Kubesploit

In this article, you'll learn how to secure EKS by intentionally attaching the wrong policies to pods and hacking the cluster. You will misconfigure AWS Identity and Access Management (IAM) roles for the service accounts (IRSA) feature. More: https://medium.com/@bingolbalihasan/hacking-kubernetes-in-aws-54f4681f1478

This article argues, and demonstrates that Distroless containers are not immune to unconventional hacking methods just because shell programs aren't included in the image. More: https://medium.com/@hkoushik/abusing-a-distroless-container-afb74a6dc162

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Anthropic 💰 $300K to $405K a year 🏠🏃🏻‍♂️🌎 San Francisco, CA / New York, NY, USA → https://kube.careers/t/6a4b5616-64d0-4855-9e10-a0c2b7cefcca?s=55 DevSecOps Engineer with Plaid 💰 $215.3K to $322.9K a year 👨‍💻 Remote from the United States → https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55 DevSecOps Engineer with Applied Intuition 💰 $65K to $400K a year 🏠 From the office in Mountain View, CA, USA → https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55 DevSecOps Engineer with Hyperscience 💰 $190K to $260K a year 👨‍💻 Remote from the United States → https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55 DevSecOps Engineer with Crusoe 💰 $210K to $240K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55 👉 Browse all 437 Kubernetes jobs on Kube Careers https://kube.careers

Chaos Mesh brings various types of fault simulation to Kubernetes and can orchestrate fault scenarios. It helps you simulate various abnormalities that might occur in reality during the development, testing, and production. More: https://chaos-mesh.org

kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication, also known as kubectl oidc-login. More: https://github.com/int128/kubelogin

This week on the Learn Kubernetes Weekly: 💣 One bad probe away from disaster 💰 Autonomous cost optimization 📈 Customizing Kubernetes Resource Management using NRI 👯‍♀️ HA app on Kubernetes ♻️ Kafka cluster to Kubernetes Read it now: https://learnk8s.io/issues/76

In this detailed article, you will learn about Admission Webhooks, how to use them, and how to build your own. It also includes an interesting comparison to Aspect-oriented programming (AOP) and a list of pitfalls you should avoid. More: https://gemovationlabs.com/kubernetes-webhooks-explained.html

In this KubeFM episode, Mat discusses the necessity of long-term support for Kubernetes and explores the intricacies of managing Kubernetes upgrades in a fast-evolving landscape. You will learn: - The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles. - Strategies for managing Kubernetes upgrades, including insights into the release cycle and the potential pitfalls of the upgrading process. Watch (or listen to) it here: https://kube.fm/kubernetes-lts-mat

In this KubeFM episode, Mat discusses the necessity of long-term support for Kubernetes and explores the intricacies of managing Kubernetes upgrades in a fast-evolving landscape. You will learn: - The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles. - Strategies for managing Kubernetes upgrades, including insights into the release cycle and the potential pitfalls of the upgrading process. - The role of managed services and semi-automatic upgrades in simplifying Kubernetes maintenance for organizations, especially in cost optimization and resource constraints. Watch (or listen to) it here: https://kube.fm/kubernetes-lts-mat

If you are an admin running a Kubernetes cluster on AWS, you already need to manage AWS IAM credentials to provision and update the cluster. You avoid managing a separate credential for Kubernetes access by using AWS IAM Authenticator for Kubernetes. More: https://github.com/kubernetes-sigs/aws-iam-authenticator

Creating and deleting Pods is one of the most common tasks in Kubernetes. In this article, you will learn how to prevent broken connections when a Pod starts up or shuts down (and how to shut down long-running tasks gracefully). Read the full article: https://learnk8s.io/graceful-shutdown

The article explores enabling Istio to trust certificates from multiple root CAs, which is crucial for multi-cluster Istio meshes. It details a disaster recovery use case providing a step-by-step guide for configuring trust using secrets and encryption. More: https://medium.com/tenets/istio-assuming-trust-between-clusters-in-the-same-mesh-with-different-cas-934ec398a9b5

In this tutorial, you will learn how to set up the Open Policy Agent to evaluate queries against a set of policies. More: https://medium.com/@chukmunnlee/enforcing-cluster-policy-with-open-policy-agent-part-1-b0448093248d

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Anthropic 💰 $300K to $405K a year 🏠🏃🏻‍♂️🌎 San Francisco, CA / New York, NY, USA → https://kube.careers/t/6a4b5616-64d0-4855-9e10-a0c2b7cefcca?s=55 DevSecOps Engineer with Plaid 💰 $215.3K to $322.9K a year 👨‍💻 Remote from the United States → https://kube.careers/t/82ecabe4-3ee3-408e-9e59-de3130fd3475?s=55 DevSecOps Engineer with Applied Intuition 💰 $65K to $400K a year 🏠 From the office in Mountain View, CA, USA → https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55 DevSecOps Engineer with PagerDuty 💰 $176K to $277K a year 🏠 From the office in Atlanta, GA, USA → https://kube.careers/t/f7204480-93a6-477a-996f-eee9e4c5f9bd?s=55 DevSecOps Engineer with Hyperscience 💰 $190K to $260K a year 👨‍💻 Remote from the United States → https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55 👉 Browse all 443 Kubernetes jobs on Kube Careers https://kube.careers

The article compares HashiCorp Vault and Banzaicloud/bank-vaults for Kubernetes Secrets Management, highlighting their advantages, potential drawbacks, and considerations for choosing between them. More: https://medium.com/@denisgorokhov/kubernetes-secrets-management-hashicorp-vault-vs-banzaicloud-bank-vaults-5a793c4de18d

This repository contains an extended version of the Open Policy Agent (OPA-Envoy) that allows you to enforce OPA policies with Envoy. More: https://github.com/open-policy-agent/opa-envoy-plugin

In this article, you'll learn how to use RBAC and set up Roles that specify what actions are allowed and how to link these Roles to your Users and Service Accounts using RoleBindings. More: https://medium.com/@arton.demaku/kubernetes-rbac-explained-with-examples-40e1c5e44c32

Amazon EKS Pod Identities automates the association between Kubernetes service accounts and AWS IAM roles, eliminating manual credential management. This tutorial explains the steps involved in doing so. More: https://medium.com/lumigo/eks-pod-identity-agent-7274e739832c

Kubernetes Community Days Romania starts in less than 2 weeks! A one-day technical event loaded with exciting Kubernetes talks and networking opportunities. 📆 Thu, 25th Apr ⏰ 8am EET 📍 Bucharest, RO 👉 https://kube.events/t/b08aa779-8760-45e7-a493-4dc023871777

The article compares three policy engines: OPA, Gatekeeper, Kyverno, and jsPolicy. More: https://blogs.aftabs.co/enforcing-security-and-compliance-with-kubernetes-policy-engines