Kubesploit

This week on the Learn Kubernetes Weekly: 🏃🏻‍♂️ Migrating etcd between clouds 🤔 What happens when… Kubernetes edition! ⚒️ Build your own Docker 💰 Upgrading 100s of clusters 🔙 S3 backups with Crossplane Read it now: https://learnk8s.io/issues/48

In this tutorial, you will learn how to set up an auto-rotating secret for a database connection using the External Secret Operator and Vault. Secrets refresh every hour, and your apps stay connected to the database with new valid credentials. More: https://dev.to/canelasevero/true-secrets-auto-rotation-with-eso-and-vault-1g4o

Learn how to rebalance workloads in your Kubernetes cluster to optimize resource allocations. In this webinar, you'll learn: - What the Decheduler is and how it works - Policies to reallocate pods in your nodes 📅 12 Oct ⏰ 8am PT | 5pm CET 👉 https://kube.events/t/33c89654-e376-4a7f-8a43-15619a3502da

Gazal hinted at a 40% reduction in compute capacity when combining Bottlerocket OS and Karpenter (and 30% lower response times). This and more on the new episode of the KubeFM podcast with Bart Farrell! 👉 https://kube.fm/gazal-eks-bottlerocket-karpenter

In this tutorial, you will find a demo of a Kubernetes Dynamic Validating Admission controller. You will learn how to write a webhook server in Go and plan for its reliability and availability. More: https://dev.to/gkampitakis/kubernetes-dynamic-admission-control-1f9p

Puzzlefs is a container filesystem designed to address the limitations of the existing OCI format. The project's primary goals are reduced duplication, reproducible image builds, direct mounting support and memory safety guarantees. More: https://github.com/project-machine/puzzlefs

In this 2-part article, you will learn how to set up and use the Pod Security Admission Controller and apply policies to a specific namespace and the entire cluster. More: https://faun.pub/pod-security-admission-controller-cluster-level-bda83b80d916

Zarf eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments. More: https://github.com/defenseunicorns/zarf

Learn how to rebalance workloads in your Kubernetes cluster to optimize resource allocations. In this webinar, you'll learn: - What the Decheduler is and how it works - Policies to reallocate pods in your nodes 📅 12 Oct ⏰ 8am PT | 5pm CET 👉 https://kube.events/t/33c89654-e376-4a7f-8a43-15619a3502da

In this tutorial, you will learn how to implement chaos testing for your backend services in Kubernetes using k6 to observe how they behave when unexpected incidents happen. More: https://semaphoreci.com/blog/chaos-testing-k6

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Tubi 💰 $197K to $259K a year 👨‍💻 Remote from the United States → https://kube.careers/t/fbfd93b4-e284-47f8-89a9-6e7cfa4c82ad?s=55 DevSecOps Engineer with Robinhood 💰 $169K to $255K a year 🏠 From the office in Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC, USA → https://kube.careers/t/bcecc046-9f28-4766-aaad-e8cb41ae9aa3?s=55 DevSecOps Engineer with Pure Storage 💰 $167K to $251K a year 🏠 From the office in Santa Clara, CA, USA → https://kube.careers/t/611fe80e-6e6d-4ece-b428-4af7561f7af7?s=55 DevSecOps Engineer with Verkada 💰 $120K to $285K a year 🏠 From the office in San Mateo, CA, USA → https://kube.careers/t/48e3f6f7-5043-43b1-8c58-6bc81939bc19?s=55 DevSecOps Engineer with Voltron Data 💰 $170K to $220K a year 🌎 Fully remote → https://kube.careers/t/f2509a98-e72c-4444-a44e-7f9502b58e1a?s=55 👉 Browse all 477 Kubernetes jobs on Kube Careers https://kube.careers

In this detailed write-up, you will uncover how the botnet run by TeamTNT attacks vulnerable Docker and Kubernetes environments, Redis servers, Postgres databases, Hadoop clusters, Tomcat and others. More: https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign

This week on the Learn Kubernetes Weekly: 🔍 How to traceroute pod-to-pod traffic 🔦 VPN tunnels: how we used them to migrate to 🗺️ Container Checkpointing 📦 kube-image-keeper ✅ Verifying container image signatures Read it now: https://learnk8s.io/issues/47

Kubewarden policy deprecated-api-versions is a Kubewarden policy that detects usage of Kubernetes resources that have been deprecated or removed. More: https://github.com/kubewarden/deprecated-api-versions-policy

Master Kubernetes with Learnk8s' Advanced Kubernetes workshop! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The course starts the 30th of October in Amsterdam and you can sign up here: https://learnk8s.io/amsterdam-advanced-october-2023

In this tutorial, you will learn how to use Kyverno to inject fields into Kubernetes resources to remove dangling jobs automatically. More: https://blog.wtcx.dev/2022/07/09/automatically-clean-up-dangling-jobs-with-policy-engine

The VPC CNI plugin and pods inherit the EKS node IAM role by default. If the node role has the AmazonEKS_CNI_Plugin attached, pods running on the node can attach and detach ENIs and assign IP addresses. In this article, you'll learn how to solve this. More: https://medium.com/@jandersson89/securing-aws-eks-configure-the-vpc-cni-plugin-to-use-irsa-51351f893c18

Making autoscaling dead simple in Kubernetes: KEDA In this episode, Jorge Turrado tells the story of how he became a KEDA maintainer while learning to write Go. 📺 Watch or listen to the full episode here: https://kube.fm/keda-jorge-turrado

When your container gets breached, the attacker can use tools like curl to download more tools for further exploitation and lateral movement within your system. LProbe is as wget/curl replacement for hardened and secure container images. More: https://github.com/fivexl/lprobe

CRI-compatible container runtimes feature full support for container image signature verification in v1.28. In this article, you will learn how a single instance can validate the signatures before any image pull can occur. More: https://kubernetes.io/blog/2023/06/29/container-image-signature-verification