Welcome to the Kubesploit January digest!
In this recap, you will find a curated collection of the best Kubernetes, security-related articles, tutorials, libraries and tools republished in January.
📚 Articles
1. Why you should avoid Sealed Secrets in your GitOps deployment
In this article, you will discuss the pitfalls and alternatives of Sealed Secrets as you move your deployments to production using GitOps.
2. Service account tokens in Kubernetes v1.24
With Kubernetes v1.24, non-expiring service account tokens are no longer auto-generated.
This blog post highlights what this means in practice, and what to do if you rely on non-expiring service account tokens.
3. Kubernetes OWASP top 10: insecure workload configurations
In this article, you will find a list of the security context that can be used to harden and, more importantly, gate deployments from security misconfiguration.
4. Use Azure key Vault for secret store with Azure CSI driver
In this tutorial, you’ll learn how to use the Azure CSI Driver to fetch secrets and inject them in pods running on AKS.
5. Introduction to Kubernetes admission controllers
Admission controllers are a key component of the admission process performed by the Kubernetes API server.
They enable fine-grained control over the object creation, update, and deletion process.
Learn how they work in this article.
6. Manage secrets on Kubernetes with ArgoCD and Vault
In this article, you will learn how to integrate ArgoCD with HashiCorp Vault to manage secrets on Kubernetes.
To use ArgoCD and Vault together, you will use the ArgoCD Vault plugin.
More articles worth checking out:
📖 Tutorials
1. Is your Kubernetes API server exposed?
In this article, you will learn how to test if your EKS control plane is exposed to the public internet and how to fix it.
💼 Kubernetes jobs
DevOps Engineer
- Salary: $30K — 50K
- Location: Remote (Worldwide) 🗺
- Tech stack: Kubernetes, GCP, Docker, GraphQL, Typescript, Redis, Database, CI/CD
DevOps Engineer
- Salary: £40K — 50K
- Location: Remote (United Kingdom) 🌎
- Tech stack: Kubernetes, AWS, Terraform, Ansible, Helm, Docker, Python, CI/CD, Graylog, Prometheus
🛠 Tools and libraries
1. datreeio/crds-catalog
This repository aggregates over 100 popular Kubernetes CRDs (CustomResourceDefinition) in JSON schema format.
These schemas can be used by various tools, such as Datree, Kubeconform and Kubeval, as an alternative to kubectl --dry-run.
2. shopify/kubeaudit
kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as:
- Run as non-root.
- Use a read-only root filesystem.
- Drop scary capabilities, don’t add new ones.
- Don’t run privileged.
3. kubernetes-sigs/security-profiles-operator
The Kubernetes Security Profiles Operator aims to make it easier for users to use SELinux, seccomp and AppArmor in Kubernetes clusters.
4. mittwald/kubernetes-secret-generator
This repository contains a custom Kubernetes controller that can automatically create random secret values.
This may be used for auto-generating random credentials for applications running on Kubernetes.
5. fjogeleit/trivy-operator-polr-adapter
The Trivy Operator PolicyReport Adapter maps Trivy CRDs into the unified PolicyReport and ClusterPolicyReport from the Kubernetes Policy Working Group.
This makes it possible to use tooling like Policy Reporter for the different kinds of Trivy Reports.
6. argoproj-labs/argocd-vault-plugin
argocd-vault-plugin is an Argo CD plugin that retrieves secrets from Secret Management tools and injects them into Kubernetes.
📅 Upcoming Kubernetes events
Extending OpenShift security and observability with Calico
📅 31 Jan, 5:00 pm UTC — Online webinar.
CloudNative SecurityCon North America 2023
📅 1 Feb, 0:00 pm UTC — In-person conference (this event requires an entrance fee).
Amazon Elastic Kubernetes Service (EKS)
📅 2 Feb, 11:00 pm UTC — In-person meetup.
🔥 Run PostgreSQL the Kubernetes way & Kubernetes on autopilot
📅 4 Feb, 5:00 am UTC — In-person meetup.
CfgMgmtCamp
📅 6 Feb, 7:00 am UTC — In-person conference (this event requires an entrance fee).
🔥 Civo Navigate
📅 7 Feb, 0:00 pm UTC — In-person conference (this event requires an entrance fee).
🎫 Use SP50 to get 50% discount
7 Kubernetes tools to boost your productivity
📅 9 Feb, 8:00 pm UTC — Online meetup.
🔥 Advanced Kubernetes course
📅 14 Feb, 9:00 am UTC — In-person workshop (this event requires an entrance fee).
Efficient analytics applications with Kubernetes and Volcano
📅 15 Feb, 6:00 pm UTC — In-person meetup.
🔥 Kubernetes Community Days Pakistan
📅 17 Feb, 4:00 am UTC — Online conference.
Monitoring Kubernetes cluster with Prometheus/Grafana & Kubernetes in Public Cloud
📅 18 Feb, 5:15 am UTC — Online meetup.
GitOps for ML: converting notebooks to reproducible pipelines
📅 21 Feb, 3:30 pm UTC — Online meetup.
🔥 Kubernetes Community Days Amsterdam 2023
📅 23 Feb, 7:00 am UTC — Online & in-person conference (this event requires an entrance fee).
🎫 Use KCDA20 to get 20% off
📢 Call for papers
- Devopsdays Zurich 📍 Zurich, CH (closes Jan 31)
- 🔥 Kubernetes Community Days Ukraine 🌏 This is a virtual event (closes Jan 31)
- Kubernetes Community Days Turkey 2023 📍 Istanbul, TR and virtual (closes Jan 31)
- Sloconf 2023 🌏 This is a virtual event (closes Jan 31)
- CloudLand 2023 📍 Cologne, DE (closes Jan 31)
- 🔥 JCON Europe 📍 Cologne, DE (closes Jan 31)
- Devoxx Greece 📍 Athens, GR (closes Jan 31)
- JNation 📍 Coimbra, PT (closes Jan 31)
- Monitorama 2023 📍 Portland, OR, USA (closes Feb 3)
- 🔥 Open source day 📍 Florence, IT (closes Feb 5)
- Open source summit North America 📍 Vancouver, CA (closes Feb 5)
- 🔥 DevOps fwdays’23 🌏 This is a virtual event (closes Feb 10)
- TEQnation 📍 Utrecht, NL (closes Feb 10)
- GeeCON 📍 Kraków, PL (closes Feb 10)
And that’s all!
If you prefer reading a weekly digest of the best Kubernetes news, you should check out Learn Kubernetes weekly!
Until next time!
