Kubesploit

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Tailscale 💰 $16.04M to $20.08M a year 🌎 Fully remote → https://ku.bz/J9Cs7QBBp DevSecOps Engineer with OpenAI 💰 $364.5K to $490K a year 👨‍💻 Remote from the United States of America → https://ku.bz/NXd17JHfV DevSecOps Engineer with Scale AI 💰 $264K to $330K a year 👨‍💻 Remote from → https://ku.bz/BdXCcJX58 Security Architect with Dexterity 💰 $200K to $300K a year 🏠 From the office in Redwood, CA, USA → https://ku.bz/-Tx02LFF4 DevSecOps Engineer with Corelight 💰 $221K to $268K a year 👨‍💻 Remote from North America. → https://ku.bz/_D5yTqnHk 👉 Browse 1298 jobs on Kube Careers https://kube.careers

This tutorial teaches how to deploy KubeArmor runtime security on Huawei Cloud Container Engine (CCE) using BPF-LSM for dynamic kernel-level policy enforcement without static profiles or reboots. More: https://ku.bz/vnqpX_3yc

This week on Learn Kubernetes Weekly 168: 🗑️ What Happens When You Delete a Kubernetes CustomResourceDefinition? 🌱 Making ML Training Carbon-Aware with Compute Gardener ⚡ 8 vLLM Serving Setups That Handle Spiky Traffic 🛡️ How I Prevent My Kubernetes Resources from Being Deleted When Argo Apps Are Removed 🔄 Reproducible Kubernetes Infrastructure with NixOS and OKD Read it now: https://kube.today/issues/168 ⭐️ This newsletter is brought to you by Kubex — Automated Resource Optimization for Kubernetes, GPUs and AI Workloads https://ku.bz/y98T8bWXP

traefik-oidc-auth is a Traefik plugin that secures upstream services using OpenID Connect authentication acting as a relying party for identity providers like ZITADEL, Keycloak, Microsoft EntraID, and Authentik. More: https://ku.bz/18rD29Nlh

Most developers assume Kubernetes requires an enterprise budget. Varnit Goyal proves otherwise — he built a full three-node Kubernetes cluster for $2.16/month using Rackspace Spot Instances. You will learn: - How Spot Instance bidding works and which strategies keep costs and preemption low - Using Tailscale Kubernetes operator as a free alternative to traditional load balancers - Running real development dependencies (Kafka, Elasticsearch, Postgres) on a budget cluster Watch (or listen to) it here: https://ku.bz/HpVyQMVv0 🌟 This episode is sponsored by LearnKube — join the 4-day Advanced Kubernetes workshop on Jan 29.(https://learnkube.com/training) With @Birthmarkb "Vivacious voice" Farrell

Pinniped provides identity services to Kubernetes by integrating external identity providers (OIDC, LDAP, Active Directory) with clusters for secure, unified login across on-premises and cloud environments. More: https://ku.bz/Zb8ms9RlY

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Tailscale 💰 $15.8M to $19.77M a year 🌎 Fully remote → https://ku.bz/J9Cs7QBBp DevSecOps Engineer with OpenAI 💰 $364.5K to $490K a year 👨‍💻 Remote from the United States of America → https://ku.bz/NXd17JHfV DevSecOps Engineer with Scale AI 💰 $264K to $330K a year 👨‍💻 Remote from → https://ku.bz/BdXCcJX58 Security Architect with Dexterity 💰 $200K to $300K a year 🏠 From the office in Redwood, CA, USA → https://ku.bz/-Tx02LFF4 DevSecOps Engineer with Corelight 💰 $221K to $268K a year 👨‍💻 Remote from North America. → https://ku.bz/_D5yTqnHk 👉 Browse 1282 jobs on Kube Careers https://kube.careers

This week on Learn Kubernetes Weekly 167: ⚖️ Kubernetes & KEDA: Avoiding System Failures from Imbalanced Scaling 🔐 Why DevOps should Sec: making a case for DevOps Engineers to transition to DevSecOps 🌐 Optimizing Pod IP Allocation in AWS EKS with Amazon VPC CNI Prefix Delegation 🎮 GPU Starvation in Kubernetes: How Dynamic MIG Partitioning Saved Our GPU Budget 🔄 Migrating from F5 NGINX ingress controller to the F5 NGINX gateway fabric Read it now: https://kube.today/issues/167 ⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V

