Kubesploit
@kubesploit.io
News and links on Kubernetes security curated by the @Learnk8s.io team
More K8s news, events, jobs → https://kube.today
More K8s news, events, jobs → https://kube.today
Reposted by Kubesploit
🗣️ Festus walks through his project of building a lightweight version of Kubernetes from scratch in Go
https://ku.bz/pf5kK9lQF
🌟 StormForge
🎙 🎙Bart
https://ku.bz/pf5kK9lQF
🌟 StormForge
🎙 🎙Bart
November 11, 2025 at 11:37 AM
🗣️ Festus walks through his project of building a lightweight version of Kubernetes from scratch in Go
https://ku.bz/pf5kK9lQF
🌟 StormForge
🎙 🎙Bart
https://ku.bz/pf5kK9lQF
🌟 StormForge
🎙 🎙Bart
Reposted by Kubesploit
Reposted by Kubesploit
🤖 Nirmata brings policy-as-code to Booth 1340 at KubeCon Atlanta!
See Kyverno demos + their new AI platform engineering agent
Grab swag, enter raffles for Ray-Bans, and don't miss the first in-person KyvernoCon on Nov 10
https://ku.bz/NcwTKq1jh
See Kyverno demos + their new AI platform engineering agent
Grab swag, enter raffles for Ray-Bans, and don't miss the first in-person KyvernoCon on Nov 10
https://ku.bz/NcwTKq1jh
November 5, 2025 at 2:37 PM
🤖 Nirmata brings policy-as-code to Booth 1340 at KubeCon Atlanta!
See Kyverno demos + their new AI platform engineering agent
Grab swag, enter raffles for Ray-Bans, and don't miss the first in-person KyvernoCon on Nov 10
https://ku.bz/NcwTKq1jh
See Kyverno demos + their new AI platform engineering agent
Grab swag, enter raffles for Ray-Bans, and don't miss the first in-person KyvernoCon on Nov 10
https://ku.bz/NcwTKq1jh
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🔥 AI Infrastructure on K8s
🏠 HA Databases on K8s at Airbnb
⚡ Faster Node & Pod Startup
🎯 Pod Priority and Preemption
⚖️ Cost vs Resilience in Scheduling
⭐️ Testkube
Read it now: https://kube.today/issues/156
🔥 AI Infrastructure on K8s
🏠 HA Databases on K8s at Airbnb
⚡ Faster Node & Pod Startup
🎯 Pod Priority and Preemption
⚖️ Cost vs Resilience in Scheduling
⭐️ Testkube
Read it now: https://kube.today/issues/156
November 5, 2025 at 11:31 AM
This week on the Learn Kubernetes Weekly:
🔥 AI Infrastructure on K8s
🏠 HA Databases on K8s at Airbnb
⚡ Faster Node & Pod Startup
🎯 Pod Priority and Preemption
⚖️ Cost vs Resilience in Scheduling
⭐️ Testkube
Read it now: https://kube.today/issues/156
🔥 AI Infrastructure on K8s
🏠 HA Databases on K8s at Airbnb
⚡ Faster Node & Pod Startup
🎯 Pod Priority and Preemption
⚖️ Cost vs Resilience in Scheduling
⭐️ Testkube
Read it now: https://kube.today/issues/156
Reposted by Kubesploit
🗣️ Oleksii Kolodiazhnyi, Senior Architect at Mirantis, shares his structured approach to Kubernetes workload assessment
https://ku.bz/zDThxGQsP
🌟 Stormforge
🎙 🎙Bart
https://ku.bz/zDThxGQsP
🌟 Stormforge
🎙 🎙Bart
November 4, 2025 at 12:48 PM
🗣️ Oleksii Kolodiazhnyi, Senior Architect at Mirantis, shares his structured approach to Kubernetes workload assessment
https://ku.bz/zDThxGQsP
🌟 Stormforge
🎙 🎙Bart
https://ku.bz/zDThxGQsP
🌟 Stormforge
🎙 🎙Bart
Reposted by Kubesploit
🤝 What does it take to become part of the Kubernetes community?
