This article explores how Zero-Trust with automated IAM can streamline secure access, leveraging Intent-Based Access Control (IBAC) for policy generation and the Otterize OSS credentials and Intents Operator for end-to-end automation.
More: https://otterize.com/blog/iam-automation-for-eks-and-ack
More: https://otterize.com/blog/iam-automation-for-eks-and-ack
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
In this KubeFM episode, Stéphane shares his journey of migrating, optimizing and scaling Jenkins on Kubernetes.
He discusses the technical challenges, solutions, and strategies employed.
You will learn:
- How Jenkins on Kubernetes was scaled to handle 10,000 weekly builds.
- How they started their journey in 2015 and how the cluster has evolved in the past nine years.
- The challenges of managing builds in Jenkins: Docker in Docker, Docker out of Docker and KubeVirt.
- The lessons learned in created ephemeral environments.
Watch (or listen to) it here: https://kube.fm/10k-builds-jenkins-stephane
🙏 Many thanks to CloudBees for supporting our work and sponsoring this episode. Make sure to check out their video on how to use pods as Jenkins agents https://www.youtube.com/watch?v=ZXaorni-icg?utm_source=kubefm
With @Birthmarkb "The barbarian" Farrell
He discusses the technical challenges, solutions, and strategies employed.
You will learn:
- How Jenkins on Kubernetes was scaled to handle 10,000 weekly builds.
- How they started their journey in 2015 and how the cluster has evolved in the past nine years.
- The challenges of managing builds in Jenkins: Docker in Docker, Docker out of Docker and KubeVirt.
- The lessons learned in created ephemeral environments.
Watch (or listen to) it here: https://kube.fm/10k-builds-jenkins-stephane
🙏 Many thanks to CloudBees for supporting our work and sponsoring this episode. Make sure to check out their video on how to use pods as Jenkins agents https://www.youtube.com/watch?v=ZXaorni-icg?utm_source=kubefm
With @Birthmarkb "The barbarian" Farrell
The tutorial discusses the importance of using signed and encrypted container images to enhance security in Kubernetes workloads.
It uses Podman to create, sign, and verify container images on standalone systems and Kubernetes clusters.
More: https://itnext.io/securing-kubernetes-workloads-a-practical-approach-to-signed-and-encrypted-container-images-ff6e98b65bcd
It uses Podman to create, sign, and verify container images on standalone systems and Kubernetes clusters.
More: https://itnext.io/securing-kubernetes-workloads-a-practical-approach-to-signed-and-encrypted-container-images-ff6e98b65bcd
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🏎️ 98% faster data imports in deployment previews
0️⃣ (Zero-cost) Kubernetes resource tuning in your GitOps pipelines
⚒️ Simplifying Kubernetes development: your go-to tools guide
🔗 How to achieve real zero downtime in Kubernetes rolling deployments: avoiding broken client connections
💦 Plumbing of spawning container with runc
Read it now: https://learnk8s.io/issues/83
🙏 Many thanks to Komodor for supporting our work and sponsoring this newsletter issue. Make sure to check out their Kubernetes troubleshooting platform: https://komodor.com/?utm_source=lkw
🏎️ 98% faster data imports in deployment previews
0️⃣ (Zero-cost) Kubernetes resource tuning in your GitOps pipelines
⚒️ Simplifying Kubernetes development: your go-to tools guide
🔗 How to achieve real zero downtime in Kubernetes rolling deployments: avoiding broken client connections
💦 Plumbing of spawning container with runc
Read it now: https://learnk8s.io/issues/83
🙏 Many thanks to Komodor for supporting our work and sponsoring this newsletter issue. Make sure to check out their Kubernetes troubleshooting platform: https://komodor.com/?utm_source=lkw
This introduction to Kubernetes security discusses authentication, authorization, admission controllers, pod security policies, control plane hardening, logging and network security.
