Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Ratan Tipirneni, President & CEO @ Tigera, explains how Tigera is responding to market demands by announcing two major developments: Calico AI and bundling Istio with their solution.
He discusses the key market trend driving this decision: customers want a single, unified platform that provides everything needed for Kubernetes networking, network security, and observability, while remaining platform-agnostic to avoid vendor lock-in.
Watch the interview: https://ku.bz/fwFG0jZNk
Read the announcement: https://ku.bz/1nljhB1vQ
He discusses the key market trend driving this decision: customers want a single, unified platform that provides everything needed for Kubernetes networking, network security, and observability, while remaining platform-agnostic to avoid vendor lock-in.
Watch the interview: https://ku.bz/fwFG0jZNk
Read the announcement: https://ku.bz/1nljhB1vQ
cert-manager-mcp-server provides cert-manager resource management through Model Context Protocol (MCP), letting AI assistants like Claude inspect certificates, issuers, and certificate requests directly in Kubernetes clusters.
More: https://ku.bz/RwfN0Qz5g
More: https://ku.bz/RwfN0Qz5g
PodCertificateSigner lets your Kubernetes cluster automatically issue TLS certificates for pods by handling
More: https://ku.bz/rbMcq48rD
PodCertificateRequest resources with a custom signer controller.More: https://ku.bz/rbMcq48rD
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
@miamorecadenza CEO at Techaro explains why traditional password-based authentication is problematic in Kubernetes clusters and how Talos Linux implements a more secure approach using CA certificates.
Watch the full episode: https://ku.bz/2kzj2MgfH
Watch the full episode: https://ku.bz/2kzj2MgfH
This tutorial walks you through setting up Google Cloud IAP for Kubernetes services, using CDKTF (TypeScript) to configure OAuth, BackendConfig, and service annotations so your internal tools are protected behind identity checks.
More: https://ku.bz/f7PqfWlby
More: https://ku.bz/f7PqfWlby
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 164:
📊 Queue-Based Autoscaling Without Flapping: Rethinking App Scaling with Kubernetes, KEDA, and RabbitMQ
🔄 Announcing Changed Block Tracking API support
🐳 Why I Ditched Docker for Podman (And You Should Too)
🔐 That Time I Found a Service Account Token in my Log Files
☁️ Deploying a .NET Weather Forecast App to AKS Using GitHub Actions and Argo CD
Read it now: https://kube.today/issues/164
⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
📊 Queue-Based Autoscaling Without Flapping: Rethinking App Scaling with Kubernetes, KEDA, and RabbitMQ
🔄 Announcing Changed Block Tracking API support
🐳 Why I Ditched Docker for Podman (And You Should Too)
🔐 That Time I Found a Service Account Token in my Log Files
☁️ Deploying a .NET Weather Forecast App to AKS Using GitHub Actions and Argo CD
Read it now: https://kube.today/issues/164
⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Postman
💰 $250K to $275K a year
🏠🏃🏻♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA
→ https://ku.bz/gWd2ppTCm
DevSecOps Engineer with Airwallex
💰 $200K to $300K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://ku.bz/9V59yN3h9
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1068 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Postman
💰 $250K to $275K a year
🏠🏃🏻♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA
→ https://ku.bz/gWd2ppTCm
DevSecOps Engineer with Airwallex
💰 $200K to $300K a year
🏠🏃🏻♂️🌎 San Francisco, CA, USA
→ https://ku.bz/9V59yN3h9
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1068 jobs on Kube Careers https://kube.careers
External Secrets Operator syncs secrets from AWS, Vault, GCP, Azure, and others via their APIs and injects them as native Kubernetes Secrets using CRDs.
More: https://ku.bz/P9-BCNT1L
More: https://ku.bz/P9-BCNT1L
This article explains how Kubernetes user namespaces work for container isolation and covers the security benefits of mapping container root users to unprivileged host users, thereby reducing privilege escalation risks.
More: https://ku.bz/1kmpsFXbB
More: https://ku.bz/1kmpsFXbB
This tool runs inside Kubernetes and automatically decrypts secrets encrypted with Mozilla SOPS, and then creates standard Kubernetes Secret objects from them.
More: https://ku.bz/H3KWGSwl9
More: https://ku.bz/H3KWGSwl9
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 165:
🔥 GPU-Based Containers as a Service
🚀 Bifrost's Journey from Nginx to Envoy Gateway for Intelligent Rate Limiting
🤖 Building Production-Ready Multi-Agent Systems on Kubernetes: Deploying 11 Specialized AI Agents
🔒 Kubernetes Security Fundamentals: Networking
🐛 Debugging the One-in-a-Million Failure: Migrating Pinterest's Search to Kubernetes
Read it now: https://kube.today/issues/165
⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
🔥 GPU-Based Containers as a Service
🚀 Bifrost's Journey from Nginx to Envoy Gateway for Intelligent Rate Limiting
🤖 Building Production-Ready Multi-Agent Systems on Kubernetes: Deploying 11 Specialized AI Agents
🔒 Kubernetes Security Fundamentals: Networking
🐛 Debugging the One-in-a-Million Failure: Migrating Pinterest's Search to Kubernetes
Read it now: https://kube.today/issues/165
⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Ritesh Patel, Co-founder @ Nirmata, explains how their AI Platform Engineering Assistant addresses a significant gap in the market.
