The article discusses the importance of securing Kubernetes clusters using CIS Benchmarks and kube-bench.
More: https://itnext.io/fortifying-kubernetes-mastering-security-with-cis-benchmarks-904064d7a3d9
More: https://itnext.io/fortifying-kubernetes-mastering-security-with-cis-benchmarks-904064d7a3d9
This article discusses the evolution of declarative image builds, from distroless images to tools like Bazel, ko, and apko.
It highlights the challenges and innovations in creating reproducible Docker build rules and the "Images as Code" concept.
More: https://chainguard.dev/unchained/images-as-code-the-pursuit-of-declarative-image-builds
It highlights the challenges and innovations in creating reproducible Docker build rules and the "Images as Code" concept.
More: https://chainguard.dev/unchained/images-as-code-the-pursuit-of-declarative-image-builds
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🧓 Understanding the risks of long-lived Kubernetes Service Account tokens
🖖 The impact of numerous GIT branches and tags on Argo CD and cloud budgets
🏥 Surviving OOM in Kubernetes: Java applications
🥷 2023 Kubernetes vulnerability roundup
🚦 Network traffic shaping in Kubernetes: topology aware routing
Read it now: https://learnk8s.io/issues/85
🙏 Many thanks to StormForge for supporting our work and sponsoring this issue. Make sure to check out their intent-based access control platform (and related open-source projects) https://bit.ly/3Jjz7D9
🧓 Understanding the risks of long-lived Kubernetes Service Account tokens
🖖 The impact of numerous GIT branches and tags on Argo CD and cloud budgets
🏥 Surviving OOM in Kubernetes: Java applications
🥷 2023 Kubernetes vulnerability roundup
🚦 Network traffic shaping in Kubernetes: topology aware routing
Read it now: https://learnk8s.io/issues/85
🙏 Many thanks to StormForge for supporting our work and sponsoring this issue. Make sure to check out their intent-based access control platform (and related open-source projects) https://bit.ly/3Jjz7D9
This article discusses a critical vulnerability (CVE-2024-23652) in Docker Buildkit = v0.12.4, which allows arbitrary file deletion in the host OS.
Mitigation involves updating to Buildkit v0.12.5 or later.
More: https://dev.to/snyk/buildkit-build-time-container-teardown-arbitrary-delete-cve-2024-23652-2kkh
Mitigation involves updating to Buildkit v0.12.5 or later.
More: https://dev.to/snyk/buildkit-build-time-container-teardown-arbitrary-delete-cve-2024-23652-2kkh
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 432 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 432 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start on Jul 25: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start on Jul 25: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
This article discusses a critical vulnerability in all versions of Docker Buildkit <=v0.12.4 that can result in container escape to the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e. when using
More: https://dev.to/snyk/buildkit-mount-cache-race-build-time-race-condition-container-breakout-cve-2024-23651-7k0
FROM).More: https://dev.to/snyk/buildkit-mount-cache-race-build-time-race-condition-container-breakout-cve-2024-23651-7k0
Forwarded from Kube Architect
This article explains how to use mirrord to debug apps in a cluster and isolate the network to prevent unwanted traffic from reaching specific pods (e.g. a database).
More: https://dev.to/meowchinist/the-traffic-police-controlling-outgoing-traffic-with-mirrord-216
More: https://dev.to/meowchinist/the-traffic-police-controlling-outgoing-traffic-with-mirrord-216
This media is not supported in your browser
VIEW IN TELEGRAM
This article discusses a vulnerability in all versions of runc <=1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes, that can result in container escape to the underlying host OS.
More: https://dev.to/snyk/vulnerability-runc-processcwd-and-leaked-fds-container-breakout-cve-2024-21626-2oko
More: https://dev.to/snyk/vulnerability-runc-processcwd-and-leaked-fds-container-breakout-cve-2024-21626-2oko
Forwarded from LearnKube news
This media is not supported in your browser
VIEW IN TELEGRAM
♻️ How do you roll back a failed deployment in Kubernetes?
In this article, learn how Deployments, Replica Sets, and Pods are connected and how you can use kubectl to revert a deployment
You can read it here: https://learnk8s.io/kubernetes-rollbacks
In this article, learn how Deployments, Replica Sets, and Pods are connected and how you can use kubectl to revert a deployment
You can read it here: https://learnk8s.io/kubernetes-rollbacks
"Kubernetes Security for Dummies" is a comprehensive guide to mastering Kubernetes security.
