Kubesploit

The article highlights the criticality of whitelisting image registries for cluster security, emphasizing trusted images from secure sources like DockerHub, Redhat Catalog, and GitHub Container Registry. More: https://medium.com/@alparslanuysal/whitelisting-image-registries-44150c86c4ac

How do you choose the best instance type for your Kubernetes cluster? When using an 8 GB/2vCPU instance, are all the memory and CPU available to pods? The Kubernetes instance calculator answers those questions and a lot more! https://learnk8s.io/kubernetes-instance-calculator This is what you can do: 💰 Estimate costs for your workloads based on requests and instance sizes. 🔝 Explore instance overcommitment and efficiency. 📈 Identify over and underspending by model error rates on your actual memory and CPU usage. ⚖️ Compare instances between different cloud providers. You can find the Kubernetes instance calculator here: https://learnk8s.io/kubernetes-instance-calculator

vals-operator syncs secrets from any secrets store supported by vals into Kubernetes. It works similarly to secrets-manager, but it supports more secret stores other than HashiCorp Vault. More: https://github.com/digitalis-io/vals-operator

The article discusses configuring users and groups in Kubernetes, the role-based access control (RBAC) mechanism, and using kubectl to check API access. More: https://blog.adityasamant.dev/users-groups-roles-and-api-access-in-kubernetes

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Worldcoin 💰 $236K to $323K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55 DevSecOps Engineer with Applied Intuition 💰 $65K to $400K a year 🏠 From the office in Mountain View, CA, USA → https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55 DevSecOps Engineer with Hyperscience 💰 $190K to $260K a year 👨‍💻 Remote from the United States → https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55 DevSecOps Engineer with Crusoe 💰 $210K to $240K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55 DevSecOps Engineer with Opal Security 💰 $140K to $260K a year 🏠🏃🏻‍♂️🌎 San Francisco, CA / New York, NY, USA → https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55 👉 Browse all 438 Kubernetes jobs on Kube Careers https://kube.careers

MKAT is an all-in-one auditing toolkit for identifying common security issues within managed Kubernetes environments. More: https://github.com/DataDog/managed-kubernetes-auditing-toolkit

This week on the Learn Kubernetes Weekly: 🕵️ Inside EKS networking: decoding the service IP journey 🥊 Argo CD vs Flux CD 🔫 Kubernetes silent pod killer 🤗 Embracing cgroup V2: best practices for migrating Kubernetes clusters to AlmaLinux 🔝 BGP ,Cilium, and FRR: top of rack for all! Read it now: https://learnk8s.io/issues/87 🙏 Many thanks to SideroLabs for supporting our work and sponsoring this issue. Make sure to check out Omni to manage Kubernetes on bare metal, virtual machines, or in a cloud https://www.siderolabs.com/platform/saas-for-kubernetes?utm_source=learnk8s

While experimenting with Open Cluster Manager, Andy inadvertently deleted the cluster-admin ClusterRole and ClusterRoleBinding. Learn how he recovered from this unfortunate situation. More: https://clubanderson.medium.com/dont-delete-cluster-admin-clusterrole-and-clusterrolebinding-uggh-too-late-5b83daeacc4f

This article provides a guide on creating a secure supply chain in Kubernetes using the Supply Chain Levels for Software Artifacts (SLSA) framework. More: https://medium.com/@jp-gouin/how-to-create-a-multi-clusters-secure-supply-chain-slsa-3-in-10min-oss-edition-2059aa39790b

The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password. The operator also handles auto-restarting deployments when 1Password items are updated. More: https://github.com/1Password/onepassword-operator

This article discusses setting up a Validating Admission Webhook in Kubernetes to ensure system resource validity. It covers configuring the webhook, deploying to Kubernetes, and testing the setup using Nginx containers. More: https://adil.medium.com/how-to-set-up-a-validating-admission-webhook-on-kubernetes-bd0733bfcb51

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next online courses start on Jul 25: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c We also run in-person courses and corporate training: https://learnk8s.io/corporate-training

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Worldcoin 💰 $236K to $323K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55 DevSecOps Engineer with Applied Intuition 💰 $65K to $400K a year 🏠 From the office in Mountain View, CA, USA → https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55 DevSecOps Engineer with Hyperscience 💰 $190K to $260K a year 👨‍💻 Remote from the United States → https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55 DevSecOps Engineer with Crusoe 💰 $210K to $240K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55 DevSecOps Engineer with Opal Security 💰 $140K to $260K a year 🏠🏃🏻‍♂️🌎 San Francisco, CA / New York, NY, USA → https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55 👉 Browse all 426 Kubernetes jobs on Kube Careers https://kube.careers

This week on the Learn Kubernetes Weekly: ♻️ Extending GitOps: effortless continuous integration and deployment on Kubernetes 🦈 Optimizing Wireshark in Kubernetes 👝 How I reduced the size of my very first published Docker image by 40% 💰 Overcoming the deployment challenges of H100 GPUs in AKS 🚤 Loxilb cluster networking: elevating Kubernetes networking capabilities 🙊 The future is not Docker Read it now: https://learnk8s.io/issues/86 🙏 Many thanks to Sysdig for supporting our work and sponsoring this issue. Make sure to check out their checklist to guide your security strategy as you escalate the use of containers and Kubernetes https://bit.ly/3W65Kvw

"Kubernetes Security for Dummies" is a comprehensive guide to mastering Kubernetes security. More: https://www.datocms-assets.com/75231/1704995046-kubernetes-security-for-dummies_wiz_final.pdf

♻️ How do you roll back a failed deployment in Kubernetes? In this article, learn how Deployments, Replica Sets, and Pods are connected and how you can use kubectl to revert a deployment You can read it here: https://learnk8s.io/kubernetes-rollbacks

This article discusses a vulnerability in all versions of runc <=1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes, that can result in container escape to the underlying host OS. More: https://dev.to/snyk/vulnerability-runc-processcwd-and-leaked-fds-container-breakout-cve-2024-21626-2oko

This article explains how to use mirrord to debug apps in a cluster and isolate the network to prevent unwanted traffic from reaching specific pods (e.g. a database). More: https://dev.to/meowchinist/the-traffic-police-controlling-outgoing-traffic-with-mirrord-216

This article discusses a critical vulnerability in all versions of Docker Buildkit <=v0.12.4 that can result in container escape to the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e. when using FROM). More: https://dev.to/snyk/buildkit-mount-cache-race-build-time-race-condition-container-breakout-cve-2024-23651-7k0

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next online courses start on Jul 25: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c We also run in-person courses and corporate training: https://learnk8s.io/corporate-training