Kubesploit

In this article, you'll look at the essential components needed to make your Kubernetes deployments secure, fast and reliable and answer what is required to build a complete DevSecOps platform on Kubernetes. More: https://www.stakater.com/post/the-essentials-for-building-a-devsecops-platform-on-kubernetes

You can keep updated with the latest Kubernetes news, events, job opportunities and podcasts on Mastodon! We've been on Mastodon for a while now, but since December 2023, we decided to migrate all our accounts to a private Mastodon instance: Learnk8s.news Here's the list of all accounts and their handles: - Learnk8s (Kubernetes news) https://learnk8s.news/@learnk8s - Kubernetes Architect (K8s architecting and developing apps) https://learnk8s.news/@k8sarchitect - Kubesploit (K8s Security) https://learnk8s.news/@kubesploit - K3sDaily (K3s news) https://learnk8s.news/@k3sdaily - Kube Careers (K8s Jobs) https://learnk8s.news/@KubeCareers - Kube Events (K8s events) https://learnk8s.news/@k8sevents - KubeFM (K8s podcast) https://learnk8s.news/@k8sfm Of course, you can also find us on X/Twitter, LinkedIn, Facebook and Telegram. You can find all the links here: https://learnk8s.io/news-events-jobs

kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various security concerns, such as: - Run as non-root. - Use a read-only root filesystem. - Drop scary capabilities, don't add new ones. - Don't run privileged. More: https://github.com/Shopify/kubeaudit

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next course starts in 2 weeks (online) or on the 19th of Feb (in Amsterdam, NL): https://learnk8s.io/amsterdam-advanced-february-2024 We also run in-person courses and corporate training: https://learnk8s.io/corporate-training

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Hyperscience 💰 $190K to $260K a year 👨‍💻 Remote from the United States → https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55 Security Architect with Sigma Computing 💰 $190K to $250K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55 DevSecOps Engineer with Palo Alto Networks 💰 $180.2K to $236.5K a year 🏠🏃🏻‍♂️🌎 Santa Clara, CA, USA → https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55 DevSecOps Engineer with Verkada 💰 $130K to $280K a year 🏠 From the office in San Mateo, CA, USA → https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55 DevSecOps Engineer with KoBold Metals 💰 $150K to $225K a year 👨‍💻 Remote from the United States, Canada → https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55 👉 Browse all 453 Kubernetes jobs on Kube Careers https://kube.careers

In this article, you will learn how the vulnerability has been present since 2020 in the eks.Cluster component of CDK and how it was identified and fixed. More: https://garden.io/blog/aws-security-issue

This week on the Learn Kubernetes Weekly: 💰 State of Kubernetes cost optimization 🙈 Bootstrap an air gapped cluster ✈️ Topology aware routing 🏃‍♂️ Velero AWS account migration 🐰 Video streaming at scale Read it now: https://learnk8s.io/issues/61

This tutorial explains configuring read-only access to EKS Pods across Namespaces using AWS IAM roles/groups and Kubernetes RBAC, detailing IAM policy creation, RBAC ClusterRole/RoleBindings, and kubectl access via AssumeRole. More: https://itnext.io/aws-elastic-kubernetes-service-rbac-authorization-via-aws-iam-and-rbac-groups-7b70ded144b5

The article provides an overview of Kubernetes security concepts, focusing on NetworkPolicies, ServiceAccounts, and Security Contexts. More: https://dev.to/mattiasfjellstrom/kubernetes-101-security-concepts-2f4f

Learn how Aqua Security's Trivy now works with Kubernetes Bills of Material (KBOM) to scan for cluster vulnerabilities in real-time. More: https://blog.aquasec.com/scanning-kbom-for-vulnerabilities-with-trivy

In this article, you will learn how the Vault Agent interacts with Vault and how it can be integrated with Kubernetes using response-wrapping tokens. More: https://medium.com/google-cloud/vault-agent-with-gke-7b8731f32375