John Howard, Senior Software Engineer at Solo.io, explains what Mutual TLS (mTLS) is and its importance in Kubernetes environments. This two-way authentication is valuable in Kubernetes infrastructure, allowing workload-to-workload traffic to be properly authenticated. John illustrates how in a front-end to back-end scenario, the front-end service would present its own certificate to the back-end, enabling verification of identity and origin - a fundamental component for implementing zero-trust security in Kubernetes clusters. Watch the full episode: https://kube.fmhttps://ku.bz/sk-ZF1PG9

Sveltos installs as a controller in a management cluster, deploying add-ons and policies (Helm charts, Kustomize, raw YAML) to target clusters by label selectors and sync rules, automating multi-cluster resource management and compliance. More: https://ku.bz/j_ZZTyYqy

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with OpenAI 💰 $364.5K to $490K a year 👨‍💻 Remote from the United States of America → https://ku.bz/NXd17JHfV DevSecOps Engineer with Postman 💰 $250K to $275K a year 🏠🏃🏻‍♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA → https://ku.bz/gWd2ppTCm Security Architect with Dexterity 💰 $200K to $300K a year 🏠 From the office in Redwood, CA, USA → https://ku.bz/-Tx02LFF4 DevSecOps Engineer with Corelight 💰 $221K to $268K a year 👨‍💻 Remote from North America. → https://ku.bz/_D5yTqnHk 👉 Browse 1228 jobs on Kube Careers https://kube.careers

This week on Learn Kubernetes Weekly 166: 🚀 How We Moved a 2 Million RPM WebSocket Service to EKS and Fixed a Critical Bottleneck 🔒 Beyond the Surface: Exploring Attacker Persistence Strategies in Kubernetes 📊 Standardizing CRD Condition Metrics in Kubernetes Operators ⚡ Scaling Dagster on Kubernetes: Best Practices for 50+ Code Locations 🌐 An Introduction to Envoy AI Gateway Read it now: https://kube.today/issues/166 ⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V

This article outlines 12 best practices for hardening a Kubernetes cluster, focusing on non-root containers, avoiding hostPath volumes, and configuring Security Contexts properly. More: https://ku.bz/CT-gDz3Gm

Dilshan discusses a real incident where migrating EKS nodes to AL2023 caused the cluster autoscaler to lose AWS permissions silently. You will learn: - Why AL2023 blocks pod access to instance metadata by default, breaking components that relied on node IAM roles - How to implement IRSA correctly by configuring IAM roles, Kubernetes service accounts, and OIDC trust relationships, and why both AWS IAM and Kubernetes RBAC must be configured independently - How to audit which pods currently rely on node roles and clean up legacy IAM permissions to reduce attack surface after migration Watch (or listen to) it here: https://ku.bz/T_YPfTfDb 🌟 This episode is brought to you by LearnKube — join their 4-day hands-on Advanced Kubernetes course starting January 29th and finally get comfortable with production clusters. https://learnkube.com/training With @Birthmarkb "Keep Working Harder" Farrell

Kanidm is an all-in-one identity management platform with Webauthn, OAuth2/OIDC SSO, LDAP, RBAC/MFA, UNIX and RADIUS integration. More: https://ku.bz/Nw2nY2-KJ

This article walks through how an attacker might gain and maintain access in a Kubernetes cluster, showing techniques like node shell access, hidden namespaces and CSR abuse. More: https://ku.bz/GBjCYsyXx

VOA is a FastAPI-based secrets manager that lets you store, retrieve, audit, and rotate environment variables, API keys, and passwords. More: https://ku.bz/FNzsq0lWx

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with OpenAI 💰 $364.5K to $490K a year 👨‍💻 Remote from the United States of America → https://ku.bz/NXd17JHfV DevSecOps Engineer with Postman 💰 $250K to $275K a year 🏠🏃🏻‍♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA → https://ku.bz/gWd2ppTCm Security Architect with Dexterity 💰 $200K to $300K a year 🏠 From the office in Redwood, CA, USA → https://ku.bz/-Tx02LFF4 DevSecOps Engineer with Corelight 💰 $221K to $268K a year 👨‍💻 Remote from North America. → https://ku.bz/_D5yTqnHk 👉 Browse 1171 jobs on Kube Careers https://kube.careers

This tutorial teaches how to securely manage and dynamically update Kubernetes secrets using AWS Secrets Manager, External-Secrets Operator, and Config-Reloader. More: https://ku.bz/Cx_nsGFC1

Ritesh Patel, Co-founder @ Nirmata, explains how their AI Platform Engineering Assistant addresses a significant gap in the market. He discusses how AI adoption initially focused on developers for code generation, but platform engineers have been largely overlooked despite being "very stretched" and having to stay on top of many technologies. Watch the interview: https://ku.bz/8nkrRSG_Z Read the announcement: https://ku.bz/8_yYZZMG4