Kubesploit

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Worldcoin 💰 $236K to $323K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55 DevSecOps Engineer with Trace3 💰 $240K to $290K a year 👨‍💻 Remote from the United States → https://kube.careers/t/d8c90922-9fb6-4a53-bf4d-0e4ac006bed0?s=55 DevSecOps Engineer with Scale AI 💰 $212K to $254.4K a year 🏠🏃🏻‍♂️🌎 San Francisco, CA / New York, NY, USA → https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55 DevSecOps Engineer with Glean 💰 $185K to $280K a year 🏠🏃🏻‍♂️🌎 Palo Alto, CA, USA → https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55 DevSecOps Engineer with Applied Intuition 💰 $65K to $400K a year 🏠 From the office in Mountain View, CA, USA → https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55 👉 Browse all 1163 Kubernetes jobs on Kube Careers https://kube.careers

This article discusses implementing authentication and authorization using Istio and OPA. It also explains how to integrate with Helm so that developers can self-serve. More: https://medium.com/@oryan.peer_72893/authentication-and-authorization-with-istio-and-opa-on-kubernetes-d4452508897c

This week on the Learn Kubernetes Weekly: 👩‍⚕️ How to monitor containerd 🐾 Tracing Kubernetes Services 🤔 How the CSI (container storage interface) works 😈 The hater's guide to Kubernetes 🤯 Demystified node surge upgrade in GKE Read it now: https://learnk8s.io/issues/90 🌟 LoxiLB turns Kubernetes network load balancing into high-speed, flexible and programmable Load Balancer services. LoxiLB is open source and is also the sponsor of this newsletter. You can check out the project here: https://www.loxilb.io/?utm_source=learnk8s&utm_medium=newsletter

Tugger is Kubernetes Admission webhook to enforce pulling of docker images from private registries. More: https://github.com/jainishshah17/tugger

Seccomp and AppArmor are common Linux security modules which Kubernetes supports to limit container workload exposure to the kernel. Learn how to configure them in this article. More: https://medium.com/@noah_h/kubernetes-security-tools-seccomp-apparmor-586fdc61e6d9

This article provides a step-by-step guide to securing a Kubernetes cluster with OPA Gatekeeper. You will learn how to install it, enforce policies, and monitor constraint status. More: https://itnext.io/securing-kubernetes-with-opa-gatekeeper-4f2e05c441a4

The article discusses using Kyverno for Kubernetes policy management. It covers different types of policies, including validate, mutate, generate, and verify image rules. The author also provides examples of how these policies can be implemented. More: https://devopsforyou.com/kyverno-for-kubernetes-policy-management-part-2-186599f82bf

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with CVS Health 💰 $185.4K to $376K a year 🏠🏃🏻‍♂️🌎 Woonsocket, RI, USA → https://kube.careers/t/2dfd9c01-e497-4597-acc1-5a552840ef94?s=55 DevSecOps Engineer with Worldcoin 💰 $236K to $323K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55 DevSecOps Engineer with Scale AI 💰 $212K to $254.4K a year 🏠🏃🏻‍♂️🌎 San Francisco, CA / New York, NY, USA → https://kube.careers/t/817bb996-f703-4fc5-8f1b-0cf0b43d7cd2?s=55 DevSecOps Engineer with Glean 💰 $185K to $280K a year 🏠🏃🏻‍♂️🌎 Palo Alto, CA, USA → https://kube.careers/t/384dd05a-a906-4db7-933a-51b15110f87f?s=55 DevSecOps Engineer with Applied Intuition 💰 $65K to $400K a year 🏠 From the office in Mountain View, CA, USA → https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55 👉 Browse all 931 Kubernetes jobs on Kube Careers https://kube.careers

Inclavare Containers is a container runtime with a novel approach for launching protected containers in hardware-assisted Trusted Execution Environments, which can prevent an untrusted entity from accessing sensitive and confidential assets. More: https://github.com/inclavare-containers/inclavare-containers

This week on the Learn Kubernetes Weekly: 💯 Managing 100s of Kubernetes clusters using Cluster API 🚫 When Kubernetes and Go don't work well together 🐓 What we learned from launching edge compute from enterprise architecture 🩺 Kubernetes probes done wrong ƛ Lambda versus containers Read it now: https://learnk8s.io/issues/89 🌟 What if you could visualize and map the traffic before enforcing Network Policies? Then, you should check out the sponsor of this issue: Otterize. Otterize helps you automate Network Policies, Kafka ACLs, certificates and AWS IAMs https://otterize.com/?utm_medium=newsletter&utm_source=learnk8s

