Kubesploit
Открыть в Telegram
News and links on Kubernetes security curated by the @Learnk8s team Website: https://kubesploit.io/
Больше2 068
Подписчики
-124 часа
+127 дней
+1730 день
Архив постов
2 068
This article explores Azure security, using a use case of Azure File share mount on AKS as an example.
The author shares valuable insights gleaned from troubleshooting and comprehending Azure's complex security mechanisms.
More: https://medium.com/@connectwithneeraj/decoding-azure-security-with-an-interesting-use-case-azure-file-share-mount-on-aks-workloads-2cb50bcf1c8a
2 068
Repost from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start next week: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
2 068
The article discusses using OAuth2 Proxy with Traefik in Kubernetes.
The process involves configuring Traefik and OAuth2 Proxy and using Traefik's forwardAuth middleware.
More: https://medium.com/@mike.schouw/how-to-run-oauth2-proxy-with-traefik-in-kubernetes-using-helm-and-terraform-85c39dddcd44
2 068
Repost from N/a
In this episode, Jen, a Technical Marketing Engineer at Tigera, discusses the complexities of adopting network policies.
She shares her initial struggles due to a lack of familiarity, highlighting the learning curve of implementing something new.
From her experience, Jennifer notes that network policies can initially seem daunting but become manageable with experience and a proper organizational setup.
Watch the full episode: https://kube.fm/network-observability-jen
2 068
Repost from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Credit Karma
💰 $190K to $270K a year
🏠 From the office in Oakland, CA, USA
→ https://kube.careers/t/2399bd1d-f5f3-4ac2-bdf8-e2d75b45348e?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
👉 Browse all 658 Kubernetes jobs on Kube Careers https://kube.careers
2 068
kube-lock sits as an intermediary between you and kubectl, allowing you to lock and unlock contexts.
It prevents misfires to production / high-value Kubernetes clusters that you might have strong IAM privileges on.
More: https://github.com/chaosinthecrd/kube-lock
2 068
Repost from LearnKube news
This week on the Learn Kubernetes Weekly:
🧮 Kubernetes instance calculator
💰 Kubernetes cost benchmark report 2024
📕 Practical guide to Kubernetes API
🛟 ETCD: DR solution
📉 How to massively reduce Prometheus load and cardinality by only using Istio labels you need
🙉 ConfigMap conundrum: subtleties of dynamic updates in Kubernetes configurations
Read it now: https://learnk8s.io/issues/88
2 068
Reflector is a Kubernetes addon designed to monitor changes to resources (Secrets and ConfigMaps) and reflect changes to mirror resources in the same or other namespaces.
More: https://github.com/emberstack/kubernetes-reflector
2 068
The article highlights the criticality of whitelisting image registries for cluster security, emphasizing trusted images from secure sources like DockerHub, Redhat Catalog, and GitHub Container Registry.
More: https://medium.com/@alparslanuysal/whitelisting-image-registries-44150c86c4ac
2 068
Repost from LearnKube news
How do you choose the best instance type for your Kubernetes cluster?
When using an 8 GB/2vCPU instance, are all the memory and CPU available to pods?
The Kubernetes instance calculator answers those questions and a lot more! https://learnk8s.io/kubernetes-instance-calculator
This is what you can do:
💰 Estimate costs for your workloads based on requests and instance sizes.
🔝 Explore instance overcommitment and efficiency.
📈 Identify over and underspending by model error rates on your actual memory and CPU usage.
⚖️ Compare instances between different cloud providers.
You can find the Kubernetes instance calculator here: https://learnk8s.io/kubernetes-instance-calculator
2 068
vals-operator syncs secrets from any secrets store supported by vals into Kubernetes.
It works similarly to secrets-manager, but it supports more secret stores other than HashiCorp Vault.
More: https://github.com/digitalis-io/vals-operator
2 068
The article discusses configuring users and groups in Kubernetes, the role-based access control (RBAC) mechanism, and using kubectl to check API access.
More: https://blog.adityasamant.dev/users-groups-roles-and-api-access-in-kubernetes
2 068
Repost from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55
DevSecOps Engineer with Applied Intuition
💰 $65K to $400K a year
🏠 From the office in Mountain View, CA, USA
→ https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55
DevSecOps Engineer with Hyperscience
💰 $190K to $260K a year
👨💻 Remote from the United States
→ https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55
DevSecOps Engineer with Crusoe
💰 $210K to $240K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55
DevSecOps Engineer with Opal Security
💰 $140K to $260K a year
🏠🏃🏻♂️🌎 San Francisco, CA / New York, NY, USA
→ https://kube.careers/t/9c9a6c2c-c98e-436c-a859-f3c74396da66?s=55
👉 Browse all 438 Kubernetes jobs on Kube Careers https://kube.careers
2 068
MKAT is an all-in-one auditing toolkit for identifying common security issues within managed Kubernetes environments.
More: https://github.com/DataDog/managed-kubernetes-auditing-toolkit
2 068
Repost from LearnKube news
This week on the Learn Kubernetes Weekly:
🕵️ Inside EKS networking: decoding the service IP journey
🥊 Argo CD vs Flux CD
🔫 Kubernetes silent pod killer
🤗 Embracing cgroup V2: best practices for migrating Kubernetes clusters to AlmaLinux
🔝 BGP ,Cilium, and FRR: top of rack for all!
Read it now: https://learnk8s.io/issues/87
🙏 Many thanks to SideroLabs for supporting our work and sponsoring this issue. Make sure to check out Omni to manage Kubernetes on bare metal, virtual machines, or in a cloud https://www.siderolabs.com/platform/saas-for-kubernetes?utm_source=learnk8s
2 068
While experimenting with Open Cluster Manager, Andy inadvertently deleted the cluster-admin ClusterRole and ClusterRoleBinding.
Learn how he recovered from this unfortunate situation.
More: https://clubanderson.medium.com/dont-delete-cluster-admin-clusterrole-and-clusterrolebinding-uggh-too-late-5b83daeacc4f
2 068
This article provides a guide on creating a secure supply chain in Kubernetes using the Supply Chain Levels for Software Artifacts (SLSA) framework.
More: https://medium.com/@jp-gouin/how-to-create-a-multi-clusters-secure-supply-chain-slsa-3-in-10min-oss-edition-2059aa39790b
2 068
The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password.
The operator also handles auto-restarting deployments when 1Password items are updated.
More: https://github.com/1Password/onepassword-operator
2 068
Repost from LearnKube news
This article discusses setting up a Validating Admission Webhook in Kubernetes to ensure system resource validity.
It covers configuring the webhook, deploying to Kubernetes, and testing the setup using Nginx containers.
More: https://adil.medium.com/how-to-set-up-a-validating-admission-webhook-on-kubernetes-bd0733bfcb51
2 068
Repost from LearnKube news
Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next online courses start on Jul 25: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c
We also run in-person courses and corporate training: https://learnk8s.io/corporate-training
Уже доступно! Исследование Telegram 2025 — ключевые инсайты года 
