Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
📊 Design and implementation of the VPA
↔️ Expanding persistent volumes
🥅 Cilium Cluster Mesh + CoreDNS
🥇 The best OS for Kubernetes
😱 Kubernetes and kernel panics
Read it now: https://learnk8s.io/issues/65
📊 Design and implementation of the VPA
↔️ Expanding persistent volumes
🥅 Cilium Cluster Mesh + CoreDNS
🥇 The best OS for Kubernetes
😱 Kubernetes and kernel panics
Read it now: https://learnk8s.io/issues/65
This workshop will introduce you to the application development cycle leveraging OpenShift's tooling & features, focusing on securing your environment using Advanced Cluster Security for Kubernetes (ACS).
More: https://devsecops-workshop.github.io
More: https://devsecops-workshop.github.io
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Whatnot
💰 $178K to $235K a year
👨💻 Remote from the United States
→ https://kube.careers/t/549e1e0d-82e4-431d-83a9-5f0dd82e1cf6?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
👉 Browse all 403 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
DevSecOps Engineer with Whatnot
💰 $178K to $235K a year
👨💻 Remote from the United States
→ https://kube.careers/t/549e1e0d-82e4-431d-83a9-5f0dd82e1cf6?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
👉 Browse all 403 Kubernetes jobs on Kube Careers https://kube.careers
Validkube combines the best open-source tools to help ensure Kubernetes YAML best practices, hygiene & security.
More: https://github.com/komodorio/validkube
More: https://github.com/komodorio/validkube
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
This article teaches how to hunt and build detections for critical threats, including Initial Access, Privilege Escalation, Defense Evasion and Discovery.
You'll explore practical examples, including what a log would look like and how to detect it.
More: https://medium.com/snowflake/from-logs-to-detection-using-snowflake-and-panther-to-detect-k8s-threats-d72f70a504d7
You'll explore practical examples, including what a log would look like and how to detect it.
More: https://medium.com/snowflake/from-logs-to-detection-using-snowflake-and-panther-to-detect-k8s-threats-d72f70a504d7
The Otterize Credentials Operator automatically resolves pods to dev-friendly service names, registers them with a SPIRE server or with Otterize Cloud, and optionally provisions credentials as Kubernetes secrets.
More: https://github.com/otterize/credentials-operator
More: https://github.com/otterize/credentials-operator
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
How hard could it be to debug a network issue where pod connections time out?
It could take weeks if you are (un)fortunate like Alex.
But Alex and his team didn't despair and found strength in adversity while learning several Kubernetes networking and kubespray lessons.
In this KubeFM episode, you'll follow their journey and learn:
- How a simple connection refused led to debugging the kernel syscalls.
- How MetalLB works and uses Dynamic Admission webhooks.
- How Calico works and assigns a range of IP addresses to pods (and what you should watch out for).
- How to use
Watch (or listen to) it here: https://kube.fm/troubleshooting-kernel-alex
It could take weeks if you are (un)fortunate like Alex.
But Alex and his team didn't despair and found strength in adversity while learning several Kubernetes networking and kubespray lessons.
In this KubeFM episode, you'll follow their journey and learn:
- How a simple connection refused led to debugging the kernel syscalls.
- How MetalLB works and uses Dynamic Admission webhooks.
- How Calico works and assigns a range of IP addresses to pods (and what you should watch out for).
- How to use
tcpdump and strace to debug network traffic.Watch (or listen to) it here: https://kube.fm/troubleshooting-kernel-alex
This article delves into Kubernetes ingress nginx controller vulnerabilities, mainly CVE-2023-5044's exploitation using annotations, Lua and command injection, highlighting its (low) risk due to role-based permissions.
More: https://raesene.github.io/blog/2023/10/29/exploiting-CVE-2023-5044
More: https://raesene.github.io/blog/2023/10/29/exploiting-CVE-2023-5044
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
📈 Performance testing for CoreDNS
🕵️♀️ Using Snowflake to detect threats
♻️ Argo workflows: proven patterns
👆 You should care about container requests and limits
📐 Memory limit and request in JVM
Read it now: https://learnk8s.io/issues/66
📈 Performance testing for CoreDNS
🕵️♀️ Using Snowflake to detect threats
♻️ Argo workflows: proven patterns
👆 You should care about container requests and limits
📐 Memory limit and request in JVM
Read it now: https://learnk8s.io/issues/66
IAM EKS user mapper aims to automatically give selected AWS IAM users access to your Kubernetes cluster.
More: https://github.com/Qovery/iam-eks-user-mapper
More: https://github.com/Qovery/iam-eks-user-mapper
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Apollo
💰 $190K to $250K a year
🏠🏃🏻♂️🌎 Alhambra, CA, USA
→ https://kube.careers/t/8a1ea5dc-5d25-4ab0-95c8-d893bdb6249b?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
👉 Browse all 455 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Apollo
💰 $190K to $250K a year
🏠🏃🏻♂️🌎 Alhambra, CA, USA
→ https://kube.careers/t/8a1ea5dc-5d25-4ab0-95c8-d893bdb6249b?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
👉 Browse all 455 Kubernetes jobs on Kube Careers https://kube.careers
AquaSec found exposed, often unencrypted Kubernetes Secrets in public repositories, with 46% exploitable, stressing the need for robust practices and proper secret scanning tool usage.
