This tool enables you to scan and enforce compliance across multi-cloud infrastructure with customizable YAML rules, alerts and integrations.

More: https://ku.bz/JZJpNJqnz

This article explains how eBPF lets you run small, verified programs inside the Linux kernel to unlock powerful observability, security, and networking capabilities without custom kernel modules.

More: https://ku.bz/TYf7Jy6cs

This week on Learn Kubernetes Weekly 163:

🔥 What would a Kubernetes 2.0 Look Like
🐍 Trying to Break out of the Python REPL Sandbox in a Kubernetes Environment: A Practical Journey
🛠️ Karpenter at Beekeeper by LumApps: Fun Stories
💥 Extracting JVM Data from Crash-Looping Java Containers in Kubernetes
🎮 ChaosRoom: Hands-On Chaos Engineering Through Games

Read it now: https://kube.today/issues/163

⭐️ This newsletter is brought to you by Depot — Speed up your Docker builds by up to 40x with Depot's cloud-based builders https://ku.bz/mTfYrBkWZ

Crowdsec is a security engine that detects malicious behavior from logs and community-shared intelligence, allowing you to block bad IPs and share threat data across your fleet.

More: https://ku.bz/M6t4FjWLg

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨‍💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV

DevSecOps Engineer with Airwallex
💰 $200K to $300K a year
🏠🏃🏻‍♂️🌎 San Francisco, CA, USA
→ https://ku.bz/9V59yN3h9

Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4

DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨‍💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk

👉 Browse 1011 jobs on Kube Careers https://kube.careers

This article describes a real-world incident in which a high-privilege Kubernetes service account token was accidentally logged in plaintext.

More: https://ku.bz/FDn0rzCqQ

Ratan Tipirneni, President & CEO @ Tigera, explains how Tigera is responding to market demands by announcing two major developments: Calico AI and bundling Istio with their solution.

He discusses the key market trend driving this decision: customers want a single, unified platform that provides everything needed for Kubernetes networking, network security, and observability, while remaining platform-agnostic to avoid vendor lock-in.

Watch the interview: https://ku.bz/fwFG0jZNk

Read the announcement: https://ku.bz/1nljhB1vQ

cert-manager-mcp-server provides cert-manager resource management through Model Context Protocol (MCP), letting AI assistants like Claude inspect certificates, issuers, and certificate requests directly in Kubernetes clusters.

More: https://ku.bz/RwfN0Qz5g

PodCertificateSigner lets your Kubernetes cluster automatically issue TLS certificates for pods by handling PodCertificateRequest resources with a custom signer controller.

More: https://ku.bz/rbMcq48rD

@miamorecadenza CEO at Techaro explains why traditional password-based authentication is problematic in Kubernetes clusters and how Talos Linux implements a more secure approach using CA certificates.

Watch the full episode: https://ku.bz/2kzj2MgfH

This tutorial walks you through setting up Google Cloud IAP for Kubernetes services, using CDKTF (TypeScript) to configure OAuth, BackendConfig, and service annotations so your internal tools are protected behind identity checks.

More: https://ku.bz/f7PqfWlby

This week on Learn Kubernetes Weekly 164:

📊 Queue-Based Autoscaling Without Flapping: Rethinking App Scaling with Kubernetes, KEDA, and RabbitMQ
🔄 Announcing Changed Block Tracking API support
🐳 Why I Ditched Docker for Podman (And You Should Too)
🔐 That Time I Found a Service Account Token in my Log Files
☁️ Deploying a .NET Weather Forecast App to AKS Using GitHub Actions and Argo CD

Read it now: https://kube.today/issues/164

⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨‍💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV

DevSecOps Engineer with Postman
💰 $250K to $275K a year
🏠🏃🏻‍♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA
→ https://ku.bz/gWd2ppTCm

DevSecOps Engineer with Airwallex
💰 $200K to $300K a year
🏠🏃🏻‍♂️🌎 San Francisco, CA, USA
→ https://ku.bz/9V59yN3h9

Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4

DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨‍💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk

👉 Browse 1068 jobs on Kube Careers https://kube.careers

External Secrets Operator syncs secrets from AWS, Vault, GCP, Azure, and others via their APIs and injects them as native Kubernetes Secrets using CRDs.

More: https://ku.bz/P9-BCNT1L

This article explains how Kubernetes user namespaces work for container isolation and covers the security benefits of mapping container root users to unprivileged host users, thereby reducing privilege escalation risks.

More: https://ku.bz/1kmpsFXbB

This tool runs inside Kubernetes and automatically decrypts secrets encrypted with Mozilla SOPS, and then creates standard Kubernetes Secret objects from them.

More: https://ku.bz/H3KWGSwl9

This week on Learn Kubernetes Weekly 165:

🔥 GPU-Based Containers as a Service
🚀 Bifrost's Journey from Nginx to Envoy Gateway for Intelligent Rate Limiting
🤖 Building Production-Ready Multi-Agent Systems on Kubernetes: Deploying 11 Specialized AI Agents
🔒 Kubernetes Security Fundamentals: Networking
🐛 Debugging the One-in-a-Million Failure: Migrating Pinterest's Search to Kubernetes

Read it now: https://kube.today/issues/165

⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V

Ritesh Patel, Co-founder @ Nirmata, explains how their AI Platform Engineering Assistant addresses a significant gap in the market.

He discusses how AI adoption initially focused on developers for code generation, but platform engineers have been largely overlooked despite being "very stretched" and having to stay on top of many technologies.

Watch the interview: https://ku.bz/8nkrRSG_Z

Read the announcement: https://ku.bz/8_yYZZMG4

This tutorial teaches how to securely manage and dynamically update Kubernetes secrets using AWS Secrets Manager, External-Secrets Operator, and Config-Reloader.

More: https://ku.bz/Cx_nsGFC1

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨‍💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV

DevSecOps Engineer with Postman
💰 $250K to $275K a year
🏠🏃🏻‍♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA
→ https://ku.bz/gWd2ppTCm

Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4

DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨‍💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk

👉 Browse 1171 jobs on Kube Careers https://kube.careers

VOA is a FastAPI-based secrets manager that lets you store, retrieve, audit, and rotate environment variables, API keys, and passwords.

More: https://ku.bz/FNzsq0lWx