More: https://medium.com/@noah_h/an-intro-to-kubernetes-hardening-c8efd7853f27
More: https://medium.com/@noah_h/an-intro-to-kubernetes-hardening-c8efd7853f27
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 399 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 399 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next courses start in June in Munich 🇩🇪: https://kube.events/t/f80476ea-7cd1-4619-999c-e422a1ef3b1b
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next courses start in June in Munich 🇩🇪: https://kube.events/t/f80476ea-7cd1-4619-999c-e422a1ef3b1b
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
In this tutorial, you will learn how to use eBPF and bcc to detect incidents in Kubernetes.
More: https://faun.pub/detecting-specific-incidents-within-your-kubernetes-cluster-using-ebpf-5165771ec9a7
More: https://faun.pub/detecting-specific-incidents-within-your-kubernetes-cluster-using-ebpf-5165771ec9a7
This article discusses adding availability zone and region labels to Pods using Kyverno.
It also explains how Kyverno's mutate rules and background controller dynamically add topology labels to Pods after they are scheduled.
More: https://realz.medium.com/add-topology-label-to-your-kubernetes-pods-8c6fb4c1f891
It also explains how Kyverno's mutate rules and background controller dynamically add topology labels to Pods after they are scheduled.
More: https://realz.medium.com/add-topology-label-to-your-kubernetes-pods-8c6fb4c1f891
The article explains the concept of Network Policies in AKS, their importance in securing clusters, and how to create basic network policies.
More: https://medium.com/@siddiquimohammad0807/getting-started-with-aks-network-policies-dbb72520c0ae
More: https://medium.com/@siddiquimohammad0807/getting-started-with-aks-network-policies-dbb72520c0ae
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
In this KubeFM episode, Yakir and Assaf from Aqua Security explore how a robust Kubernetes secrets strategy is necessary to prevent leaks and maintain a strong security posture.
You will learn:
- How Kubernetes secrets are leaked, and what tools can you use to prevent that (Hint: Yakir and Assaf suggested using more than one.)
- How shadow IT is a more significant threat you might think and why companies should monitor personal Github repositories.
- What happens when a secret is leaked and how attackers exploit your resources (or further gain access to more).
Watch (or listen to) it here: https://kube.fm/exposed-secrets-yakir-assaf
🙏 Many thanks to Isovalent for supporting our work and sponsoring this episode. Make sure to watch the top Kubernetes security use cases that Tetragon and eBPF cover for platform teams https://isovalent.com/events/2024-04-18-tetragon-webinar/?utm_source=KubeFM-Podcast
With @Birthmarkb "The vivacious riddler" Farrell
You will learn:
- How Kubernetes secrets are leaked, and what tools can you use to prevent that (Hint: Yakir and Assaf suggested using more than one.)
- How shadow IT is a more significant threat you might think and why companies should monitor personal Github repositories.
- What happens when a secret is leaked and how attackers exploit your resources (or further gain access to more).
Watch (or listen to) it here: https://kube.fm/exposed-secrets-yakir-assaf
🙏 Many thanks to Isovalent for supporting our work and sponsoring this episode. Make sure to watch the top Kubernetes security use cases that Tetragon and eBPF cover for platform teams https://isovalent.com/events/2024-04-18-tetragon-webinar/?utm_source=KubeFM-Podcast
With @Birthmarkb "The vivacious riddler" Farrell
This article demonstrates how to centralize application access management through Single Sign-On (SSO) using OAuth2 Proxy sidecar containers.
More: https://cloudchirp.medium.com/sso-authentication-with-oauth2-proxy-sidecar-containers-in-kubernetes-7717fb3ef881
More: https://cloudchirp.medium.com/sso-authentication-with-oauth2-proxy-sidecar-containers-in-kubernetes-7717fb3ef881
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🤔 Choosing an orchestrator for multi-tenant code execution system
🪳 KEDA + Kafka: improve performance by 62.15% at peak loads
5️⃣ 5 shortcomings of Helm
🩹 AWS extended EKS support: a costly band-aid for Kubernetes clusters
🚦 A/B testing with Linkerd and Flagger using dynamic routing
Read it now: https://learnk8s.io/issues/84
🙏 Many thanks to Otterize for supporting our work and sponsoring this issue. Make sure to check out their intent-based access control platform (and related open-source projects) https://bit.ly/3Jjz7D9
🤔 Choosing an orchestrator for multi-tenant code execution system
🪳 KEDA + Kafka: improve performance by 62.15% at peak loads
5️⃣ 5 shortcomings of Helm
🩹 AWS extended EKS support: a costly band-aid for Kubernetes clusters
🚦 A/B testing with Linkerd and Flagger using dynamic routing
Read it now: https://learnk8s.io/issues/84
🙏 Many thanks to Otterize for supporting our work and sponsoring this issue. Make sure to check out their intent-based access control platform (and related open-source projects) https://bit.ly/3Jjz7D9
Is it right to give GitLab admin permission to run kubectl commands in pipelines?
