Kubesploit
Відкрити в Telegram
News and links on Kubernetes security curated by the @Learnk8s team Website: https://kubesploit.io/
Показати більше2 078
Підписники
+124 години
Немає даних7 днів
+1530 день
Триває завантаження даних...
Схожі канали
Хмара тегів
Вхідні та вихідні згадування
---
---
---
---
---
---
Залучення підписників
липень '26
липень '26
+23
в 1 каналах
червень '26
+41
в 3 каналах
Get PRO
травень '26
+49
в 3 каналах
Get PRO
квітень '26
+36
в 3 каналах
Get PRO
березень '26
+65
в 5 каналах
Get PRO
лютий '26
+35
в 1 каналах
Get PRO
січень '26
+29
в 1 каналах
Get PRO
грудень '25
+44
в 3 каналах
Get PRO
листопад '25
+35
в 2 каналах
Get PRO
жовтень '25
+23
в 2 каналах
Get PRO
вересень '25
+18
в 2 каналах
Get PRO
серпень '25
+22
в 2 каналах
Get PRO
липень '25
+38
в 2 каналах
Get PRO
червень '25
+18
в 3 каналах
Get PRO
травень '25
+28
в 2 каналах
Get PRO
квітень '25
+18
в 2 каналах
Get PRO
березень '25
+23
в 3 каналах
Get PRO
лютий '25
+23
в 1 каналах
Get PRO
січень '25
+28
в 2 каналах
Get PRO
грудень '24
+49
в 1 каналах
Get PRO
листопад '24
+106
в 2 каналах
Get PRO
жовтень '24
+103
в 2 каналах
Get PRO
вересень '24
+94
в 2 каналах
Get PRO
серпень '24
+147
в 3 каналах
Get PRO
липень '24
+62
в 2 каналах
Get PRO
червень '24
+66
в 3 каналах
Get PRO
травень '24
+91
в 2 каналах
Get PRO
квітень '24
+122
в 3 каналах
Get PRO
березень '24
+76
в 3 каналах
Get PRO
лютий '24
+57
в 2 каналах
Get PRO
січень '24
+56
в 2 каналах
Get PRO
грудень '23
+79
в 2 каналах
Get PRO
листопад '23
+21
в 3 каналах
Get PRO
жовтень '23
+23
в 2 каналах
Get PRO
вересень '23
+28
в 0 каналах
Get PRO
серпень '23
+12
в 0 каналах
Get PRO
липень '23
+26
в 0 каналах
Get PRO
червень '23
+30
в 0 каналах
Get PRO
травень '23
+42
в 0 каналах
Get PRO
квітень '23
+27
в 0 каналах
Get PRO
березень '23
+81
в 0 каналах
Get PRO
лютий '23
+17
в 0 каналах
Get PRO
січень '23
+35
в 0 каналах
Get PRO
грудень '22
+22
в 0 каналах
Get PRO
листопад '22
+34
в 0 каналах
Get PRO
жовтень '22
+23
в 0 каналах
Get PRO
вересень '22
+32
в 0 каналах
Get PRO
серпень '22
+19
в 0 каналах
Get PRO
липень '22
+32
в 0 каналах
Get PRO
червень '22
+22
в 0 каналах
Get PRO
травень '22
+104
в 0 каналах
Get PRO
квітень '22
+36
в 0 каналах
Get PRO
березень '22
+33
в 0 каналах
Get PRO
лютий '22
+18
в 0 каналах
Get PRO
січень '22
+22
в 0 каналах
Get PRO
грудень '21
+12
в 0 каналах
Get PRO
листопад '21
+45
в 0 каналах
Get PRO
жовтень '21
+388
в 0 каналах
| Дата | Залучення підписників | Згадування | Канали | |
| 17 липня | +2 | |||
| 16 липня | +2 | |||
| 15 липня | 0 | |||
| 14 липня | +1 | |||
| 13 липня | +1 | |||
| 12 липня | +2 | |||
| 11 липня | +2 | |||
| 10 липня | 0 | |||
| 09 липня | +1 | |||
| 08 липня | 0 | |||
| 07 липня | +1 | |||
| 06 липня | +1 | |||
| 05 липня | +3 | |||
| 04 липня | +1 | |||
| 03 липня | +1 | |||
| 02 липня | +3 | |||
| 01 липня | +2 |
Дописи каналу
This tutorial shows how to modernize Kyverno policies with CEL using practical Kubernetes security examples like namespace rules, image checks, service account tokens, and safer policy testing.
More: https://ku.bz/PcpzWX_N6
| 2 | This article explains how a local 7B model was fine-tuned to answer cloud security, Kubernetes, Terraform, and compliance questions from a rule-based dataset.
More: https://ku.bz/NNjhbSslC | 148 |
| 3 | This week on Learn Kubernetes Weekly 192:
🔧 Our Kubernetes Operator Didn't Scale, So We Rebuilt It
🔀 ClickHouse Shard Rebalancing on Kubernetes: From Talk to Operator
💥 Invisible OOMkill: Java Pods Crashing in Kubernetes
🗂️ Using Kubernetes ConfigMaps as a Real-Time State Store
🚨 From Container Escape to Cloud Takeover: A Real-World Cloud Security Assessment
Read it now: https://kube.today/issues/192
⭐️ This newsletter is brought to you by Buoyant, the creators of Linkerd https://ku.bz/BB-RtVFWs | 92 |
| 4 | This case study explains how a Kubernetes secrets audit exposed weak secret handling and forced a move toward safer secret management.
It covers encoded secrets, RBAC, encryption, external secret stores, and audit-ready controls.
More: https://ku.bz/z0ylnRsvd | 161 |
| 5 | How do you give developers access to the Kubernetes API without letting them break things?