He discusses how AI adoption initially focused on developers for code generation, but platform engineers have been largely overlooked despite being "very stretched" and having to stay on top of many technologies.
Watch the interview: https://ku.bz/8nkrRSG_Z
Read the announcement: https://ku.bz/8_yYZZMG4
He discusses how AI adoption initially focused on developers for code generation, but platform engineers have been largely overlooked despite being "very stretched" and having to stay on top of many technologies.
Watch the interview: https://ku.bz/8nkrRSG_Z
Read the announcement: https://ku.bz/8_yYZZMG4
This tutorial teaches how to securely manage and dynamically update Kubernetes secrets using AWS Secrets Manager, External-Secrets Operator, and Config-Reloader.
More: https://ku.bz/Cx_nsGFC1
More: https://ku.bz/Cx_nsGFC1
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Postman
💰 $250K to $275K a year
🏠🏃🏻♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA
→ https://ku.bz/gWd2ppTCm
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1171 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Postman
💰 $250K to $275K a year
🏠🏃🏻♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA
→ https://ku.bz/gWd2ppTCm
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1171 jobs on Kube Careers https://kube.careers
VOA is a FastAPI-based secrets manager that lets you store, retrieve, audit, and rotate environment variables, API keys, and passwords.
More: https://ku.bz/FNzsq0lWx
More: https://ku.bz/FNzsq0lWx
This article walks through how an attacker might gain and maintain access in a Kubernetes cluster, showing techniques like node shell access, hidden namespaces and CSR abuse.
More: https://ku.bz/GBjCYsyXx
More: https://ku.bz/GBjCYsyXx
Kanidm is an all-in-one identity management platform with Webauthn, OAuth2/OIDC SSO, LDAP, RBAC/MFA, UNIX and RADIUS integration.
More: https://ku.bz/Nw2nY2-KJ
More: https://ku.bz/Nw2nY2-KJ
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Dilshan discusses a real incident where migrating EKS nodes to AL2023 caused the cluster autoscaler to lose AWS permissions silently.
You will learn:
- Why AL2023 blocks pod access to instance metadata by default, breaking components that relied on node IAM roles
- How to implement IRSA correctly by configuring IAM roles, Kubernetes service accounts, and OIDC trust relationships, and why both AWS IAM and Kubernetes RBAC must be configured independently
- How to audit which pods currently rely on node roles and clean up legacy IAM permissions to reduce attack surface after migration
Watch (or listen to) it here: https://ku.bz/T_YPfTfDb
🌟 This episode is brought to you by LearnKube — join their 4-day hands-on Advanced Kubernetes course starting January 29th and finally get comfortable with production clusters. https://learnkube.com/training
With @Birthmarkb "Keep Working Harder" Farrell
You will learn:
- Why AL2023 blocks pod access to instance metadata by default, breaking components that relied on node IAM roles
- How to implement IRSA correctly by configuring IAM roles, Kubernetes service accounts, and OIDC trust relationships, and why both AWS IAM and Kubernetes RBAC must be configured independently
- How to audit which pods currently rely on node roles and clean up legacy IAM permissions to reduce attack surface after migration
Watch (or listen to) it here: https://ku.bz/T_YPfTfDb
🌟 This episode is brought to you by LearnKube — join their 4-day hands-on Advanced Kubernetes course starting January 29th and finally get comfortable with production clusters. https://learnkube.com/training
With @Birthmarkb "Keep Working Harder" Farrell
This article outlines 12 best practices for hardening a Kubernetes cluster, focusing on non-root containers, avoiding
More: https://ku.bz/CT-gDz3Gm
hostPath volumes, and configuring Security Contexts properly.More: https://ku.bz/CT-gDz3Gm
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 166:
🚀 How We Moved a 2 Million RPM WebSocket Service to EKS and Fixed a Critical Bottleneck
🔒 Beyond the Surface: Exploring Attacker Persistence Strategies in Kubernetes
📊 Standardizing CRD Condition Metrics in Kubernetes Operators
⚡ Scaling Dagster on Kubernetes: Best Practices for 50+ Code Locations
🌐 An Introduction to Envoy AI Gateway
Read it now: https://kube.today/issues/166
⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
🚀 How We Moved a 2 Million RPM WebSocket Service to EKS and Fixed a Critical Bottleneck
🔒 Beyond the Surface: Exploring Attacker Persistence Strategies in Kubernetes
📊 Standardizing CRD Condition Metrics in Kubernetes Operators
⚡ Scaling Dagster on Kubernetes: Best Practices for 50+ Code Locations
🌐 An Introduction to Envoy AI Gateway
Read it now: https://kube.today/issues/166
⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Postman
💰 $250K to $275K a year
🏠🏃🏻♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA
→ https://ku.bz/gWd2ppTCm
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1228 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Postman
💰 $250K to $275K a year
🏠🏃🏻♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA
→ https://ku.bz/gWd2ppTCm
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1228 jobs on Kube Careers https://kube.careers