This article explores RBAC permissions in the context of a GitLab pipeline.
More: https://medium.com/@tarikyegen35/k8s-creating-a-dedicated-user-serviceaccount-with-restricted-permissions-for-gitlab-ff91c3daa3ce
This article explores RBAC permissions in the context of a GitLab pipeline.
More: https://medium.com/@tarikyegen35/k8s-creating-a-dedicated-user-serviceaccount-with-restricted-permissions-for-gitlab-ff91c3daa3ce
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 421 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 421 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next courses start next week in June in Munich 🇩🇪: https://kube.events/t/f80476ea-7cd1-4619-999c-e422a1ef3b1b
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next courses start next week in June in Munich 🇩🇪: https://kube.events/t/f80476ea-7cd1-4619-999c-e422a1ef3b1b
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
The article discusses the risks associated with long-lived Kubernetes service account tokens.
It also explores mitigation strategies and the benefits of using short-lived tokens.
More: https://dev.to/gitguardian/understanding-the-risks-of-long-lived-kubernetes-service-account-tokens-dok
It also explores mitigation strategies and the benefits of using short-lived tokens.
More: https://dev.to/gitguardian/understanding-the-risks-of-long-lived-kubernetes-service-account-tokens-dok
This article covers 2023 Kubernetes vulnerabilities, categorizing them based on CVSS, weakness types, impact types, and other relevant factors.
More: https://www.armosec.io/blog/kubernetes-vulnerabilities-2023
More: https://www.armosec.io/blog/kubernetes-vulnerabilities-2023
The article discusses the importance of securing Kubernetes clusters using CIS Benchmarks and kube-bench.
More: https://itnext.io/fortifying-kubernetes-mastering-security-with-cis-benchmarks-904064d7a3d9
More: https://itnext.io/fortifying-kubernetes-mastering-security-with-cis-benchmarks-904064d7a3d9
This article discusses the evolution of declarative image builds, from distroless images to tools like Bazel, ko, and apko.
It highlights the challenges and innovations in creating reproducible Docker build rules and the "Images as Code" concept.
More: https://chainguard.dev/unchained/images-as-code-the-pursuit-of-declarative-image-builds
It highlights the challenges and innovations in creating reproducible Docker build rules and the "Images as Code" concept.
More: https://chainguard.dev/unchained/images-as-code-the-pursuit-of-declarative-image-builds
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🧓 Understanding the risks of long-lived Kubernetes Service Account tokens
🖖 The impact of numerous GIT branches and tags on Argo CD and cloud budgets
🏥 Surviving OOM in Kubernetes: Java applications
🥷 2023 Kubernetes vulnerability roundup
🚦 Network traffic shaping in Kubernetes: topology aware routing
Read it now: https://learnk8s.io/issues/85
🙏 Many thanks to StormForge for supporting our work and sponsoring this issue. Make sure to check out their intent-based access control platform (and related open-source projects) https://bit.ly/3Jjz7D9
🧓 Understanding the risks of long-lived Kubernetes Service Account tokens
🖖 The impact of numerous GIT branches and tags on Argo CD and cloud budgets
🏥 Surviving OOM in Kubernetes: Java applications
🥷 2023 Kubernetes vulnerability roundup
🚦 Network traffic shaping in Kubernetes: topology aware routing
Read it now: https://learnk8s.io/issues/85
🙏 Many thanks to StormForge for supporting our work and sponsoring this issue. Make sure to check out their intent-based access control platform (and related open-source projects) https://bit.ly/3Jjz7D9