More: https://www.datocms-assets.com/75231/1704995046-kubernetes-security-for-dummies_wiz_final.pdf
More: https://www.datocms-assets.com/75231/1704995046-kubernetes-security-for-dummies_wiz_final.pdf
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
♻️ Extending GitOps: effortless continuous integration and deployment on Kubernetes
🦈 Optimizing Wireshark in Kubernetes
👝 How I reduced the size of my very first published Docker image by 40%
💰 Overcoming the deployment challenges of H100 GPUs in AKS
🚤 Loxilb cluster networking: elevating Kubernetes networking capabilities
🙊 The future is not Docker
Read it now: https://learnk8s.io/issues/86
🙏 Many thanks to Sysdig for supporting our work and sponsoring this issue. Make sure to check out their checklist to guide your security strategy as you escalate the use of containers and Kubernetes https://bit.ly/3W65Kvw
♻️ Extending GitOps: effortless continuous integration and deployment on Kubernetes
🦈 Optimizing Wireshark in Kubernetes
👝 How I reduced the size of my very first published Docker image by 40%
💰 Overcoming the deployment challenges of H100 GPUs in AKS
🚤 Loxilb cluster networking: elevating Kubernetes networking capabilities
🙊 The future is not Docker
Read it now: https://learnk8s.io/issues/86
🙏 Many thanks to Sysdig for supporting our work and sponsoring this issue. Make sure to check out their checklist to guide your security strategy as you escalate the use of containers and Kubernetes https://bit.ly/3W65Kvw
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 426 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 426 Kubernetes jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start on Jul 25: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start on Jul 25: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
Forwarded from LearnKube news
This article discusses setting up a Validating Admission Webhook in Kubernetes to ensure system resource validity.
It covers configuring the webhook, deploying to Kubernetes, and testing the setup using Nginx containers.
More: https://adil.medium.com/how-to-set-up-a-validating-admission-webhook-on-kubernetes-bd0733bfcb51
It covers configuring the webhook, deploying to Kubernetes, and testing the setup using Nginx containers.
More: https://adil.medium.com/how-to-set-up-a-validating-admission-webhook-on-kubernetes-bd0733bfcb51
The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password.
The operator also handles auto-restarting deployments when 1Password items are updated.
More: https://github.com/1Password/onepassword-operator
The operator also handles auto-restarting deployments when 1Password items are updated.
More: https://github.com/1Password/onepassword-operator
This article provides a guide on creating a secure supply chain in Kubernetes using the Supply Chain Levels for Software Artifacts (SLSA) framework.
More: https://medium.com/@jp-gouin/how-to-create-a-multi-clusters-secure-supply-chain-slsa-3-in-10min-oss-edition-2059aa39790b
More: https://medium.com/@jp-gouin/how-to-create-a-multi-clusters-secure-supply-chain-slsa-3-in-10min-oss-edition-2059aa39790b
While experimenting with Open Cluster Manager, Andy inadvertently deleted the cluster-admin ClusterRole and ClusterRoleBinding.
Learn how he recovered from this unfortunate situation.
More: https://clubanderson.medium.com/dont-delete-cluster-admin-clusterrole-and-clusterrolebinding-uggh-too-late-5b83daeacc4f
Learn how he recovered from this unfortunate situation.
More: https://clubanderson.medium.com/dont-delete-cluster-admin-clusterrole-and-clusterrolebinding-uggh-too-late-5b83daeacc4f
Forwarded from LearnKube news
This week on the Learn Kubernetes Weekly:
🕵️ Inside EKS networking: decoding the service IP journey
🥊 Argo CD vs Flux CD
🔫 Kubernetes silent pod killer
🤗 Embracing cgroup V2: best practices for migrating Kubernetes clusters to AlmaLinux
🔝 BGP ,Cilium, and FRR: top of rack for all!
Read it now: https://learnk8s.io/issues/87
🙏 Many thanks to SideroLabs for supporting our work and sponsoring this issue. Make sure to check out Omni to manage Kubernetes on bare metal, virtual machines, or in a cloud https://www.siderolabs.com/platform/saas-for-kubernetes?utm_source=learnk8s
🕵️ Inside EKS networking: decoding the service IP journey
🥊 Argo CD vs Flux CD
🔫 Kubernetes silent pod killer
🤗 Embracing cgroup V2: best practices for migrating Kubernetes clusters to AlmaLinux
🔝 BGP ,Cilium, and FRR: top of rack for all!
Read it now: https://learnk8s.io/issues/87
🙏 Many thanks to SideroLabs for supporting our work and sponsoring this issue. Make sure to check out Omni to manage Kubernetes on bare metal, virtual machines, or in a cloud https://www.siderolabs.com/platform/saas-for-kubernetes?utm_source=learnk8s
MKAT is an all-in-one auditing toolkit for identifying common security issues within managed Kubernetes environments.
More: https://github.com/DataDog/managed-kubernetes-auditing-toolkit
More: https://github.com/DataDog/managed-kubernetes-auditing-toolkit
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 438 Kubernetes jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 438 Kubernetes jobs on Kube Careers https://kube.careers