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next course starts next month in Amsterdam: https://learnk8s.io/amsterdam-advanced-february-2024 We also run in-person courses and corporate training: https://learnk8s.io/corporate-training

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Hyperscience 💰 $190K to $260K a year 👨‍💻 Remote from the United States → https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55 Security Architect with Sigma Computing 💰 $190K to $250K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/e6a8ff9b-834f-4e57-bd6f-13b3be3d3b7a?s=55 DevSecOps Engineer with Palo Alto Networks 💰 $180.2K to $236.5K a year 🏠🏃🏻‍♂️🌎 Santa Clara, CA, USA → https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55 DevSecOps Engineer with Verkada 💰 $130K to $280K a year 🏠 From the office in San Mateo, CA, USA → https://kube.careers/t/34423797-da07-4f75-a714-ab6e4ad208bf?s=55 DevSecOps Engineer with KoBold Metals 💰 $150K to $225K a year 👨‍💻 Remote from the United States, Canada → https://kube.careers/t/73a7a73a-c29e-4647-8968-297acc829312?s=55 👉 Browse all 485 Kubernetes jobs on Kube Careers https://kube.careers

This article explores the fundamental concepts, syntax, semantics, and implementation considerations associated with Network Policies. It also delves into best practices and real-world examples to illustrate their practical application and benefits. More: https://blog.slycreator.com/network-policies-understanding-kubernetes-network-policies

This week on the Learn Kubernetes Weekly: ⛵️ From RSS to WSS: Kubernetes memory metrics ⏩ Portless ports 📝 Trusting self-signed certificates 🔗 Binding to Low Ports as a Non-root User ⚙️ PIDs limit: how to change them Read it now: https://learnk8s.io/issues/60

Self-signed certificates are common within enterprise companies. But how do you distribute them and enable their use in Kubernetes as a user and a vendor? Learn more in this article. More: https://blog.alexellis.io/what-if-your-pods-need-to-trust-self-signed-certificates

This tutorial provides a guide on integrating the Open Policy Agent (OPA) with Kubernetes. It includes three examples detailing how to enforce policies in different scenarios. More: https://blog.zelarsoft.com/integrating-opa-gatekeeper-as-an-admission-controller-with-kubernetes-7687f30ba0f6

This article describes how to: 1. Enable Vault to Kubernetes cluster integration. 2. Create a shell script file that defines secret values as environment variables in Kubernetes pods. More: https://medium.com/@igorkanshyn/external-vault-to-kubernetes-clusters-integration-5b74a67b85e

In this tutorial, you will learn how to validate Kubernetes resources with Validating Admission Policies (VAPs) and Common Expression Language (CEL). More: https://www.doit.com/effortless-in-cluster-validation-with-kubernetes-introducing-validating-admission-policies

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Hyperscience 💰 $190K to $260K a year 👨‍💻 Remote from the United States → https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55 DevSecOps Engineer with Palo Alto Networks 💰 $180.2K to $236.5K a year 🏠🏃🏻‍♂️🌎 Santa Clara, CA, USA → https://kube.careers/t/c50a52bc-e5ec-43f7-9f4c-bc0103fb9632?s=55 DevSecOps Engineer with Match Group 💰 $146.5K to $176K a year 👨‍💻 Remote from the United States → https://kube.careers/t/ba9a7f80-b1f4-415b-8bd2-1017afc81339?s=55 Security Architect with Verisign 💰 $128.7K to $174.1K a year 🏠🏃🏻‍♂️🌎 Reston, VA, USA → https://kube.careers/t/09ccfe74-827e-466f-8e38-c3e85db8806d?s=55 DevSecOps Engineer with Accenture Federal Services 💰 $105.2K to $196.5K a year 👨‍💻 Remote from the United States → https://kube.careers/t/344f20e2-0379-4ca6-8d38-74d717cd1b77?s=55 👉 Browse all 375 Kubernetes jobs on Kube Careers https://kube.careers