ru
Feedback
Kubesploit

Kubesploit

Открыть в Telegram

News and links on Kubernetes security curated by the @Learnk8s team Website: https://kubesploit.io/

Больше
2 078
Подписчики
+124 часа
Нет данных7 дней
+1530 день

Загрузка данных...

Привлечение подписчиков
июль '26
июль '26
+23
в 1 каналах
июнь '26
+41
в 3 каналах
Get PRO
май '26
+49
в 3 каналах
Get PRO
апрель '26
+36
в 3 каналах
Get PRO
март '26
+65
в 5 каналах
Get PRO
февраль '26
+35
в 1 каналах
Get PRO
январь '26
+29
в 1 каналах
Get PRO
декабрь '25
+44
в 3 каналах
Get PRO
ноябрь '25
+35
в 2 каналах
Get PRO
октябрь '25
+23
в 2 каналах
Get PRO
сентябрь '25
+18
в 2 каналах
Get PRO
август '25
+22
в 2 каналах
Get PRO
июль '25
+38
в 2 каналах
Get PRO
июнь '25
+18
в 3 каналах
Get PRO
май '25
+28
в 2 каналах
Get PRO
апрель '25
+18
в 2 каналах
Get PRO
март '25
+23
в 3 каналах
Get PRO
февраль '25
+23
в 1 каналах
Get PRO
январь '25
+28
в 2 каналах
Get PRO
декабрь '24
+49
в 1 каналах
Get PRO
ноябрь '24
+106
в 2 каналах
Get PRO
октябрь '24
+103
в 2 каналах
Get PRO
сентябрь '24
+94
в 2 каналах
Get PRO
август '24
+147
в 3 каналах
Get PRO
июль '24
+62
в 2 каналах
Get PRO
июнь '24
+66
в 3 каналах
Get PRO
май '24
+91
в 2 каналах
Get PRO
апрель '24
+122
в 3 каналах
Get PRO
март '24
+76
в 3 каналах
Get PRO
февраль '24
+57
в 2 каналах
Get PRO
январь '24
+56
в 2 каналах
Get PRO
декабрь '23
+79
в 2 каналах
Get PRO
ноябрь '23
+21
в 3 каналах
Get PRO
октябрь '23
+23
в 2 каналах
Get PRO
сентябрь '23
+28
в 0 каналах
Get PRO
август '23
+12
в 0 каналах
Get PRO
июль '23
+26
в 0 каналах
Get PRO
июнь '23
+30
в 0 каналах
Get PRO
май '23
+42
в 0 каналах
Get PRO
апрель '23
+27
в 0 каналах
Get PRO
март '23
+81
в 0 каналах
Get PRO
февраль '23
+17
в 0 каналах
Get PRO
январь '23
+35
в 0 каналах
Get PRO
декабрь '22
+22
в 0 каналах
Get PRO
ноябрь '22
+34
в 0 каналах
Get PRO
октябрь '22
+23
в 0 каналах
Get PRO
сентябрь '22
+32
в 0 каналах
Get PRO
август '22
+19
в 0 каналах
Get PRO
июль '22
+32
в 0 каналах
Get PRO
июнь '22
+22
в 0 каналах
Get PRO
май '22
+104
в 0 каналах
Get PRO
апрель '22
+36
в 0 каналах
Get PRO
март '22
+33
в 0 каналах
Get PRO
февраль '22
+18
в 0 каналах
Get PRO
январь '22
+22
в 0 каналах
Get PRO
декабрь '21
+12
в 0 каналах
Get PRO
ноябрь '21
+45
в 0 каналах
Get PRO
октябрь '21
+388
в 0 каналах
Дата
Привлечение подписчиков
Упоминания
Каналы
17 июля+2
16 июля+2
15 июля0
14 июля+1
13 июля+1
12 июля+2
11 июля+2
10 июля0
09 июля+1
08 июля0
07 июля+1
06 июля+1
05 июля+3
04 июля+1
03 июля+1
02 июля+3
01 июля+2
Посты канала
This tutorial shows how to modernize Kyverno policies with CEL using practical Kubernetes security examples like namespace ru
This tutorial shows how to modernize Kyverno policies with CEL using practical Kubernetes security examples like namespace rules, image checks, service account tokens, and safer policy testing. More: https://ku.bz/PcpzWX_N6

