Kubesploit

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The course starts this October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Tubi 💰 $197K to $259K a year 👨‍💻 Remote from the United States → https://kube.careers/t/fbfd93b4-e284-47f8-89a9-6e7cfa4c82ad?s=55 DevSecOps Engineer with Robinhood 💰 $169K to $255K a year 🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA → https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55 DevSecOps Engineer with Pure Storage 💰 $167K to $251K a year 🏠 From the office in Santa Clara, CA, USA → https://kube.careers/t/611fe80e-6e6d-4ece-b428-4af7561f7af7?s=55 DevSecOps Engineer with Verkada 💰 $120K to $285K a year 🏠 From the office in San Mateo, CA, USA → https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55 DevSecOps Engineer with Voltron Data 💰 $170K to $220K a year 🌎 Fully remote → https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55 👉 Browse all 486 Kubernetes jobs on Kube Careers https://kube.careers

In this tutorial, you will learn how to use Kyverno to verify Kubernetes container images running in the control plane are signed. More: https://medium.com/@charled.breteche/kyverno-verify-kubernetes-control-plane-images-372ea2fe1680

This week on the Learn Kubernetes Weekly: 🖼️ Troubleshooting deployments 🔥 Firecracker-powered course platform 💥 Kubernetes pod IP conflict 🔍 Analyzing volatile memory on GKE 🏹 Understanding multi-arch containers Read it now: https://learnk8s.io/issues/46

In this article, you will learn how the Spotify engineering team has developed a new method for conducting memory analysis on Google Kubernetes Engine (GKE) by combining three open source tools: AVML, dwarf2json, and Volatility 3. More: https://engineering.atspotify.com/2023/06/analyzing-volatile-memory-on-a-google-kubernetes-engine-node

The article explores two secret handling mechanisms in EKS: 1. Secrets Store CSI driver and ASCP. 2. External Secrets Operator. The author argues that the latter is a better fit since it doesn't rely on DaemonSets. More: https://medium.com/@chetlo/problems-using-secrets-store-csi-driver-and-securing-your-kubernetes-real-estate-f5baeaab50ae

Discover the best strategies to combine autoscalers (i.e. HPA + CA), minimise reaction time and reduce costs. In this webinar you'll learn: - How the Cluster Autoscaler works. - Preemptive scaling. - Proactive scaling. 📅 28 Sep ⏰ 8am PT | 5pm CET 👉 https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc

In this article, you will learn how to restrict access to S3 buckets using IAM Roles for Service Accounts. More: https://towardsaws.com/restricting-s3-access-to-eks-and-k8s-pods-and-deployments-with-irsa-ebab1dd9a8dd

While Pod Security Admission can prevent common security risks, it lacks mutation ability, controller restriction, high-level violation reports, and fine-grained control options. Learn more about it in this article. More: https://devopsforyou.com/my-experiments-with-pod-security-admission-in-kubernetes-cluster-8028b7fc0249

m9sweeper makes securing a cluster easy with: - CVE Scanning - Enforcement of CVE Scanning Rules. - Reports and Dashboards. - CIS Security Benchmarking. - Pen Testing. - Deployment Coaching. - Intrusion Detection. - Gatekeeper Policy Management. More: https://github.com/m9sweeper/m9sweeper

Learn the best strategies to combine autoscalers (i.e. HPA + CA), minimise reaction time and reduce costs. @SoulmanIqbal will cover: - How the Cluster Autoscaler works. - Preemptive scaling. - Proactive scaling. 📅 28 Sep ⏰ 8am PT | 5pm CET 👉 https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc

The Security Profiles Operator is a feature-rich operator for Kubernetes to make managing seccomp, SELinux & AppArmor profiles easier than ever. In this article, you will explore spoc — a little helper tool for recording and replaying seccomp profiles. More: https://kubernetes.io/blog/2023/05/18/seccomp-profiles-edge

This week on the Learn Kubernetes Weekly: 👌 Developing high-quality Helm charts faster ⎈ Helm dependencies updates made easy 📝 GKE review ⛩️ The future of API gateways 🥷 Bypassing policies with finalizers Read it now: https://learnk8s.io/issues/45

Reflector is a Kubernetes addon designed to monitor changes to resources (secrets and configmaps) and reflect changes to mirror resources in the same or other namespaces. More: https://github.com/emberstack/kubernetes-reflector

🎉 Kubernetes scaling: combining autoscalers for optimal resource allocations 📅 28 Sep ⏰ 8am PT | 5pm CET In this session, you will learn the theory and practical tips for combining cluster autoscalers (e.g. HPA+CA). https://kube.events/t/51afe79e-9a79-460e-b00f-449bc7474ccc

This article explains the use of client certificates and OIDC identity providers for authentication and highlights the drawbacks of client certificates, including their hard manageability and risk of compromise. More: https://medium.com/@xpiotrkleban/simplifying-management-of-rbac-and-authentication-in-kubernetes-606148ec2680

The KubeFM podcast is now live! 🗞️Discover all the great things happening in the world of Kubernetes 🙉 Learn (controversial) opinions from the experts and 🧐 Explore the successes (and failures) of running Kubernetes at scale Watch the first episode: https://kube.fm/planternetes-grace-nguyen

kubectl apply -f kubefm.yaml,bart_farrell.yaml

In this tutorial, you'll learn how to use Secrets in Kubernetes and: 1. Create literal secrets as source files and with kubectl. 2. Observe how secrets are encoded. 3. Create a MySQL Deployment to consume the secrets. More: https://medium.com/@bm54cloud/kubernetes-secrets-77a798f412aa

KBOM (Kubernetes Bill of Materials) is a CLI tool that can generate a software bill of materials for your Kubernetes cluster. More: https://github.com/ksoclabs/kbom