Kubesploit

In this article, you'll learn how to use Cluster Role, Cluster Role Binding, and Service Account to deploy a simple application capable of accessing the cluster's resources using kubectl from within a pod. More: https://itnext.io/unleashing-the-power-of-kubernetes-deploying-containers-with-cluster-resource-access-ee2cef29e24e

This week on the Learn Kubernetes Weekly: 💣💥 Kubernetes failure stories 🐌 Slow S3 uploads from AWS EKS 🎤 KEDA: autoscale event driven 🏎️ Pod startup time improvements ⚖️ loadbalance service using Cilium BGP Read it now: https://learnk8s.io/issues/52

RBAC Manager is an operator that supports declarative configuration for RBAC with new custom resources. Instead of managing role bindings or service accounts directly, you can specify the desired state, and RBAC Manager will make the necessary changes. More: https://github.com/FairwindsOps/rbac-manager

You can secure internal communications in your cluster with HTTPS by generating a new TLS certificate, modifying the backend app, and making changes to the deployment and ingress. This tutorial explains the steps (and the code) involved. More: https://heka-ai.medium.com/how-to-secure-internal-communications-with-your-backend-via-https-using-self-signed-certificates-bf74748a18f7

kube-exec-controller is an admission controller for handling container drift (caused by kubectl exec, attach, cp, or other interactive requests) inside a Kubernetes cluster. The project also includes a kubectl plugin for checking pods. More: https://github.com/box/kube-exec-controller

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next (virtual) course starts next week: https://learnk8s.io/online-advanced-november-2023 We also run in-person courses and corporate training: https://learnk8s.io/corporate-training

"The key to managing Kubernetes clusters at scale is tooling." Learn how Pierre and the team at Qovery manage hundreds of cluster upgrades for every Kubernetes release and Helm chart in this KubeFM episode. Watch it here: https://kube.fm/upgrading-100s-clusters-pierre Listen on: - Apple Podcast https://kube.fm/apple - Spotify https://kube.fm/spotify - Amazon Music https://kube.fm/amazon - Overcast https://kube.fm/overcast - Pocket casts https://kube.fm/pocket-casts

In this article, you will learn how to encrypt and store Kubernetes secrets in etcd using an external encryption provider. More: https://techexpertise.medium.com/encrypting-the-secret-data-at-etcd-store-on-a-minikube-k8s-cluster-2338c68263a5

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with 1Password 💰 $180K to $244K a year 👨‍💻 Remote from the United States, Canada → https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55 DevSecOps Engineer with Robinhood 💰 $169K to $255K a year 🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA → https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55 DevSecOps Engineer with Verkada 💰 $120K to $285K a year 🏠 From the office in San Mateo, CA, USA → https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55 DevSecOps Engineer with Visa 💰 $167.7K to $218K a year 🏠🏃🏻‍♂️🌎 Foster City, CA, USA → https://kube.careers/t/e909c1a6-db53-4b66-927f-150f134a727a?s=55 👉 Browse all 457 Kubernetes jobs on Kube Careers https://kube.careers

Multi Tool Kubernetes Pentest Image contains all the most popular and necessary tools for Kubernetes penetration testing. More: https://github.com/r0binak/MTKPI

This week on the Learn Kubernetes Weekly: 📖 The Kubernetes documentation is so wrong about namespaces 🚦 Topology aware hints on network traffic in EKS 🔌 Istio's WASM plugins 🧪 Unit testing alerting 🏎️ Tuning server request latency Read it now: https://learnk8s.io/issues/51

In this article, you'll implement a robust approach to Kubernetes secret management with Go, AWS ParameterStore, OIDC, and Terraform. More: https://medium.com/cloud-native-daily/eks-secret-management-with-golang-aws-parameterstore-and-terraform-b4c8c7ee1f9

How do you upgrade a Kubernetes cluster to the latest release without breaking anything? And what if you had to upgrade hundreds of clusters simultaneously? In this episode, Pierre explains the process, tooling and testing strategy in upgrading clusters at scale. You will learn: - How the team at Qovery keeps updated with the latest (vanilla) Kubernetes changes and managed services changelogs. - How to upgrade Helm charts gradually and safely. Pierre has some tips for Custom Resource Definitions (CRDs). - How to test API deprecations with end-to-end testing. - How to automate the process of upgrading clusters. You will also learn from Pierre's experience in managing stateful applications in Kubernetes with 4500 nodes on bare metal. Watch it here: https://kube.fm/upgrading-100s-clusters-pierre Listen on: - Apple Podcast https://kube.fm/apple - Spotify https://kube.fm/spotify - Amazon Music https://kube.fm/amazon - Overcast https://kube.fm/overcast - Pocket casts https://kube.fm/pocket-casts

This article explains what a Kubernetes Service Account is and how to create and use one. It also includes a demonstration of using a Service Account for a Pod to communicate with the Kubernetes API. More: https://medium.com/@jrkessl/kubernetes-service-accounts-what-they-are-and-how-to-implement-9b3701c667d0

In this tutorial, you'll learn how to implement two security features of service meshes: request-level authentication and authorization using Istio and Keycloak. More: https://www.infracloud.io/blogs/request-level-authentication-authorization-istio-keycloak

In this article, you will learn how to forward traffic to pods in Kubernetes using Wireguard as a VPN. More: https://tech.j4m3s.eu/posts/vpn-forwarding-on-k8s

In this blog article, you'll learn how you could leverage the new Validating Admission Policies feature and the Common Expression Language (CEL) in GKE. More: https://medium.com/google-cloud/validating-admission-policies-with-gke-1-26-ed1321bcf739

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next courses are in Amsterdam, Munich and online and you can find them here: https://learnk8s.io/training

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with 1Password 💰 $180K to $244K a year 👨‍💻 Remote from the United States, Canada → https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55 DevSecOps Engineer with Robinhood 💰 $169K to $255K a year 🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA → https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55 DevSecOps Engineer with Verkada 💰 $120K to $285K a year 🏠 From the office in San Mateo, CA, USA → https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55 DevSecOps Engineer with Voltron Data 💰 $170K to $220K a year 🌎 Fully remote → https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55 DevSecOps Engineer with Visa 💰 $167.7K to $218K a year 🏠🏃🏻‍♂️🌎 Foster City, CA, USA → https://kube.careers/t/e909c1a6-db53-4b66-927f-150f134a727a?s=55 👉 Browse all 442 Kubernetes jobs on Kube Careers https://kube.careers

In this tutorial, you'll learn how to use Kyverno to: - Enforce controls on components. - Enrich components to standardize or enable global features. - Generate components automatically. More: https://yodamad.hashnode.dev/keep-your-cluster-under-control-with-kyverno