Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Ensuring the repeatability of your infrastructure is a crucial aspect of managing Kubernetes clusters.
This allows you to swiftly tear down and set up a new one, a practice that is quite handy.
However, there are exceptional circumstances when your cluster becomes more than a disposable tool.
Dan shared, "A Kubernetes cluster will be treated as disposable until you deploy ingress, and then it becomes a pet."
In this episode, you will delve into the concept of 'disposable' and 'pet' Kubernetes clusters and learn:
- How you can use GitOps to create a repeatable infrastructure that syncs.
- How resources such as the Ingress and external-dns require careful maintenance and monitoring to make your cluster special.
- How Crossplane and vCluster help you define repeatable environments that are disposable.
- All the flavours for Argo: Workflows, Autopilot, CD, etc., and "Project" a newer abstraction to manage apps across environments.
Watch (or listen to) it here: https://kube.fm/ingress-gitops-dan
This allows you to swiftly tear down and set up a new one, a practice that is quite handy.
However, there are exceptional circumstances when your cluster becomes more than a disposable tool.
Dan shared, "A Kubernetes cluster will be treated as disposable until you deploy ingress, and then it becomes a pet."
In this episode, you will delve into the concept of 'disposable' and 'pet' Kubernetes clusters and learn:
- How you can use GitOps to create a repeatable infrastructure that syncs.
- How resources such as the Ingress and external-dns require careful maintenance and monitoring to make your cluster special.
- How Crossplane and vCluster help you define repeatable environments that are disposable.
- All the flavours for Argo: Workflows, Autopilot, CD, etc., and "Project" a newer abstraction to manage apps across environments.
Watch (or listen to) it here: https://kube.fm/ingress-gitops-dan
In this tutorial, you will learn how to set up OAuth2 Proxy to pass authentication headers to Kubernetes Dashboard, which doesn't provide its authentication but instead relies on Kubernetes' own RBAC auth.
More: https://geek-cookbook.funkypenguin.co.nz/recipes/kubernetes/oauth2-proxy
More: https://geek-cookbook.funkypenguin.co.nz/recipes/kubernetes/oauth2-proxy
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
💨 Airflow on Kubernetes for 2 years
📝 Learning apple/pkl
👋 Migrating from Pod Security Policies
👷🏻♂️ Build a Lightweight Internal Developer Platform with Argo CD and Kubernetes Labels
Read it now: https://learnk8s.io/issues/71
💨 Airflow on Kubernetes for 2 years
📝 Learning apple/pkl
👋 Migrating from Pod Security Policies
👷🏻♂️ Build a Lightweight Internal Developer Platform with Argo CD and Kubernetes Labels
Read it now: https://learnk8s.io/issues/71
In this article, you'll examine the Node authorization mode and the NodeRestriction admission controller.
These components play a crucial role in granting Kubelets the rights and privileges to access the essential resources required for their operation.
More: https://medium.com/@seifeddinerajhi/kubernetes-node-security-the-role-of-kubelet-authorization-366220051cb
These components play a crucial role in granting Kubelets the rights and privileges to access the essential resources required for their operation.
More: https://medium.com/@seifeddinerajhi/kubernetes-node-security-the-role-of-kubelet-authorization-366220051cb
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Hinge Health
💰 $189K to $283K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://kube.careers/t/7848823a-5edb-406f-86f8-a505220dc8e4?s=55
DevSecOps Engineer with PagerDuty
💰 $176K to $277K a year
🏠 From the office in Atlanta, GA, USA
→ https://kube.careers/t/f7204480-93a6-477a-996f-eee9e4c5f9bd?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Apollo
💰 $190K to $250K a year
🏠🏃🏻♂️🌎 Alhambra, CA, USA
→ https://kube.careers/t/8a1ea5dc-5d25-4ab0-95c8-d893bdb6249b?s=55
👉 Browse all 448 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Hinge Health
💰 $189K to $283K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://kube.careers/t/7848823a-5edb-406f-86f8-a505220dc8e4?s=55
DevSecOps Engineer with PagerDuty
💰 $176K to $277K a year
🏠 From the office in Atlanta, GA, USA
→ https://kube.careers/t/f7204480-93a6-477a-996f-eee9e4c5f9bd?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Apollo
💰 $190K to $250K a year
🏠🏃🏻♂️🌎 Alhambra, CA, USA
→ https://kube.careers/t/8a1ea5dc-5d25-4ab0-95c8-d893bdb6249b?s=55
👉 Browse all 448 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 18th of April: https://learnk8s.io/online-advanced-april-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 18th of April: https://learnk8s.io/online-advanced-april-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
Falco is a cloud-native security tool designed for Linux systems.
It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts.
More: https://falco.org
It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts.
More: https://falco.org
Forwarded from LearnKube news
Chaos Mesh brings various types of fault simulation to Kubernetes and can orchestrate fault scenarios.
It helps you simulate various abnormalities that might occur in reality during the development, testing, and production.
More: https://github.com/chaos-mesh/chaos-mesh
It helps you simulate various abnormalities that might occur in reality during the development, testing, and production.
More: https://github.com/chaos-mesh/chaos-mesh
Forwarded from Kube Architect
The ultimate goal of every GitOps setup is complete automation.
To operate a system hands-off, its monitoring and alerting must be reliable and comprehensive.
This tutorial will teach you how to monitor a FluxCD-operated GitOps setup on Kubernetes.
More: https://dev.to/mms-tech/monitoring-and-hardening-the-gitops-delivery-pipeline-with-flux-1gk
To operate a system hands-off, its monitoring and alerting must be reliable and comprehensive.
