openldap-operator
This repository contains a reading list for software supply-chain security.
More: https://github.com/chainguard-dev/ssc-reading-list
More: https://github.com/chainguard-dev/ssc-reading-list
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Pod Topology Spread Constraints is a convenient feature to control how pods are spread across your cluster among failure domains such as regions, zones, nodes, etc.
You can also choose the pod distribution (skew), what happens when the constraint is unfulfillable (schedule anyway vs don't) and the interaction with pod affinity and taints.
It's a great and straightforward feature, so what could possibly go wrong?
In this episode of KubeFM, you will follow Martin and his team's journey in discovering and fixing a production incident (on a Friday afternoon) due to a misconfiguration.
You will also learn:
- What are Pod Topology Spread Constraints, and how to use them?
- How unfulfillable scheduling requirements could lead to un-schedulable pods.
- How to detect and alert on unscheduled pods.
- How to manage your team during an incident to keep them calm and focused.
Watch (or listen to) it here: https://kube.fm/pod-topology-martin
You can also choose the pod distribution (skew), what happens when the constraint is unfulfillable (schedule anyway vs don't) and the interaction with pod affinity and taints.
It's a great and straightforward feature, so what could possibly go wrong?
In this episode of KubeFM, you will follow Martin and his team's journey in discovering and fixing a production incident (on a Friday afternoon) due to a misconfiguration.
You will also learn:
- What are Pod Topology Spread Constraints, and how to use them?
- How unfulfillable scheduling requirements could lead to un-schedulable pods.
- How to detect and alert on unscheduled pods.
- How to manage your team during an incident to keep them calm and focused.
Watch (or listen to) it here: https://kube.fm/pod-topology-martin
This article teaches how to securely add and manage secrets in AWS Secrets Manager for API integration, handling challenges like pod creation success and container startup failures due to secret update issues.
More: https://ahmedghazey.medium.com/manage-secrets-on-aws-and-helm-as-environment-variables-f7ec998c58fc
More: https://ahmedghazey.medium.com/manage-secrets-on-aws-and-helm-as-environment-variables-f7ec998c58fc
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
📊 Design and implementation of the VPA
↔️ Expanding persistent volumes
🥅 Cilium Cluster Mesh + CoreDNS
🥇 The best OS for Kubernetes
😱 Kubernetes and kernel panics
Read it now: https://learnk8s.io/issues/65
📊 Design and implementation of the VPA
↔️ Expanding persistent volumes
🥅 Cilium Cluster Mesh + CoreDNS
🥇 The best OS for Kubernetes
😱 Kubernetes and kernel panics
Read it now: https://learnk8s.io/issues/65
This workshop will introduce you to the application development cycle leveraging OpenShift's tooling & features, focusing on securing your environment using Advanced Cluster Security for Kubernetes (ACS).
More: https://devsecops-workshop.github.io
More: https://devsecops-workshop.github.io
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Whatnot
💰 $178K to $235K a year
👨💻 Remote from the United States
→ https://kube.careers/t/549e1e0d-82e4-431d-83a9-5f0dd82e1cf6?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
👉 Browse all 403 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Whatnot
💰 $178K to $235K a year
👨💻 Remote from the United States
→ https://kube.careers/t/549e1e0d-82e4-431d-83a9-5f0dd82e1cf6?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
👉 Browse all 403 Kubernetes jobs on Kube Careers https://kube.careers
Validkube combines the best open-source tools to help ensure Kubernetes YAML best practices, hygiene & security.
More: https://github.com/komodorio/validkube
More: https://github.com/komodorio/validkube
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
This article teaches how to hunt and build detections for critical threats, including Initial Access, Privilege Escalation, Defense Evasion and Discovery.
You'll explore practical examples, including what a log would look like and how to detect it.
More: https://medium.com/snowflake/from-logs-to-detection-using-snowflake-and-panther-to-detect-k8s-threats-d72f70a504d7
You'll explore practical examples, including what a log would look like and how to detect it.
More: https://medium.com/snowflake/from-logs-to-detection-using-snowflake-and-panther-to-detect-k8s-threats-d72f70a504d7
The Otterize Credentials Operator automatically resolves pods to dev-friendly service names, registers them with a SPIRE server or with Otterize Cloud, and optionally provisions credentials as Kubernetes secrets.
More: https://github.com/otterize/credentials-operator
More: https://github.com/otterize/credentials-operator
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
How hard could it be to debug a network issue where pod connections time out?
It could take weeks if you are (un)fortunate like Alex.
But Alex and his team didn't despair and found strength in adversity while learning several Kubernetes networking and kubespray lessons.
In this KubeFM episode, you'll follow their journey and learn:
- How a simple connection refused led to debugging the kernel syscalls.
- How MetalLB works and uses Dynamic Admission webhooks.
- How Calico works and assigns a range of IP addresses to pods (and what you should watch out for).
- How to use
Watch (or listen to) it here: https://kube.fm/troubleshooting-kernel-alex
It could take weeks if you are (un)fortunate like Alex.
But Alex and his team didn't despair and found strength in adversity while learning several Kubernetes networking and kubespray lessons.
In this KubeFM episode, you'll follow their journey and learn:
- How a simple connection refused led to debugging the kernel syscalls.
- How MetalLB works and uses Dynamic Admission webhooks.
- How Calico works and assigns a range of IP addresses to pods (and what you should watch out for).
- How to use
tcpdump and strace to debug network traffic.Watch (or listen to) it here: https://kube.fm/troubleshooting-kernel-alex