The article explores enabling Istio to trust certificates from multiple root CAs, which is crucial for multi-cluster Istio meshes.
It details a disaster recovery use case providing a step-by-step guide for configuring trust using secrets and encryption.
More: https://medium.com/tenets/istio-assuming-trust-between-clusters-in-the-same-mesh-with-different-cas-934ec398a9b5
It details a disaster recovery use case providing a step-by-step guide for configuring trust using secrets and encryption.
More: https://medium.com/tenets/istio-assuming-trust-between-clusters-in-the-same-mesh-with-different-cas-934ec398a9b5
Forwarded from LearnKube news
Creating and deleting Pods is one of the most common tasks in Kubernetes.
In this article, you will learn how to prevent broken connections when a Pod starts up or shuts down (and how to shut down long-running tasks gracefully).
Read the full article: https://learnk8s.io/graceful-shutdown
In this article, you will learn how to prevent broken connections when a Pod starts up or shuts down (and how to shut down long-running tasks gracefully).
Read the full article: https://learnk8s.io/graceful-shutdown
If you are an admin running a Kubernetes cluster on AWS, you already need to manage AWS IAM credentials to provision and update the cluster.
You avoid managing a separate credential for Kubernetes access by using AWS IAM Authenticator for Kubernetes.
More: https://github.com/kubernetes-sigs/aws-iam-authenticator
You avoid managing a separate credential for Kubernetes access by using AWS IAM Authenticator for Kubernetes.
More: https://github.com/kubernetes-sigs/aws-iam-authenticator
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
In this KubeFM episode, Mat discusses the necessity of long-term support for Kubernetes and explores the intricacies of managing Kubernetes upgrades in a fast-evolving landscape.
You will learn:
- The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles.
- Strategies for managing Kubernetes upgrades, including insights into the release cycle and the potential pitfalls of the upgrading process.
- The role of managed services and semi-automatic upgrades in simplifying Kubernetes maintenance for organizations, especially in cost optimization and resource constraints.
Watch (or listen to) it here: https://kube.fm/kubernetes-lts-mat
You will learn:
- The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles.
- Strategies for managing Kubernetes upgrades, including insights into the release cycle and the potential pitfalls of the upgrading process.
- The role of managed services and semi-automatic upgrades in simplifying Kubernetes maintenance for organizations, especially in cost optimization and resource constraints.
Watch (or listen to) it here: https://kube.fm/kubernetes-lts-mat
In this detailed article, you will learn about Admission Webhooks, how to use them, and how to build your own.
It also includes an interesting comparison to Aspect-oriented programming (AOP) and a list of pitfalls you should avoid.
More: https://gemovationlabs.com/kubernetes-webhooks-explained.html
It also includes an interesting comparison to Aspect-oriented programming (AOP) and a list of pitfalls you should avoid.
More: https://gemovationlabs.com/kubernetes-webhooks-explained.html
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
💣 One bad probe away from disaster
💰 Autonomous cost optimization
📈 Customizing Kubernetes Resource Management using NRI
👯♀️ HA app on Kubernetes
♻️ Kafka cluster to Kubernetes
Read it now: https://learnk8s.io/issues/76
💣 One bad probe away from disaster
💰 Autonomous cost optimization
📈 Customizing Kubernetes Resource Management using NRI
👯♀️ HA app on Kubernetes
♻️ Kafka cluster to Kubernetes
Read it now: https://learnk8s.io/issues/76
kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication, also known as kubectl oidc-login.
More: https://github.com/int128/kubelogin
More: https://github.com/int128/kubelogin
Forwarded from Kube Architect
Chaos Mesh brings various types of fault simulation to Kubernetes and can orchestrate fault scenarios.
It helps you simulate various abnormalities that might occur in reality during the development, testing, and production.
More: https://chaos-mesh.org
It helps you simulate various abnormalities that might occur in reality during the development, testing, and production.
More: https://chaos-mesh.org
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Anthropic
💰 $300K to $405K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/6a4b5616-64d0-4855-9e10-a0c2b7cefcca?s=55
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 437 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Anthropic
💰 $300K to $405K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/6a4b5616-64d0-4855-9e10-a0c2b7cefcca?s=55
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 437 Kubernetes jobs on Kube Careers https://kube.careers
This article argues, and demonstrates that Distroless containers are not immune to unconventional hacking methods just because shell programs aren't included in the image.
More: https://medium.com/@hkoushik/abusing-a-distroless-container-afb74a6dc162
More: https://medium.com/@hkoushik/abusing-a-distroless-container-afb74a6dc162
In this article, you'll learn how to secure EKS by intentionally attaching the wrong policies to pods and hacking the cluster.
You will misconfigure AWS Identity and Access Management (IAM) roles for the service accounts (IRSA) feature.
More: https://medium.com/@bingolbalihasan/hacking-kubernetes-in-aws-54f4681f1478
You will misconfigure AWS Identity and Access Management (IAM) roles for the service accounts (IRSA) feature.
More: https://medium.com/@bingolbalihasan/hacking-kubernetes-in-aws-54f4681f1478
This article teaches how to use the Secrets Store CSI driver to mount secrets to Kubernetes pods and covers how to configure and simulate the CSI driver failover feature.