Peter Kelly describes staged policies in Project Calico: developers can dry-run network policies to see which flows would be affected before enforcing them. Combined with namespace-scoped policy tiers, teams get real autonomy without risking production traffic.
Instead of blocking developers, give them a safe way to test.
Full interview: https://ku.bz/xgqZJhdyn
Watch the full interview: https://ku.bz/xgqZJhdyn
This interview is a reaction to Mac Chaffee's episode https://ku.bz/9nFPmG85f | 166 |
| 6 | Copy Fail Destroyer runs on Kubernetes nodes to detect and remediate Copy Fail and Dirty Frag by probing vulnerable kernel modules, unloading them, exposing metrics, and supporting Helm or ArgoCD deployment.
More: https://ku.bz/xvFl18wxv | 197 |
| 7 | k8scout maps realistic Kubernetes escalation paths from a compromised pod to cluster-admin, node access, secret theft, or cloud IAM takeover, with graph output and reviewer mode.
More: https://ku.bz/Jt-LJm0f2 | 284 |
| 8 | This article explains the Kubernetes v1.36 SELinux volume labeling change and why clusters using SELinux should audit workloads before SELinuxMount becomes the default.
More: https://ku.bz/KGR_FN-3w | 341 |
| 9 | This article explains Kubernetes v1.36 fine-grained kubelet authorization and how teams can replace broad nodes/proxy access with safer permissions for metrics, stats, logs, pods, and health checks.
More: https://ku.bz/M6WZq580X | 363 |
| 10 | This week on Learn Kubernetes Weekly 191:
🔥 What Does 4.4% GPU Utilization Actually Mean?
🛠️ GKE IP Exhaustion Fixed: The Class E Migration Guide
🧹 Evicting MCP Tool Calls from Your Kubernetes Cluster
🔄 The Feedback Loops Behind Kubernetes
🧠 You Don't Have a GIL Problem — You Have a CPU Problem
Read it now: https://kube.today/issues/191
⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V | 280 |
| 11 | Copy Fail Blocker deploys a privileged DaemonSet that blocks AF_ALG and AF_RXRPC socket creation cluster-wide to mitigate Copy Fail and similar Linux kernel privilege-escalation paths.
More: https://ku.bz/hMfdC6WGc | 300 |
| 12 | Kaniop is a Kubernetes operator written in Rust for managing Kanidm identity management clusters, providing declarative identity management through GitOps workflows.
More: https://ku.bz/pFkd88jPW | 317 |
| 13 | This tutorial shows how to connect on-prem Kubernetes workloads to Google Cloud without service account keys using Workload Identity Federation, OIDC, Terraform, Kyverno, and IAM attribute conditions.
More: https://ku.bz/1YVD6c3FP | 507 |
| 14 | This week on Learn Kubernetes Weekly 190:
🌪️ Taming the Storm: Building Groww's Internal Chaos Engineering Platform
🧪 Taracode Testing a Go-Based CLI AI Agent in My Homelab
🧠 Building self-evolving AI systems: exploring the architecture
🔄 Migrating from slurm to Kubernetes
🏠 Lessons Learnt Self-hosting an AI Assistant
Read it now: https://kube.today/issues/190
⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V | 372 |
| 15 | John Howard, Senior Software Engineer at Solo.io, explains that the biggest challenge in Kubernetes security isn't features but adoption.
He shares how Ambient Mesh originated from users repeatedly requesting "just mTLS" without the overhead of full-service mesh implementation. The team designed Ambient Mesh with compatibility and low footprint as core principles - it doesn't modify traffic patterns, works with any application, and can be deployed cluster-wide without breaking existing workloads. John emphasizes that establishing baseline security everywhere must precede implementing advanced features like sophisticated authorization policies or AI-based anomaly detection.
Watch the full episode: https://kube.fmhttps://ku.bz/sk-ZF1PG9 | 361 |
| 16 | New on LearnKube: Server-side apply: what happens when you run kubectl apply
Server-side apply changes how Kubernetes handles field ownership.
Kubernetes objects are shared state. Manifests, controllers, release tools, autoscalers, webhooks, and operators can all shape the same object.
With client-side apply, stale intent can overwrite live changes.
With server-side apply, ownership moves into the API server. Kubernetes tracks which manager owns each field and surfaces conflicts when ownership is contested.
Chiara put serious work into this guide, and you can read it in full here: https://learnkube.com/server-side-apply-kubernetes | 192 |
| 17 | This article explains how to use Gatekeeper to enforce in-cluster admission policies, such as rejecting :latest images, mandating labels, and disallowing privileged workloads.
More: https://ku.bz/1Zskfkkvg | 379 |
| 18 | This tutorial shows how to run OWASP ZAP scans inside GitHub Actions using SecureCodeBox on a Kubernetes kind cluster.
More: https://ku.bz/nDZJpmg5F | 395 |
| 19 | This week on Learn Kubernetes Weekly 189:
🔥 Zero-Downtime Kubernetes Ingress Controllers on GCP
🏗️ Architecting GPUaaS for Enterprise AI On-Prem
📋 Conditions, Phases, and Declarative Phase Rules in Kubernetes Operators
⚙️ Container-Aware GOMAXPROCS
💀 Why Your Kubernetes Pod Was OOM Killed and Who Really Killed It
Read it now: https://kube.today/issues/189
⭐️ This issue is brought to you by Solanica - replace RDS with a self-hosted DBaaS on your own Kubernetes clusters with automated Day 2 operations and zero vendor lock-in https://ku.bz/NTszfwH40 | 318 |
| 20 | This guide walks through deploying Istio via Terraform and Helm to secure service-to-service and external communication with mTLS, automatic sidecar injection, and encrypted ingress via Istio Gateway.
More: https://ku.bz/wxcXWRYy2 | 332 |
