Kubesploit

This week on the Learn Kubernetes Weekly: 🙅 It's not always DNS 💥 Chaos-driven observability 👨‍🔬 Pod as an internet egress network appliance 🎏 Kubernetes API and flow control 🧐 Understanding the kubelet Read it now: https://learnk8s.io/issues/50

traefik-jwt-plugin is a Traefik plugin for verifying JSON Web Tokens (JWT). It supports: - Public keys, certificates or JWKS endpoints. - RSA, ECDSA and symmetric keys. - Open Policy Agent (OPA) for additional authorization checks. More: https://github.com/team-carepay/traefik-jwt-plugin

The Secrets Store CSI driver provides a Kubernetes-native way of mounting secrets into pods while managing the whole lifecycle of the secret in an enterprise-grade secret provider. Learn how to use it in this article. More: https://blog.ediri.io/advanced-secret-management-on-kubernetes-with-pulumi-secrets-store-csi-driver

In this tutorial, you will show how to deploy and configure the Ingress and Egress Gateway with Istio Service Mesh to implement a Zero Trust Architecture on Kubernetes for ingoing and outgoing traffic. More: https://medium.com/@lupass93/ingress-and-egress-traffic-in-zero-trust-architecture-with-istio-service-mesh-on-kubernetes-771aa5ebcb2a

In this post, you'll go over the Azure security baseline for Azure Kubernetes Service and give a shoutout to two tools that can aid you in the process of establishing your compliance with the baseline: kube-bench and popeye. More: https://community.ops.io/the_cozma/kube-bench-and-popeye-a-power-duo-for-aks-security-compliance-4f8c

This repository contains a reference AWS Platform Configuration for Crossplane with stateful cloud services (RDS) designed to connect to the nodes in each EKS cluster securely. More: https://github.com/upbound/platform-ref-aws

Kubewarden is a policy engine for Kubernetes. It helps with keeping your Kubernetes clusters secure and compliant. Kubewarden policies can be written using regular programming or Domain Specific Languages (DSL). More: https://github.com/kubewarden

In this post, you'll simulate different network failures in a distributed system and see how they can be detected: 1. Network partitioning. 2. Network delay. 3. Packet loss. More: https://coroot.com/blog/chaos-driven-observability-spotting-network-failures

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with 1Password 💰 $180K to $244K a year 👨‍💻 Remote from the United States, Canada → https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55 DevSecOps Engineer with Robinhood 💰 $169K to $255K a year 🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA → https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55 DevSecOps Engineer with Verkada 💰 $120K to $285K a year 🏠 From the office in San Mateo, CA, USA → https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55 DevSecOps Engineer with Voltron Data 💰 $170K to $220K a year 🌎 Fully remote → https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55 DevSecOps Engineer with Visa 💰 $167.7K to $218K a year 🏠🏃🏻‍♂️🌎 Foster City, CA, USA → https://kube.careers/t/e909c1a6-db53-4b66-927f-150f134a727a?s=55 👉 Browse all 469 Kubernetes jobs on Kube Careers https://kube.careers

This tutorial shows how to securely access services in a Kubernetes cluster using Cloudflare Zero Trust. It involves setting up a tunnel, deploying cloudflared and securing access with the Warp client. More: https://gtzsec.medium.com/accessing-kubernetes-services-using-cloudflare-zero-trust-cb594435da22

This week on the Learn Kubernetes Weekly: 💪 ARM nodes to 4,000 engineers 🔪 Our dev is on AWS, our prod on OVHcloud ⚖️ gRPC and custom push-based DNS resolution 🛑 Istio upstream Connect error 🐣 Kubernetes-101: Ingress Read it now: https://learnk8s.io/issues/49

The Secrets Store CSI Driver allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into their pods as a volume. Once the Volume is attached, its data is mounted into the container's file system. More: https://github.com/kubernetes-sigs/secrets-store-csi-driver

Are logs enough to troubleshoot your deployment and infrastructure? Perhaps — but there's a better way to observe, monitor and debug your stack: embracing observability This and more in this episode of KubeFM with Bart & Adriana 👉 https://kube.fm/adriana-hannah-unpacking-o11y

This article discusses how to change passwords defined within a Sealed Secret. The article outlines the various steps involved including converting the secret to Sealed Secret and merging updated values into an existing secret. More: https://medium.com/@reefland/changing-sealed-secrets-passwords-in-kubernetes-897ce2a011ac

Master Kubernetes with Learnk8s' Advanced Kubernetes workshop! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The course starts in 2 weeks in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023

Marvin is a CLI tool designed to help Kubernetes cluster administrators ensure the security and reliability of their environments. It performs extensive checks on cluster resources, identifying potential issues, misconfigurations, and vulnerabilities. More: https://github.com/undistro/marvin

In this blog, you'll learn what access control is and how Kubernetes manages access permissions behind the scenes. More: https://blog.kubesimplify.com/kubernetes-access-control-with-authentication-authorization-admission-control

Master Kubernetes with Learnk8s' Advanced Kubernetes workshop! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The course starts on the 30th of October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with 1Password 💰 $180K to $244K a year 👨‍💻 Remote from the United States, Canada → https://kube.careers/t/b733b996-956e-4086-b0fa-514316485975?s=55 DevSecOps Engineer with Robinhood 💰 $169K to $255K a year 🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA → https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55 DevSecOps Engineer with Verkada 💰 $120K to $285K a year 🏠 From the office in San Mateo, CA, USA → https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55 DevSecOps Engineer with Voltron Data 💰 $170K to $220K a year 🌎 Fully remote → https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55 DevSecOps Engineer with Visa 💰 $167.7K to $218K a year 🏠🏃🏻‍♂️🌎 Foster City, CA, USA → https://kube.careers/t/e909c1a6-db53-4b66-927f-150f134a727a?s=55 👉 Browse all 468 Kubernetes jobs on Kube Careers https://kube.careers

This blog post examines Istio and how to leverage it to implement authentication and authorization policies to secure apps: 1. Native support for mTLS and JWT authentication. 2. Control and visibility over network traffic. 3. RBAC policies. More: https://www.infracloud.io/blogs/istio-authentication-authorization-policies