2
This article explains how a local 7B model was fine-tuned to answer cloud security, Kubernetes, Terraform, and compliance questions from a rule-based dataset. More: https://ku.bz/NNjhbSslC
148
3
This week on Learn Kubernetes Weekly 192: 🔧 Our Kubernetes Operator Didn't Scale, So We Rebuilt It 🔀 ClickHouse Shard Rebal
This week on Learn Kubernetes Weekly 192: 🔧 Our Kubernetes Operator Didn't Scale, So We Rebuilt It 🔀 ClickHouse Shard Rebalancing on Kubernetes: From Talk to Operator 💥 Invisible OOMkill: Java Pods Crashing in Kubernetes 🗂️ Using Kubernetes ConfigMaps as a Real-Time State Store 🚨 From Container Escape to Cloud Takeover: A Real-World Cloud Security Assessment Read it now: https://kube.today/issues/192 ⭐️ This newsletter is brought to you by Buoyant, the creators of Linkerd https://ku.bz/BB-RtVFWs
92
4
This case study explains how a Kubernetes secrets audit exposed weak secret handling and forced a move toward safer secret management. It covers encoded secrets, RBAC, encryption, external secret stores, and audit-ready controls. More: https://ku.bz/z0ylnRsvd
161
5
How do you give developers access to the Kubernetes API without letting them break things? Peter Kelly describes staged polic
How do you give developers access to the Kubernetes API without letting them break things? Peter Kelly describes staged policies in Project Calico: developers can dry-run network policies to see which flows would be affected before enforcing them. Combined with namespace-scoped policy tiers, teams get real autonomy without risking production traffic. Instead of blocking developers, give them a safe way to test. Full interview: https://ku.bz/xgqZJhdyn Watch the full interview: https://ku.bz/xgqZJhdyn This interview is a reaction to Mac Chaffee's episode https://ku.bz/9nFPmG85f
166
6
Copy Fail Destroyer runs on Kubernetes nodes to detect and remediate Copy Fail and Dirty Frag by probing vulnerable kernel modules, unloading them, exposing metrics, and supporting Helm or ArgoCD deployment. More: https://ku.bz/xvFl18wxv
197
7
k8scout maps realistic Kubernetes escalation paths from a compromised pod to cluster-admin, node access, secret theft, or cloud IAM takeover, with graph output and reviewer mode. More: https://ku.bz/Jt-LJm0f2
284
8
This article explains the Kubernetes v1.36 SELinux volume labeling change and why clusters using SELinux should audit workloads before SELinuxMount becomes the default. More: https://ku.bz/KGR_FN-3w
341
9
This article explains Kubernetes v1.36 fine-grained kubelet authorization and how teams can replace broad nodes/proxy access with safer permissions for metrics, stats, logs, pods, and health checks. More: https://ku.bz/M6WZq580X
363
10
This week on Learn Kubernetes Weekly 191: 🔥 What Does 4.4% GPU Utilization Actually Mean? 🛠️ GKE IP Exhaustion Fixed: The C
This week on Learn Kubernetes Weekly 191: 🔥 What Does 4.4% GPU Utilization Actually Mean? 🛠️ GKE IP Exhaustion Fixed: The Class E Migration Guide 🧹 Evicting MCP Tool Calls from Your Kubernetes Cluster 🔄 The Feedback Loops Behind Kubernetes 🧠 You Don't Have a GIL Problem — You Have a CPU Problem Read it now: https://kube.today/issues/191 ⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
280
11
Copy Fail Blocker deploys a privileged DaemonSet that blocks AF_ALG and AF_RXRPC socket creation cluster-wide to mitigate Copy Fail and similar Linux kernel privilege-escalation paths. More: https://ku.bz/hMfdC6WGc
300
12
Kaniop is a Kubernetes operator written in Rust for managing Kanidm identity management clusters, providing declarative identity management through GitOps workflows. More: https://ku.bz/pFkd88jPW
317
13
This tutorial shows how to connect on-prem Kubernetes workloads to Google Cloud without service account keys using Workload I