This tutorial covers setting up GitHub workflows to deploy to GKE with Terraform and Workload Identity Federation to avoid service account keys. More: https://medium.com/@alexey.inkin/making-github-workflows-to-deploy-to-gke-with-terraform-and-workload-identity-federation-074ac83b899c

k8s-cluster-checker is a bundle of Python scripts which can be used to analyze: - OS version(supports flatcar OS, coreOS & Ubuntu only) - Kubernetes version - Docker version - Admission Controllers - Security context - Health probes And more. More: https://github.com/dguyhasnoname/k8s-cluster-checker

This article explores Azure security, using a use case of Azure File share mount on AKS as an example. The author shares valuable insights gleaned from troubleshooting and comprehending Azure's complex security mechanisms. More: https://medium.com/@connectwithneeraj/decoding-azure-security-with-an-interesting-use-case-azure-file-share-mount-on-aks-workloads-2cb50bcf1c8a

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops! What should you expect? - Learn how to architect and design clusters from the ground up (in the cloud or on-prem). - Explore the Kubernetes internal component and how the system is designed with resiliency in mind. - Deep-dive into the networking components and observe the packets flowing into the cluster. - Hands-on labs to test the theory with real-world scenarios! - And more. The next online courses start next week: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c We also run in-person courses and corporate training: https://learnk8s.io/corporate-training

The article discusses using OAuth2 Proxy with Traefik in Kubernetes. The process involves configuring Traefik and OAuth2 Proxy and using Traefik's forwardAuth middleware. More: https://medium.com/@mike.schouw/how-to-run-oauth2-proxy-with-traefik-in-kubernetes-using-helm-and-terraform-85c39dddcd44

In this episode, Jen, a Technical Marketing Engineer at Tigera, discusses the complexities of adopting network policies. She shares her initial struggles due to a lack of familiarity, highlighting the learning curve of implementing something new. From her experience, Jennifer notes that network policies can initially seem daunting but become manageable with experience and a proper organizational setup. Watch the full episode: https://kube.fm/network-observability-jen

This week's 6 best Kubernetes vacancies that focus on security are: DevSecOps Engineer with Worldcoin 💰 $236K to $323K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55 DevSecOps Engineer with Applied Intuition 💰 $65K to $400K a year 🏠 From the office in Mountain View, CA, USA → https://kube.careers/t/c6291093-2e86-4446-aab7-7f34af1a3112?s=55 DevSecOps Engineer with Credit Karma 💰 $190K to $270K a year 🏠 From the office in Oakland, CA, USA → https://kube.careers/t/2399bd1d-f5f3-4ac2-bdf8-e2d75b45348e?s=55 DevSecOps Engineer with Hyperscience 💰 $190K to $260K a year 👨‍💻 Remote from the United States → https://kube.careers/t/ab01bf82-75af-4610-ba58-d58cd09f529a?s=55 DevSecOps Engineer with Crusoe 💰 $210K to $240K a year 🏠 From the office in San Francisco, CA, USA → https://kube.careers/t/c82031a3-218d-4f6d-b5c1-86e76359cb90?s=55 👉 Browse all 658 Kubernetes jobs on Kube Careers https://kube.careers

kube-lock sits as an intermediary between you and kubectl, allowing you to lock and unlock contexts. It prevents misfires to production / high-value Kubernetes clusters that you might have strong IAM privileges on. More: https://github.com/chaosinthecrd/kube-lock

This week on the Learn Kubernetes Weekly: 🧮 Kubernetes instance calculator 💰 Kubernetes cost benchmark report 2024 📕 Practical guide to Kubernetes API 🛟 ETCD: DR solution 📉 How to massively reduce Prometheus load and cardinality by only using Istio labels you need 🙉 ConfigMap conundrum: subtleties of dynamic updates in Kubernetes configurations Read it now: https://learnk8s.io/issues/88

Reflector is a Kubernetes addon designed to monitor changes to resources (Secrets and ConfigMaps) and reflect changes to mirror resources in the same or other namespaces. More: https://github.com/emberstack/kubernetes-reflector