This tutorial will teach you how to monitor a FluxCD-operated GitOps setup on Kubernetes.
More: https://dev.to/mms-tech/monitoring-and-hardening-the-gitops-delivery-pipeline-with-flux-1gk
This article teaches you to manage Service Accounts securely by creating expirable tokens using projected volumes or the TokenRequest API.
It advises against non-expirable tokens, demonstrates auto-renewal, and how to prevent automatic token mounting.
More: https://adil.medium.com/how-to-use-tokenrequest-api-and-tokenvolume-projection-in-kubernetes-f007135b9994
It advises against non-expirable tokens, demonstrates auto-renewal, and how to prevent automatic token mounting.
More: https://adil.medium.com/how-to-use-tokenrequest-api-and-tokenvolume-projection-in-kubernetes-f007135b9994
Bank-Vaults is an umbrella project which provides various tools for Cloud Native secret management, including:
- Bank-Vaults CLI to configure Hashicorp Vault.
- Vault operator.
- Vault secrets webhook to inject secrets.
- Vault SDK
More: https://github.com/bank-vaults/bank-vaults
- Bank-Vaults CLI to configure Hashicorp Vault.
- Vault operator.
- Vault secrets webhook to inject secrets.
- Vault SDK
More: https://github.com/bank-vaults/bank-vaults
In this article, learn how ReadOnlyRootFilesystem enhances container security by enforcing immutability, thwarting attacks, and ensuring consistent deployments.
More: https://alexandre-vazquez.com/readonlyrootfilesystem
More: https://alexandre-vazquez.com/readonlyrootfilesystem
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🏅 Golden testing Helm
📈 Harnessing the power of metrics
1️⃣ Kubernetes Gateway API v1.0
📽️ How to use TokenRequest API and TokenVolume Projection
🪨 ReadOnlyRootFilesystem
Read it now: https://learnk8s.io/issues/72
🏅 Golden testing Helm
📈 Harnessing the power of metrics
1️⃣ Kubernetes Gateway API v1.0
📽️ How to use TokenRequest API and TokenVolume Projection
🪨 ReadOnlyRootFilesystem
Read it now: https://learnk8s.io/issues/72
The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using
More: https://github.com/brancz/kube-rbac-proxy
SubjectAccessReview.More: https://github.com/brancz/kube-rbac-proxy
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with PagerDuty
💰 $176K to $277K a year
🏠 From the office in Atlanta, GA, USA
→ https://kube.careers/t/f7204480-93a6-477a-996f-eee9e4c5f9bd?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
👉 Browse all 449 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with PagerDuty
💰 $176K to $277K a year
🏠 From the office in Atlanta, GA, USA
→ https://kube.careers/t/f7204480-93a6-477a-996f-eee9e4c5f9bd?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
Security Architect with Collectors
💰 $160K to $250K a year
🏠 From the office in Santa Ana, CA, USA
→ https://kube.careers/t/b13459c6-6642-4c50-bdc0-c95a11cdd990?s=55
👉 Browse all 449 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 18th of April: https://learnk8s.io/online-advanced-april-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts on the 18th of April: https://learnk8s.io/online-advanced-april-2024
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
This article discusses how the Sonatype Security Research team uncovered a malware campaign using npm packages to target Kubernetes configurations and SSH keys.
More: https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys
More: https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys
In this tutorial, you'll learn how to set up a cert-manager to create and renew certifications automatically.
You'll also set up a
More: https://medium.com/@kevinlutzer9/managed-ssl-certs-for-a-private-kubernetes-cluster-with-cloudflare-cert-manager-and-lets-encrypt-7987ba19044f
You'll also set up a
hello-world deployment and service to test HTTPS traffic via a Kubernetes Ingress.More: https://medium.com/@kevinlutzer9/managed-ssl-certs-for-a-private-kubernetes-cluster-with-cloudflare-cert-manager-and-lets-encrypt-7987ba19044f
AWS EKS Security Groups Per Pod is a feature that allows you to assign security groups to individual Kubernetes pods.
This gives you more granular control over the network traffic flowing to and from each pod.
Learn how to use it in this guide.
More: https://medium.com/@seifeddinerajhi/aws-eks-security-groups-per-pod-improve-the-security-of-your-kubernetes-clusters-a23a961793dc
This gives you more granular control over the network traffic flowing to and from each pod.
Learn how to use it in this guide.
More: https://medium.com/@seifeddinerajhi/aws-eks-security-groups-per-pod-improve-the-security-of-your-kubernetes-clusters-a23a961793dc
Kubeconform is a Kubernetes manifests validation tool.
Similar to Kubeval, but with the following improvements:
1. High performance.
2. Remote or local schema locations
3. Up-to-date schemas for all recent versions of Kubernetes.
More: https://github.com/yannh/kubeconform
Similar to Kubeval, but with the following improvements:
1. High performance.
2. Remote or local schema locations
3. Up-to-date schemas for all recent versions of Kubernetes.
More: https://github.com/yannh/kubeconform
Kubeconform is a Kubernetes manifests validation tool.
Similar to Kubeval, but with the following improvements:
1. High performance.
2. Remote or local schema locations
3. Up-to-date schemas for all recent versions of Kubernetes.
More: https://github.com/yannh/kubeconform
Similar to Kubeval, but with the following improvements:
1. High performance.
2. Remote or local schema locations
3. Up-to-date schemas for all recent versions of Kubernetes.
More: https://github.com/yannh/kubeconform