We're releasing "Kubernetes World: Finding Your Path," a book that explores the journey into cloud native, beyond certifications and code contributions
Read it now: ku.bz/k8s-world
We're releasing "Kubernetes World: Finding Your Path," a book that explores the journey into cloud native, beyond certifications and code contributions
Read it now: ku.bz/k8s-world
November 3, 2025 at 1:56 PM
🤝 What does it take to become part of the Kubernetes community?
We're releasing "Kubernetes World: Finding Your Path," a book that explores the journey into cloud native, beyond certifications and code contributions
Read it now: ku.bz/k8s-world
We're releasing "Kubernetes World: Finding Your Path," a book that explores the journey into cloud native, beyond certifications and code contributions
Read it now: ku.bz/k8s-world
This article explains how FQDN-Controller lets Kubernetes handle egress rules using domain names instead of fixed IPs
It shows how this makes DNS-based network policies simple, flexible, and automatic
➜ https://ku.bz/zy6XXtmd1
It shows how this makes DNS-based network policies simple, flexible, and automatic
➜ https://ku.bz/zy6XXtmd1
October 31, 2025 at 6:06 PM
This article explains how FQDN-Controller lets Kubernetes handle egress rules using domain names instead of fixed IPs
It shows how this makes DNS-based network policies simple, flexible, and automatic
➜ https://ku.bz/zy6XXtmd1
It shows how this makes DNS-based network policies simple, flexible, and automatic
➜ https://ku.bz/zy6XXtmd1
This tool automates the issuance and renewal of TLS certificates inside Kubernetes by introducing custom resources like `Certificate` and `Issuer`
➜ https://ku.bz/dcDQCrkPn
➜ https://ku.bz/dcDQCrkPn
October 30, 2025 at 6:06 PM
This tool automates the issuance and renewal of TLS certificates inside Kubernetes by introducing custom resources like `Certificate` and `Issuer`
➜ https://ku.bz/dcDQCrkPn
➜ https://ku.bz/dcDQCrkPn
Reposted by Kubesploit
🗣️ Harsha Koushik explores the complexities of securing containers within a multi-layered infrastructure
He outlines essential practices, including choosing secure base images, conducting SCAs, creating SBOMs, and validating the supply chain
Full episode: https://ku.bz/n_sJ04xMY
He outlines essential practices, including choosing secure base images, conducting SCAs, creating SBOMs, and validating the supply chain
Full episode: https://ku.bz/n_sJ04xMY
October 30, 2025 at 4:07 PM
🗣️ Harsha Koushik explores the complexities of securing containers within a multi-layered infrastructure
He outlines essential practices, including choosing secure base images, conducting SCAs, creating SBOMs, and validating the supply chain
Full episode: https://ku.bz/n_sJ04xMY
He outlines essential practices, including choosing secure base images, conducting SCAs, creating SBOMs, and validating the supply chain
Full episode: https://ku.bz/n_sJ04xMY
Reposted by Kubesploit
This tutorial walks you through running kube-bench for CIS compliance on Kubernetes, how to scan clusters using Jobs or CronJobs and understand which configurations pass or fail
➜ https://ku.bz/ZjVpsVqNR
➜ https://ku.bz/ZjVpsVqNR
October 29, 2025 at 6:06 PM
This tutorial walks you through running kube-bench for CIS compliance on Kubernetes, how to scan clusters using Jobs or CronJobs and understand which configurations pass or fail
➜ https://ku.bz/ZjVpsVqNR
➜ https://ku.bz/ZjVpsVqNR
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
✅ Scale Real-Time Video