This tutorial shows how to connect on-prem Kubernetes workloads to Google Cloud without service account keys using Workload Identity Federation, OIDC, Terraform, Kyverno, and IAM attribute conditions. More: https://ku.bz/1YVD6c3FP
507
14
This week on Learn Kubernetes Weekly 190: 🌪️ Taming the Storm: Building Groww's Internal Chaos Engineering Platform 🧪 Tarac
This week on Learn Kubernetes Weekly 190: 🌪️ Taming the Storm: Building Groww's Internal Chaos Engineering Platform 🧪 Taracode Testing a Go-Based CLI AI Agent in My Homelab 🧠 Building self-evolving AI systems: exploring the architecture 🔄 Migrating from slurm to Kubernetes 🏠 Lessons Learnt Self-hosting an AI Assistant Read it now: https://kube.today/issues/190 ⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
372
15
John Howard, Senior Software Engineer at Solo.io, explains that the biggest challenge in Kubernetes security isn't features b
John Howard, Senior Software Engineer at Solo.io, explains that the biggest challenge in Kubernetes security isn't features but adoption. He shares how Ambient Mesh originated from users repeatedly requesting "just mTLS" without the overhead of full-service mesh implementation. The team designed Ambient Mesh with compatibility and low footprint as core principles - it doesn't modify traffic patterns, works with any application, and can be deployed cluster-wide without breaking existing workloads. John emphasizes that establishing baseline security everywhere must precede implementing advanced features like sophisticated authorization policies or AI-based anomaly detection. Watch the full episode: https://kube.fmhttps://ku.bz/sk-ZF1PG9
361
16
New on LearnKube: Server-side apply: what happens when you run kubectl apply Server-side apply changes how Kubernetes handles
New on LearnKube: Server-side apply: what happens when you run kubectl apply Server-side apply changes how Kubernetes handles field ownership. Kubernetes objects are shared state. Manifests, controllers, release tools, autoscalers, webhooks, and operators can all shape the same object. With client-side apply, stale intent can overwrite live changes. With server-side apply, ownership moves into the API server. Kubernetes tracks which manager owns each field and surfaces conflicts when ownership is contested. Chiara put serious work into this guide, and you can read it in full here: https://learnkube.com/server-side-apply-kubernetes
192
17
This article explains how to use Gatekeeper to enforce in-cluster admission policies, such as rejecting :latest images, manda
This article explains how to use Gatekeeper to enforce in-cluster admission policies, such as rejecting :latest images, mandating labels, and disallowing privileged workloads. More: https://ku.bz/1Zskfkkvg
379
18
This tutorial shows how to run OWASP ZAP scans inside GitHub Actions using SecureCodeBox on a Kubernetes kind cluster. More:
This tutorial shows how to run OWASP ZAP scans inside GitHub Actions using SecureCodeBox on a Kubernetes kind cluster. More: https://ku.bz/nDZJpmg5F
395
19
This week on Learn Kubernetes Weekly 189: 🔥 Zero-Downtime Kubernetes Ingress Controllers on GCP 🏗️ Architecting GPUaaS for
This week on Learn Kubernetes Weekly 189: 🔥 Zero-Downtime Kubernetes Ingress Controllers on GCP 🏗️ Architecting GPUaaS for Enterprise AI On-Prem 📋 Conditions, Phases, and Declarative Phase Rules in Kubernetes Operators ⚙️ Container-Aware GOMAXPROCS 💀 Why Your Kubernetes Pod Was OOM Killed and Who Really Killed It Read it now: https://kube.today/issues/189 ⭐️ This issue is brought to you by Solanica - replace RDS with a self-hosted DBaaS on your own Kubernetes clusters with automated Day 2 operations and zero vendor lock-in https://ku.bz/NTszfwH40
318
20
This guide walks through deploying Istio via Terraform and Helm to secure service-to-service and external communication with mTLS, automatic sidecar injection, and encrypted ingress via Istio Gateway. More: https://ku.bz/wxcXWRYy2
332