More: https://medium.com/@dksoni4530/how-to-use-the-secrets-store-csi-driver-to-mount-secrets-to-kubernetes-pods-e0e61b481d79
More: https://medium.com/@dksoni4530/how-to-use-the-secrets-store-csi-driver-to-mount-secrets-to-kubernetes-pods-e0e61b481d79
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
In this KubeFM episode, Alexander Block delves into the intricacies of Kubernetes templating and deployment tools, sharing his journey from frustration with existing solutions to creating his tool, kluctl.
Alex also discusses the challenges and solutions in Kubernetes templating and deployment, emphasizing the need for more adaptable tools in the Kubernetes ecosystem.
You will learn:
- The fundamental flaws of Helm and how they impact Kubernetes deployments and tools packaging.
- How tools such as Kustomize, CUE, jsonnet are only a partial solution to templating.
- Alternatives to Helm and the future of Kubernetes resource templating and distribution.
Watch (or listen to) it here: https://kube.fm/kluctl-templating-codablock
Alex also discusses the challenges and solutions in Kubernetes templating and deployment, emphasizing the need for more adaptable tools in the Kubernetes ecosystem.
You will learn:
- The fundamental flaws of Helm and how they impact Kubernetes deployments and tools packaging.
- How tools such as Kustomize, CUE, jsonnet are only a partial solution to templating.
- Alternatives to Helm and the future of Kubernetes resource templating and distribution.
Watch (or listen to) it here: https://kube.fm/kluctl-templating-codablock
KBOM (Kubernetes Bill of Materials) is a CLI tool that can generate a software bill of materials for your Kubernetes cluster.
More: https://github.com/ksoclabs/kbom
More: https://github.com/ksoclabs/kbom
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
👆 Moving up the stack
✂️ Cut container startup time
😈 Abusing Distroless
🥷 Hacking Kubernetes in AWS
🤔 2vCPU app run faster in a VM than in a container
Read it now: https://learnk8s.io/issues/77
👆 Moving up the stack
✂️ Cut container startup time
😈 Abusing Distroless
🥷 Hacking Kubernetes in AWS
🤔 2vCPU app run faster in a VM than in a container
Read it now: https://learnk8s.io/issues/77
Container image hardening involves adhering to best practices, monitoring vulnerabilities, and enhancing container security.
This article provides guidelines to mitigate risks in running Docker containers in production.
More: https://medium.com/@SecurityArchitect/hardening-container-images-best-practices-and-examples-for-docker-e941263cab13
This article provides guidelines to mitigate risks in running Docker containers in production.
More: https://medium.com/@SecurityArchitect/hardening-container-images-best-practices-and-examples-for-docker-e941263cab13
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Anthropic
💰 $300K to $405K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/6a4b5616-64d0-4855-9e10-a0c2b7cefcca?s=55
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 447 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Anthropic
💰 $300K to $405K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/6a4b5616-64d0-4855-9e10-a0c2b7cefcca?s=55
DevSecOps Engineer with Plaid
💰 $215.3K to $322.9K a year
👨💻 Remote from the United States
→ https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 447 Kubernetes jobs on Kube Careers https://kube.careers
In this article, you'll learn how to store secrets while ensuring multi-tenancy, local work and scalability with:
- SSM Parameter Store to store configs and secrets.
- IAM to restrict access.
- KMS to encrypt/decrypt secrets.
- External Secret Operator.
More: https://medium.com/@geoffrey.muselli/secret-management-in-eks-using-ssm-parameter-store-kms-and-eso-e00a8f63bb4a
- SSM Parameter Store to store configs and secrets.
- IAM to restrict access.
- KMS to encrypt/decrypt secrets.
- External Secret Operator.
More: https://medium.com/@geoffrey.muselli/secret-management-in-eks-using-ssm-parameter-store-kms-and-eso-e00a8f63bb4a
Forwarded from LearnKube news
Ascenda Loyalty's team encountered issues with pods stuck in ContainerCreating due to maxing out pod ENIs, a limitation when using security groups for pods.
The fix involved reducing ENI usage and addressing discrepancies caused by db migration jobs.
More: https://dev.to/hazmei/eks-pods-stuck-in-initcontainercreating-state-14ch
The fix involved reducing ENI usage and addressing discrepancies caused by db migration jobs.
More: https://dev.to/hazmei/eks-pods-stuck-in-initcontainercreating-state-14ch
Kyverno and Gatekeeper are robust policy engines with similar features and use cases.
In this article, the author argues that Kyverno stands out for its ease of use and straightforward policy composition.
More: https://medium.com/@glen.yu/why-i-prefer-kyverno-over-gatekeeper-for-native-kubernetes-policy-management-35a05bb94964
In this article, the author argues that Kyverno stands out for its ease of use and straightforward policy composition.
More: https://medium.com/@glen.yu/why-i-prefer-kyverno-over-gatekeeper-for-native-kubernetes-policy-management-35a05bb94964
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next courses start in June (online & in Munich): https://learnk8s.io/training
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next courses start in June (online & in Munich): https://learnk8s.io/training
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training