Kubesploit

Sysdig analysed over 250,000 Linux images on Docker Hub to detect malicious payloads hidden in the container's images. Learn what was discovered in this article. More: https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images

kubeseal-convert is a tool for importing secrets from pre-existing secrets management systems (e.g. Vault, Secrets Manager) into a SealedSecret. More: https://github.com/EladLeev/kubeseal-convert

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next course is in 4 weeks and you can sign up here: https://learnk8s.io/online-advanced-june-2023

Here is a list of all the main Kubernetes vulnerabilities from 2022. More: https://armosec.io/blog/kubernetes-vulnerabilities-2022

This week on the Learn Kubernetes Weekly: 🥷 Taking over "Google Cloud shell" 4️⃣ 4 container design patterns 🏡 Why and how I use Kubernetes for my personal stuff 📈 Upgrading Kubernetes: a practical guide 🪵 Contextual logging Read it now: https://learnk8s.io/learn-kubernetes-weekly

In this story, you will follow Qasim's journey in identifying and resolving an issue with iptables in a minikube cluster. The author ended up learning a lot about Linux networking and filtering. More: https://medium.com/zeal-tech-blog/kubernetes-debug-story-side-effect-of-a-privileged-container-446d56a7a422

What does it take to get a job as a Kubernetes engineer in 2023? Do you need a certification? If yes, which one should you study for? What about salaries? How much is a Kubernetes Engineer worth? We analyzed 102 Kubernetes jobs from January to March of 2023 and found that: - The average Kubernetes job pays €87,378 in Europe and $125,898 in North America. - Most job listings are for Senior DevOps Engineers (but there's an uptick in demand for junior roles). - Remote-only jobs have decreased by 64% quarter on quarter. - Gitlab CI has passed Jenkins's mentions for the first time EVER. You can read the full report here: https://kube.careers/kubernetes-trend-report-2023-q1

One way to make your Kubernetes cluster more secure is to hide the control plane behind a firewall. That means kubectl is not available on the public internet. In this post, you will learn how to create an SSH tunnel to connect to your private cluster. More: https://banach.net.pl/posts/2022/accessing-kubernetes-cluster-using-ssh-tunnel

In this article, you will learn the thought process, design decision and code that led to writing a custom controller to copy secrets from Hashicorp Vault to Kubernetes. More: https://medium.com/kts-digital-services-integrator/why-we-developed-own-kubernetes-controller-to-copy-secrets-e46368ae6db9

A researcher gained root access to the host and was able to execute commands on other pods in GCP. Mitigations include blocking network connections, removing unnecessary capabilities, and using a different IP address for the node. More: https://medium.com/@chenshiri/taking-over-google-cloud-shell-by-utilizing-capabilities-and-kubelet-fd5e2417f286

In this tutorial, you will learn how to use oauth2-proxy as a sidecar container to authorize requests to your Identity Provider of choice. More: https://dev.to/gabrielbiasi/automatic-sso-in-kubernetes-workloads-using-a-sidecar-container-3752

Securing Kubernetes with open-source tools has become increasingly prevalent. Read all you need to know about this shift in this detailed report. More: https://landing.armosec.io/state-of-kubernetes-open-source-security-2022

This week on the Learn Kubernetes Weekly: 🚦 Service communication monitoring 🕵️‍♀️ The life of a DNS query 🗺 Network mapping in Grafana ± Preview and diff Argo CD deployments ☁️ Istio multicluster deployment with Terraform Read it now: https://learnk8s.io/learn-kubernetes-weekly

In this article, you will learn how to map all the pods in the cluster and correlate IP with workloads, facilitating the management of cluster network status and speeding up debugging. More: https://betterprogramming.pub/improve-cluster-monitoring-with-network-mapping-in-grafana-fa8bb479fd47

Trivy is a comprehensive and versatile security scanner. What Trivy can scan: - Container Images. - Filesystem. - Git Repository (remote). - Virtual Machine Image. - Kubernetes. - AWS. More: https://github.com/aquasecurity/trivy

With Seccomp, you can restrict processes' calls from userspace into kernel space. In this article, you will learn how Kubernetes can automatically apply Seccomp profiles to Pods and containers. More: https://levelup.gitconnected.com/seccomp-secure-computing-mode-kubernetes-docker-97130516662c

Konstraint is a CLI tool to assist with the creation and management of templates and constraints when using Gatekeeper. More: https://github.com/plexsystems/konstraint

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next course is in June and you can sign up here: https://learnk8s.io/online-advanced-june-2023

This article has a few tips for hardening your GKE setup: 1. Network policies. 2. Custom service accounts. 3. Workload identities. 4. Pod Security admissions and admission controllers. 5. GKE sandbox. More: https://medium.com/@pbijjala/considerations-for-hardening-your-gke-a-workload-perceptive-943be26949d2

This week on the Learn Kubernetes Weekly: 🙅‍♀️ Ingress controller in bash 🧐 Pods health checks mystery 8️⃣ Comparing 8 managed Kubernetes providers 🚦 Advancements in traffic engineering 🔗 The problem of state Read it now: https://learnk8s.io/learn-kubernetes-weekly