Kubesploit

Reflector is a Kubernetes addon designed to monitor changes to resources (Secrets and ConfigMaps) and reflect changes to mirror resources in the same or other namespaces. More: https://ku.bz/-chnMYTMc

John Howard, Senior Software Engineer at Solo.io, explains the complexities of implementing Mutual TLS (mTLS) in Kubernetes. You will learn: - Why DIY mTLS implementation in Kubernetes is challenging at scale, requiring certificate management, application updates, and careful transition planning - How Service Mesh solutions offload security concerns from applications, allowing developers to focus on business logic while infrastructure handles encryption - The advantages of Ambient Mesh's approach to simplifying mTLS implementation with its node proxy and waypoint proxy architecture Watch (or listen to) it here: https://ku.bz/sk-ZF1PG9 🌟 This episode is brought to you by Learnk8s — Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop: https://learnk8s.io/training With @Birthmarkb "Nessie" Farrell

Detect and prevent threats in Argo CD pipelines. Learn how to identify and mitigate initial admin password compromise, unauthorized application deployment, and other security risks with detection rules and hunting searches. More: https://ku.bz/7Ly_ykVk6

kubectl-validate is a SIG-CLI subproject to support the local validation of resources for native Kubernetes types and CRDs. More: https://github.com/kubernetes-sigs/kubectl-validate

Learn how to extend Kubernetes Service accounts auth scope to application APIs using JWT and Envoy gateway for secure authentication between services in different clusters More: https://ku.bz/VJ1TRHMn5

Improve your Kubernetes cluster security with Kyverno, an open-source tool that helps you validate deployments and secure resources. Learn how to apply best practices and ensure a secure cluster. More: https://ku.bz/WRklTnMWz

This week on Learn Kubernetes Weekly 120: 🏎️ Ingesting F1 telemetry UDP real-time data in AWS EKS 🏆 Scaling infrastructure for millions: from challenges to triumphs 🥷 Pentesting Docker 101 ⚛️ Atomic ConfigMap updates in Kubernetes: how symlinks and kubelet make it happen 🪫 Not enough resources? How to manage CPU and RAM! Read it now: https://learnk8s.io/issues/120 ⭐️ Don't let infrastructure block your teams. StackGen deterministically generates secure cloud infrastructure from any input - existing cloud environments, IaC or application code https://ku.bz/ftNR3t-XL

In this article, you will learn how to test RBAC policies using a custom-made Python script to ensure that only authorized users or service accounts have access to specific resources! More: https://ku.bz/ZW6dFbLcb

Isala Piyarisi, Senior Software Engineer at WSO2, shares how his team discovered that Cilium's default Pod CIDR (10.0.0.0/8) was conflicting with their Azure Firewall subnet assignments, causing traffic disruptions in their staging environment. You will learn: - How Cilium's default CIDR allocation can create routing conflicts with existing infrastructure - A methodical process for debugging network issues using packet tracing, routing table analysis, and firewall logs - The procedure for safely changing Pod CIDR ranges in production clusters Watch (or listen to) it here: https://ku.bz/kJjXQlmTw 🌟 This episode is brought to you by Learnk8s — Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop: https://learnk8s.io/training With @Birthmarkb "Nessie" Farrell

kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication, also known as kubectl oidc-login. More: https://github.com/int128/kubelogin

Master Kubernetes security with RBAC and Service Accounts. Learn how to authenticate and authorize users, create roles and role bindings, and use kubectl and OpenSSL for secure cluster management More: https://medium.com/@ammaurya46/detailed-overview-of-role-based-access-control-and-service-accounts-b989dcb53e15

In this article, you'll learn how to improve observability and reduce costs for egress traffic in Kubernetes using Istio and caching, with a step-by-step guide on implementing Varnish Cache, TLS termination, and trust management. More: https://medium.com/@kburjack/observing-and-caching-egress-traffic-in-kubernetes-with-istio-fa547d7879e9

Why can't you ping a Kubernetes service? Learnk8s runs a 4-day Advanced Kubernetes course on Mar 20, and you will get to the bottom of questions like this (spoiler: services only exist in etcd). You will also learn the nitty-gritty details of Kubernetes networking: - How to plan and design a cluster network. - How do the four Kubernetes services extend each other, and what do you gain from each? - How CoreDNS, Ingress, and kube-proxy consume the Kubernetes currency: endpoints. This (and much more) is covered on the third day of the course. You can find the full agenda, a breakdown of the modules and how to sign up here: https://ku.bz/DX6TPV4P_ Are you training your team? Customize the workshop in full with corporate training https://learnk8s.io/corporate-training

This tutorial will teach you how to restrict traffic between pods and secure your application with network policies. You'll learn how to set up a cluster with Cilium and kubeadm and implement network policies to control access to your application. More: https://medium.com/@ashhadali2019/network-policies-hands-on-securing-traffic-in-kubernetes-61353829af03

This article covers pentesting techniques, including enumeration and exploitation methods, to help you secure your Docker registries and restrict Docker daemon access. By following these tips, you can improve your Docker security and prevent attacks More: https://0xm154n7hr0p3.medium.com/pentesting-docker-101-0432dcf5b63d

This week on Learn Kubernetes Weekly 119: 🌪️ From chaos to harmony: a deep dive into centralizing kubernetes controller upgrades 🆙 Major update on the ingress controller 📦 OCI introduction: the full journey from code to container in a Kubernetes environment 🚦 Achieving high availability for Kubernetes control plane using dynamic DNS 🤗 Embracing cgroup v2: best practices for migrating Kubernetes clusters to AlmaLinux Read it now: https://learnk8s.io/issues/119 ⭐️ This newsletter is brought to you by Loft Labs to announce the launch of Multitenancy March https://ku.bz/yk4mJkv34

kubectl-view-secret is a tool that allows for easy decoding and viewing of Kubernetes secrets, providing a convenient alternative to manual decoding with base64. More: https://github.com/elsesiy/kubectl-view-secret

Calin discusses how a unified Helm chart approach can help platform teams support multiple development teams efficiently while maintaining consistent standards across services. You will learn: - Why inconsistent Helm chart configurations across teams create maintenance challenges and slow down deployments - How to implement a unified Helm chart that balances standardization with flexibility through override functions - How to maintain quality through automated documentation and testing with tools like Helm Docs and Helm unittest Watch (or listen to) it here: https://ku.bz/mcPtH5395 🌟 This episode is brought to you by Learnk8s — Become an expert in Kubernetes! Join the next Advanced Kubernetes workshop: https://learnk8s.io/training With @Birthmarkb "Bella Ciao" Farrell

imagewebhookscaner scans images for vulnerabilities before allowing them to be deployed on a Kubernetes cluster. More: https://github.com/Hubert2718/ImageWebhookScaner

📊 The State of the Kubernetes Job Market 2024 report from Kube Careers is now available! Based on 25,121 job listings with 4,850 filtered descriptions, here are key takeaways: 💰 The average worldwide Kubernetes salary for 2024 was $158,822, with North America leading in job offers at 62%. 🏠 65% of jobs offer some form of remote work. Hybrid arrangements have increased significantly, from 20% in 2023 to 30.58% in 2024. 🛠️ In CI/CD, Jenkins (35%) and GitLab (28%) are the most mentioned specific tools, with GitHub Actions (11%) gaining ground. For a deeper dive into salaries, skills, and trends shaping the Kubernetes job market, check out the full report: https://ku.bz/626CBl6b8