⚠️ 7 K8s Anti-Patterns in Prod
🧠 Leases & Leader Election
⚖️ Cost & Resilience in Scheduling
🚦 Pod Priority & Preemption
⭐️ @yaml.games
Read it now: https://kube.today/issues/155
✅ Scale Real-Time Video
⚠️ 7 K8s Anti-Patterns in Prod
🧠 Leases & Leader Election
⚖️ Cost & Resilience in Scheduling
🚦 Pod Priority & Preemption
⭐️ @yaml.games
Read it now: https://kube.today/issues/155
October 29, 2025 at 11:36 AM
This week on the Learn Kubernetes Weekly:
✅ Scale Real-Time Video
⚠️ 7 K8s Anti-Patterns in Prod
🧠 Leases & Leader Election
⚖️ Cost & Resilience in Scheduling
🚦 Pod Priority & Preemption
⭐️ @yaml.games
Read it now: https://kube.today/issues/155
✅ Scale Real-Time Video
⚠️ 7 K8s Anti-Patterns in Prod
🧠 Leases & Leader Election
⚖️ Cost & Resilience in Scheduling
🚦 Pod Priority & Preemption
⭐️ @yaml.games
Read it now: https://kube.today/issues/155
SOPS: Secrets OPerationS is an operator for managing Kubernetes Secret Resources created from user-defined SopsSecrets CRDs, inspired by Bitnami SealedSecrets and sops
➜ https://ku.bz/Hmfb28_s_
➜ https://ku.bz/Hmfb28_s_
October 28, 2025 at 6:06 PM
SOPS: Secrets OPerationS is an operator for managing Kubernetes Secret Resources created from user-defined SopsSecrets CRDs, inspired by Bitnami SealedSecrets and sops
➜ https://ku.bz/Hmfb28_s_
➜ https://ku.bz/Hmfb28_s_
Reposted by Kubesploit
🗣️ Andrew Jeffree from SafetyCulture walks through their complete migration of 250+ microservices from a fragile Helm-based setup to GitOps with ArgoCD, all without any downtime
https://ku.bz/Xvyp1_Qcv
🌟 Testkube
🎙 🎙Bart
https://ku.bz/Xvyp1_Qcv
🌟 Testkube
🎙 🎙Bart
October 28, 2025 at 12:37 PM
🗣️ Andrew Jeffree from SafetyCulture walks through their complete migration of 250+ microservices from a fragile Helm-based setup to GitOps with ArgoCD, all without any downtime
https://ku.bz/Xvyp1_Qcv
🌟 Testkube
🎙 🎙Bart
https://ku.bz/Xvyp1_Qcv
🌟 Testkube
🎙 🎙Bart
This article shows why setting `hostUsers: false` in PodSecurityPolicies or PodSecurity admission helps prevent pods from sharing host user IDs, reducing privilege risks
➜ https://ku.bz/Cy4YDVjJ4
➜ https://ku.bz/Cy4YDVjJ4
October 27, 2025 at 6:06 PM
This article shows why setting `hostUsers: false` in PodSecurityPolicies or PodSecurity admission helps prevent pods from sharing host user IDs, reducing privilege risks
➜ https://ku.bz/Cy4YDVjJ4
➜ https://ku.bz/Cy4YDVjJ4
Reposted by Kubesploit
I designed two things for KubeCon Atlanta that I'm proud of:
👾 @yaml.games: 10-min quiz rounds. Same format as our Advanced K8s workshop yaml.games
🔨 Platform Engineering Challenge: Teams of 4 build a platform in 90 mins ku.bz/-Rz3DBccC
👾 @yaml.games: 10-min quiz rounds. Same format as our Advanced K8s workshop yaml.games
🔨 Platform Engineering Challenge: Teams of 4 build a platform in 90 mins ku.bz/-Rz3DBccC
October 27, 2025 at 1:56 PM
I designed two things for KubeCon Atlanta that I'm proud of:
👾 @yaml.games: 10-min quiz rounds. Same format as our Advanced K8s workshop yaml.games
🔨 Platform Engineering Challenge: Teams of 4 build a platform in 90 mins ku.bz/-Rz3DBccC
👾 @yaml.games: 10-min quiz rounds. Same format as our Advanced K8s workshop yaml.games
🔨 Platform Engineering Challenge: Teams of 4 build a platform in 90 mins ku.bz/-Rz3DBccC
This tutorial shows how to enable passwordless kubectl access to an Oracle Kubernetes Engine (OKE) cluster by using OCI Instance Principals, dynamic groups, scoped IAM policies, and the OCI CLI exec plugin
➤ https://ku.bz/ZpCQLpM4V
➤ https://ku.bz/ZpCQLpM4V
