Kubesploit
@kubesploit.io
News and links on Kubernetes security curated by the @Learnk8s.io team
More K8s news, events, jobs → https://kube.today
More K8s news, events, jobs → https://kube.today
Reposted by Kubesploit
This article shows how to scan Helm charts for insecure RBAC, secret leaks, and malicious templates using tools like Trivy, GitHub Search, and OPA
➜ https://ku.bz/k4MpGVLyZ
➜ https://ku.bz/k4MpGVLyZ
February 11, 2026 at 6:26 PM
This article shows how to scan Helm charts for insecure RBAC, secret leaks, and malicious templates using tools like Trivy, GitHub Search, and OPA
➜ https://ku.bz/k4MpGVLyZ
➜ https://ku.bz/k4MpGVLyZ
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
📦 Could lockfiles be SBOMs?
🌐 Dynamic Istio Ingress with Kyverno
🎮 Factorio in Kubernetes?
🤖 DeepSeek Models on Kubernetes
⚡ Short-Lived is a Good Thing
⭐️ vCluster
Read it now: https://kube.today/issues/170
📦 Could lockfiles be SBOMs?
🌐 Dynamic Istio Ingress with Kyverno
🎮 Factorio in Kubernetes?
🤖 DeepSeek Models on Kubernetes
⚡ Short-Lived is a Good Thing
⭐️ vCluster
Read it now: https://kube.today/issues/170
February 11, 2026 at 11:46 AM
This week on the Learn Kubernetes Weekly:
📦 Could lockfiles be SBOMs?
🌐 Dynamic Istio Ingress with Kyverno
🎮 Factorio in Kubernetes?
🤖 DeepSeek Models on Kubernetes
⚡ Short-Lived is a Good Thing
⭐️ vCluster
Read it now: https://kube.today/issues/170
📦 Could lockfiles be SBOMs?
🌐 Dynamic Istio Ingress with Kyverno
🎮 Factorio in Kubernetes?
🤖 DeepSeek Models on Kubernetes
⚡ Short-Lived is a Good Thing
⭐️ vCluster
Read it now: https://kube.today/issues/170
Guardon is a Kubernetes admission controller that enforces security and compliance policies in real-time before resources are created in your cluster
➜ https://ku.bz/d4hT8s9Sw
➜ https://ku.bz/d4hT8s9Sw
February 10, 2026 at 6:26 PM
Guardon is a Kubernetes admission controller that enforces security and compliance policies in real-time before resources are created in your cluster
➜ https://ku.bz/d4hT8s9Sw
➜ https://ku.bz/d4hT8s9Sw
Reposted by Kubesploit
Last year, I mapped the K8s multitenancy spectrum. This year, I'm adding AI agent sandboxing — where does it fit when the tenant isn't a human but a machine acting autonomously?
In collaboration with @vcluster.com
Feb 24 — 10:00 AM ET
https://ku.bz/Kzd7BPBqq
In collaboration with @vcluster.com
Feb 24 — 10:00 AM ET
https://ku.bz/Kzd7BPBqq
February 10, 2026 at 3:21 PM
Last year, I mapped the K8s multitenancy spectrum. This year, I'm adding AI agent sandboxing — where does it fit when the tenant isn't a human but a machine acting autonomously?
In collaboration with @vcluster.com
Feb 24 — 10:00 AM ET
https://ku.bz/Kzd7BPBqq
In collaboration with @vcluster.com
Feb 24 — 10:00 AM ET
https://ku.bz/Kzd7BPBqq
Reposted by Kubesploit
🗣️ Tibo on why Kubernetes isn't just for enterprise scale — it can be a practical choice for solo self-hosters too
https://ku.bz/Xk5S7VqXz
🌟 LearnKube
🎙 🎙Bart
https://ku.bz/Xk5S7VqXz
🌟 LearnKube
🎙 🎙Bart
February 10, 2026 at 12:31 PM
🗣️ Tibo on why Kubernetes isn't just for enterprise scale — it can be a practical choice for solo self-hosters too
https://ku.bz/Xk5S7VqXz
🌟 LearnKube
🎙 🎙Bart
https://ku.bz/Xk5S7VqXz
🌟 LearnKube
🎙 🎙Bart
Reposted by Kubesploit
🗣️ Ritesh Patel explains how Nirmata differentiates through strategic focus rather than broad appeal, leveraging their Kyverno expertise
Watch: https://ku.bz/8nkrRSG_Z
Read: https://ku.bz/8_yYZZMG4
Watch: https://ku.bz/8nkrRSG_Z
Read: https://ku.bz/8_yYZZMG4
February 9, 2026 at 8:26 PM
🗣️ Ritesh Patel explains how Nirmata differentiates through strategic focus rather than broad appeal, leveraging their Kyverno expertise
Watch: https://ku.bz/8nkrRSG_Z
Read: https://ku.bz/8_yYZZMG4
Watch: https://ku.bz/8nkrRSG_Z
Read: https://ku.bz/8_yYZZMG4
This article walks through how an attacker might gain and maintain access in a Kubernetes cluster, showing techniques like node shell access, hidden namespaces and CSR abuse
➤ https://ku.bz/GBjCYsyXx
