Interesting article about security problem in etcd https://lobuhisec.medium.com/using-etcd-to-inject-resources-and-bypass-rbac-and-admission-controller-restrictions-f240ae31e7f0
Medium
Abusing ETCD to Inject Resources and Bypass RBAC and Admission Controller Restrictions
UPDATE 20/10/23: The detailed history below was the initial steps in the research on how to inject resources into etcd. The research…
Good article about k8s authorization
https://raesene.github.io/blog/2023/04/08/lets-talk-about-kubelet-authorization/
https://raesene.github.io/blog/2023/04/08/lets-talk-about-kubelet-authorization/
raesene.github.io
Let's talk about Kubelet authorization
Little bit about IP allocation in k8s
https://itnext.io/ip-and-pod-allocations-in-eks-5be6612b8325
https://itnext.io/ip-and-pod-allocations-in-eks-5be6612b8325
Medium
IP and pod allocations in EKS
This usually happens, but different CNIs might use other means to connect the container to the network. The AWS-CNI support slots and caps the max number of Pods to 110 or 250, so you won’t be able…
Speed up k8s reaction when you lost one node https://medium.com/tailwinds-navigator/kubernetes-tip-how-to-make-kubernetes-react-faster-when-nodes-fail-1e248e184890
Medium
Kubernetes Tip: How To Make Kubernetes React Faster When Nodes Fail?
We understand What happens to pods when nodes fail? but would also want the Kubernetes system to react faster when nodes fail to make the…
Interesting discussion about helm https://www.youtube.com/watch?v=ie2HuF4UCgg
YouTube
Helm – Overrated or Underrated?
Helm - does the popular Kubernetes package manager deserve its praise? Join us in the latest episode of "Rated" as Nicholas Hughes, EITR CEO, and Natan Yellin, Helm chart maintainer and Robusta Dev founder, clash over its true value. Does Helm's popularity…
Management tool for Kubernetes cluster deployment and maintenance
https://github.com/Netcracker/KubeMarine
https://github.com/Netcracker/KubeMarine
GitHub
GitHub - Netcracker/KubeMarine: Management tool for Kubernetes cluster deployment and maintenance
Management tool for Kubernetes cluster deployment and maintenance - Netcracker/KubeMarine
👍1
A simple, modern, and generic standard for managing and collaborating software configurations
https://github.com/configu/configu
https://github.com/configu/configu
GitHub
GitHub - configu/configu: Open-source ConfigOps infrastructure ⚙️
Open-source ConfigOps infrastructure ⚙️. Contribute to configu/configu development by creating an account on GitHub.
👍1
Map Kubernetes in-cluster traffic and export as text, intents, or an image
https://github.com/otterize/network-mapper
https://github.com/otterize/network-mapper
GitHub
GitHub - otterize/network-mapper: Map Kubernetes traffic: in-cluster, to the Internet, and to AWS IAM and export as text, intents…
Map Kubernetes traffic: in-cluster, to the Internet, and to AWS IAM and export as text, intents, or an image - otterize/network-mapper
👍1
Good article about deepest problems of monitoring https://matduggan.com/were-all-doing-metrics-wrong/
matduggan.com
Monitoring is a Pain
And we're all doing it wrong (including me)
I have a confession. Despite having been hired multiple times in part due to my experience with monitoring platforms, I have come to hate monitoring. Monitoring and observability tools commit the cardinal sin of…
I have a confession. Despite having been hired multiple times in part due to my experience with monitoring platforms, I have come to hate monitoring. Monitoring and observability tools commit the cardinal sin of…
👍1
Interesting article about coroot https://blog.palark.com/coroot-observability-tool-overview/
Palark
Trying Coroot, an eBPF-based observability tool for Kubernetes and more
Coroot collects and analyzes telemetry data to help you identify, troubleshoot and fix your application issues. We'll install it in Kubernetes, explore its features, and evaluate its pros & cons.
👍3
Victoria metrics moves on the next level https://victoriametrics.com/blog/victorialogs-release/
VictoriaMetrics
VictoriaMetrics bolsters move from monitoring to observability with VictoriaLogs release
Read the announcement blog about the release of VictoriaLogs, our new open source logs management solution.
👍1
Good article about encrypting traffic between k8s nodes https://medium.com/@dhawalsaini.devops_50274/wireguard-with-calico-in-k8s-8608fb8192b5
Medium
WireGuard With Calico in K8s for Host to Host Encryption
Calico’s best-known security feature is an implementation of Kubernetes Network Policies, which provides a way to secure container…
❤1
Benchmark for EKS and GKE (EKS won)
https://www.blueshoe.io/blog/performance-comparison-gke-vs-eks
https://www.blueshoe.io/blog/performance-comparison-gke-vs-eks
www.blueshoe.io
EKS vs. GKE – and why does it matter? A performance comparison. | BLUESHOE
Why are we just assuming that managed K8s platforms perform solid over all important metrics? We benchmarked GKE vs EKS and here are the shocking results.
GitHub token permissions Monitor and Advisor actions
https://github.com/GitHubSecurityLab/actions-permissions
https://github.com/GitHubSecurityLab/actions-permissions
GitHub
GitHub - GitHubSecurityLab/actions-permissions: GitHub token permissions Monitor and Advisor actions
GitHub token permissions Monitor and Advisor actions - GitHubSecurityLab/actions-permissions
Hashicorp has published FAQ after changing the license to BSL
https://www.hashicorp.com/blog/hashicorp-updates-licensing-faq-based-on-community-questions
https://www.hashicorp.com/blog/hashicorp-updates-licensing-faq-based-on-community-questions
HashiCorp
HashiCorp updates licensing FAQ based on community questions
HashiCorp continues to update our licensing FAQ based on questions from the community about our change to the Business Source License for future releases of HashiCorp products.