October 26, 2025 at 6:06 PM
This tutorial shows how to enable passwordless kubectl access to an Oracle Kubernetes Engine (OKE) cluster by using OCI Instance Principals, dynamic groups, scoped IAM policies, and the OCI CLI exec plugin
➤ https://ku.bz/ZpCQLpM4V
➤ https://ku.bz/ZpCQLpM4V
argocd-vault-plugin is an Argo CD plugin that retrieves secrets from Secret Management tools and injects them into Kubernetes
➤ https://ku.bz/XbpB666ql
➤ https://ku.bz/XbpB666ql
October 26, 2025 at 4:06 AM
argocd-vault-plugin is an Argo CD plugin that retrieves secrets from Secret Management tools and injects them into Kubernetes
➤ https://ku.bz/XbpB666ql
➤ https://ku.bz/XbpB666ql
This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➜ https://ku.bz/5665x_NRr
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➜ https://ku.bz/5665x_NRr
October 24, 2025 at 6:06 PM
This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➜ https://ku.bz/5665x_NRr
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➜ https://ku.bz/5665x_NRr
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➜ https://ku.bz/4ZQR0-Nf9
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➜ https://ku.bz/4ZQR0-Nf9
October 23, 2025 at 6:06 PM
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➜ https://ku.bz/4ZQR0-Nf9
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➜ https://ku.bz/4ZQR0-Nf9
Reposted by Kubesploit
This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges
➜ https://ku.bz/DzzV1cR4z
➜ https://ku.bz/DzzV1cR4z
October 22, 2025 at 6:06 PM
This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges
➜ https://ku.bz/DzzV1cR4z
➜ https://ku.bz/DzzV1cR4z
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🧩 Troubleshooting Packet Drops
⚙️ Breaking and Fixing the EKS Autoscaler
🌐 Multi-Cluster Kubernetes
🐝 kube-proxy to eBPF
🚧 API Server Log Issues
⭐️ Heroku
Read it now: https://kube.today/issues/154
🧩 Troubleshooting Packet Drops
⚙️ Breaking and Fixing the EKS Autoscaler
🌐 Multi-Cluster Kubernetes
🐝 kube-proxy to eBPF
🚧 API Server Log Issues
⭐️ Heroku
Read it now: https://kube.today/issues/154
October 22, 2025 at 11:31 AM
This week on the Learn Kubernetes Weekly:
🧩 Troubleshooting Packet Drops
⚙️ Breaking and Fixing the EKS Autoscaler
🌐 Multi-Cluster Kubernetes
🐝 kube-proxy to eBPF
🚧 API Server Log Issues
⭐️ Heroku
Read it now: https://kube.today/issues/154
🧩 Troubleshooting Packet Drops
⚙️ Breaking and Fixing the EKS Autoscaler
🌐 Multi-Cluster Kubernetes
🐝 kube-proxy to eBPF
🚧 API Server Log Issues
⭐️ Heroku
Read it now: https://kube.today/issues/154
The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using `SubjectAccessReview`
➜ https://ku.bz/pQqpkgLM7
➜ https://ku.bz/pQqpkgLM7
October 21, 2025 at 6:06 PM
The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using `SubjectAccessReview`
➜ https://ku.bz/pQqpkgLM7
➜ https://ku.bz/pQqpkgLM7
Reposted by Kubesploit
Mai Nishitani, Director of Enterprise Architecture at NTT Data demonstrates how Model Context Protocol (MCP) enables Claude to directly interact with Kubernetes clusters through natural language commands
https://ku.bz/3hWvQjXxp
🌟 Testkube
🎙 🎙Bart
https://ku.bz/3hWvQjXxp
🌟 Testkube
🎙 🎙Bart
October 21, 2025 at 11:33 AM
Mai Nishitani, Director of Enterprise Architecture at NTT Data demonstrates how Model Context Protocol (MCP) enables Claude to directly interact with Kubernetes clusters through natural language commands
https://ku.bz/3hWvQjXxp
🌟 Testkube
🎙 🎙Bart
https://ku.bz/3hWvQjXxp
🌟 Testkube
🎙 🎙Bart