➤ https://ku.bz/GBjCYsyXx
February 9, 2026 at 7:11 PM
This article walks through how an attacker might gain and maintain access in a Kubernetes cluster, showing techniques like node shell access, hidden namespaces and CSR abuse
➤ https://ku.bz/GBjCYsyXx
➤ https://ku.bz/GBjCYsyXx
This article explains the risks of using unmaintained Docker images and how to detect vulnerabilities with tools like Trivy, SBOM operator, and Dependency Track
➜ https://ku.bz/WJ75qXRbV
➜ https://ku.bz/WJ75qXRbV
February 9, 2026 at 6:51 PM
This article explains the risks of using unmaintained Docker images and how to detect vulnerabilities with tools like Trivy, SBOM operator, and Dependency Track
➜ https://ku.bz/WJ75qXRbV
➜ https://ku.bz/WJ75qXRbV
Reposted by Kubesploit
The Kubernetes scheduler doesn't randomly assign pods to nodes
It runs a two-phase pipeline: filter, then score
Here's how it works, in 7 diagrams
It runs a two-phase pipeline: filter, then score
Here's how it works, in 7 diagrams
February 9, 2026 at 1:46 PM
The Kubernetes scheduler doesn't randomly assign pods to nodes
It runs a two-phase pipeline: filter, then score
Here's how it works, in 7 diagrams
It runs a two-phase pipeline: filter, then score
Here's how it works, in 7 diagrams
VOA is a FastAPI-based secrets manager that lets you store, retrieve, audit, and rotate environment variables, API keys, and passwords
➤ https://ku.bz/FNzsq0lWx
➤ https://ku.bz/FNzsq0lWx
February 8, 2026 at 6:16 PM
VOA is a FastAPI-based secrets manager that lets you store, retrieve, audit, and rotate environment variables, API keys, and passwords
➤ https://ku.bz/FNzsq0lWx
➤ https://ku.bz/FNzsq0lWx
This tutorial teaches how to securely manage and dynamically update Kubernetes secrets using AWS Secrets Manager, External-Secrets Operator, and Config-Reloader
➤ https://ku.bz/Cx_nsGFC1
➤ https://ku.bz/Cx_nsGFC1
February 7, 2026 at 6:16 PM
This tutorial teaches how to securely manage and dynamically update Kubernetes secrets using AWS Secrets Manager, External-Secrets Operator, and Config-Reloader
➤ https://ku.bz/Cx_nsGFC1
➤ https://ku.bz/Cx_nsGFC1
This tool runs inside Kubernetes and automatically decrypts secrets encrypted with Mozilla SOPS, and then creates standard Kubernetes Secret objects from them
➤ https://ku.bz/H3KWGSwl9
➤ https://ku.bz/H3KWGSwl9
February 6, 2026 at 6:56 PM
This tool runs inside Kubernetes and automatically decrypts secrets encrypted with Mozilla SOPS, and then creates standard Kubernetes Secret objects from them
➤ https://ku.bz/H3KWGSwl9
➤ https://ku.bz/H3KWGSwl9
Synapse is a high-performance reverse proxy and firewall built with Rust, using XDP-based packet filtering for ultra-low latency protection at kernel level
➜ https://ku.bz/w2PFxxfN8
➜ https://ku.bz/w2PFxxfN8
February 6, 2026 at 6:41 PM
Synapse is a high-performance reverse proxy and firewall built with Rust, using XDP-based packet filtering for ultra-low latency protection at kernel level
➜ https://ku.bz/w2PFxxfN8
➜ https://ku.bz/w2PFxxfN8
This case study shows how Mindbody used Kyverno policy-as-code to dynamically manage Istio ingress gateways across hundreds of applications without updating individual Helm charts
➜ https://ku.bz/F6-Xr10Yv
➜ https://ku.bz/F6-Xr10Yv
February 5, 2026 at 6:51 PM
This case study shows how Mindbody used Kyverno policy-as-code to dynamically manage Istio ingress gateways across hundreds of applications without updating individual Helm charts
➜ https://ku.bz/F6-Xr10Yv
➜ https://ku.bz/F6-Xr10Yv
This article explains how Kubernetes user namespaces work for container isolation and covers the security benefits of mapping container root users to unprivileged host users, thereby reducing privilege escalation risks
➤ https://ku.bz/1kmpsFXbB
➤ https://ku.bz/1kmpsFXbB
February 5, 2026 at 6:26 PM
This article explains how Kubernetes user namespaces work for container isolation and covers the security benefits of mapping container root users to unprivileged host users, thereby reducing privilege escalation risks