More: https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
More: https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
Learn to secure Kubernetes deployments with Kyverno: enforce policies on image signatures using Cosign, and manage container lifecycles from creation to cluster deployment with authentication checks.
More: https://blog.devops.dev/dumb-little-things-you-can-to-secure-k8s-container-signing-with-kyverno-and-cosign-fc4630177617
More: https://blog.devops.dev/dumb-little-things-you-can-to-secure-k8s-container-signing-with-kyverno-and-cosign-fc4630177617
In this article, you'll learn the importance of the Software Bill of Material (SBOM) and how Trivy, a security scanner, identifies vulnerabilities in SBOMs, along with suggesting potential fixes.
More: https://medium.com/@krishnaduttpanchagnula/vulnerability-identification-of-images-and-files-using-sbom-with-trivy-23e1a4a5eea4
More: https://medium.com/@krishnaduttpanchagnula/vulnerability-identification-of-images-and-files-using-sbom-with-trivy-23e1a4a5eea4
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Is sharing a cluster with multiple tenants worth it?
Should you share or have a single dedicated cluster per team?
In this KubeFM episode, Artem revisits his journey into Kubernetes multi-tenancy and discusses how the landscapes (and opinions) on multi-tenancy have changed over the years.
Here's what you will learn:
- The trade-offs of multi-tenancy and the tooling necessary to make it happen (e.g. vCluster, Argo CD, Kamaji, etc.).
- The challenges of providing isolated monitoring and logging for tenants.
- How to design and architect a platform on Kubernetes to optimise your developer's experience.
Watch (or listen to) it here: https://kube.fm/multitenancy-artem
Should you share or have a single dedicated cluster per team?
In this KubeFM episode, Artem revisits his journey into Kubernetes multi-tenancy and discusses how the landscapes (and opinions) on multi-tenancy have changed over the years.
Here's what you will learn:
- The trade-offs of multi-tenancy and the tooling necessary to make it happen (e.g. vCluster, Argo CD, Kamaji, etc.).
- The challenges of providing isolated monitoring and logging for tenants.
- How to design and architect a platform on Kubernetes to optimise your developer's experience.
Watch (or listen to) it here: https://kube.fm/multitenancy-artem
This article teaches methods to identify and exploit vulnerabilities in Kubernetes clusters by scanning for insecure API endpoints using tools like shodan·io, search·censys·io, and kube-hunter.
More: https://manojdeshmukh45.medium.com/ways-to-get-into-the-kubernetes-cluster-part-1-2e86c3dea123
More: https://manojdeshmukh45.medium.com/ways-to-get-into-the-kubernetes-cluster-part-1-2e86c3dea123
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
💥 Health check crashes when over-loaded with requests
☕️ Kubernetes & JVM
⏰ Supply chain attack bomb
🏎️ Speeding up CI with Buildkit
🤔 Native sidecar containers
Read it now: https://learnk8s.io/issues/67
💥 Health check crashes when over-loaded with requests
☕️ Kubernetes & JVM
⏰ Supply chain attack bomb
🏎️ Speeding up CI with Buildkit
🤔 Native sidecar containers
Read it now: https://learnk8s.io/issues/67
In this article, you will verify how Workload Identities in AKS can work across tenants — where a Pod in a cluster can access Azure resources within another tenant.
More: https://paulyu.dev/article/cross-tenant-workload-identity-on-aks
More: https://paulyu.dev/article/cross-tenant-workload-identity-on-aks
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Apollo
💰 $190K to $250K a year
🏠🏃🏻♂️🌎 Alhambra, CA, USA
→ https://kube.careers/t/8a1ea5dc-5d25-4ab0-95c8-d893bdb6249b?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
👉 Browse all 459 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Apollo
💰 $190K to $250K a year
🏠🏃🏻♂️🌎 Alhambra, CA, USA
→ https://kube.careers/t/8a1ea5dc-5d25-4ab0-95c8-d893bdb6249b?s=55
Security Architect with Sigma Computing
💰 $190K to $250K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55
DevSecOps Engineer with Palo Alto Networks
💰 $180.2K to $236.5K a year
🏠🏃🏻♂️🌎 Santa Clara, CA, USA
→ https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55
👉 Browse all 459 Kubernetes jobs on Kube Careers https://kube.careers
The Otterize intents operator is a tool used to easily automate the creation of network policies and Kafka ACLs in a Kubernetes cluster using a human-readable format via a custom resource.
More: https://github.com/otterize/intents-operator
More: https://github.com/otterize/intents-operator