➤ https://ku.bz/1kmpsFXbB
➤ https://ku.bz/1kmpsFXbB
External Secrets Operator syncs secrets from AWS, Vault, GCP, Azure, and others via their APIs and injects them as native Kubernetes Secrets using CRDs
➤ https://ku.bz/P9-BCNT1L
➤ https://ku.bz/P9-BCNT1L
February 5, 2026 at 4:16 AM
External Secrets Operator syncs secrets from AWS, Vault, GCP, Azure, and others via their APIs and injects them as native Kubernetes Secrets using CRDs
➤ https://ku.bz/P9-BCNT1L
➤ https://ku.bz/P9-BCNT1L
Reposted by Kubesploit
kubectl-rexec is a kubectl plugin that provides full audit logging for kubectl exec sessions, addressing the security gap where standard exec commands leave no trace of what happens inside containers
➜ https://ku.bz/yRQZ9Jrml
➜ https://ku.bz/yRQZ9Jrml
February 4, 2026 at 6:26 PM
kubectl-rexec is a kubectl plugin that provides full audit logging for kubectl exec sessions, addressing the security gap where standard exec commands leave no trace of what happens inside containers
➜ https://ku.bz/yRQZ9Jrml
➜ https://ku.bz/yRQZ9Jrml
Reposted by Kubesploit
"Self-service without governance leads to 3 AM outages." Zain Malik explains how mature platforms balance empowerment with reliability
📺: https://ku.bz/rwttMCncv
📺: https://ku.bz/rwttMCncv
February 4, 2026 at 4:51 PM
"Self-service without governance leads to 3 AM outages." Zain Malik explains how mature platforms balance empowerment with reliability
📺: https://ku.bz/rwttMCncv
📺: https://ku.bz/rwttMCncv
Reposted by Kubesploit
🗣️ Nicholaos Mouzourakis explains how Open Policy Agent (OPA) integrates with Kubernetes for authorization, highlighting its versatility and performance
Watch the full episode: https://ku.bz/S-2vQ_j-4
Watch the full episode: https://ku.bz/S-2vQ_j-4
February 4, 2026 at 2:56 PM
🗣️ Nicholaos Mouzourakis explains how Open Policy Agent (OPA) integrates with Kubernetes for authorization, highlighting its versatility and performance
Watch the full episode: https://ku.bz/S-2vQ_j-4
Watch the full episode: https://ku.bz/S-2vQ_j-4
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🔥 When HA Brings Downtime
🔄 Upgrade AWS CSI Drivers
🤖 AI/ML Models at Scale in SAP AI Core
✅ Readiness Checks for Spring Boot
🌐 CoreDNS in OpenShift
⭐️ LearnKube
Read it now: https://kube.today/issues/169
🔥 When HA Brings Downtime
🔄 Upgrade AWS CSI Drivers
🤖 AI/ML Models at Scale in SAP AI Core
✅ Readiness Checks for Spring Boot
🌐 CoreDNS in OpenShift
⭐️ LearnKube
Read it now: https://kube.today/issues/169
February 4, 2026 at 11:46 AM
This week on the Learn Kubernetes Weekly:
🔥 When HA Brings Downtime
🔄 Upgrade AWS CSI Drivers
🤖 AI/ML Models at Scale in SAP AI Core
✅ Readiness Checks for Spring Boot
🌐 CoreDNS in OpenShift
⭐️ LearnKube
Read it now: https://kube.today/issues/169
🔥 When HA Brings Downtime
🔄 Upgrade AWS CSI Drivers
🤖 AI/ML Models at Scale in SAP AI Core
✅ Readiness Checks for Spring Boot
🌐 CoreDNS in OpenShift
⭐️ LearnKube
Read it now: https://kube.today/issues/169
This tutorial teaches how to deploy HashiCorp Vault Secrets Operator on Google Kubernetes Engine to synchronize Vault secrets into Kubernetes Secret resources automatically
➜ https://ku.bz/QnvFmQp8h
➜ https://ku.bz/QnvFmQp8h
February 3, 2026 at 6:26 PM
This tutorial teaches how to deploy HashiCorp Vault Secrets Operator on Google Kubernetes Engine to synchronize Vault secrets into Kubernetes Secret resources automatically
➜ https://ku.bz/QnvFmQp8h
➜ https://ku.bz/QnvFmQp8h
Reposted by Kubesploit
🗣️ Ziv manages 600+ Postgres clusters in a closed network environment with no public cloud
After existing backup solutions proved unreliable, they built a new architecture using pgBackRest + ArgoCD
https://ku.bz/Rg_sQYSmw
🌟 LearnKube
🎙 🎙Bart
After existing backup solutions proved unreliable, they built a new architecture using pgBackRest + ArgoCD
https://ku.bz/Rg_sQYSmw
🌟 LearnKube
🎙 🎙Bart
February 3, 2026 at 12:51 PM
🗣️ Ziv manages 600+ Postgres clusters in a closed network environment with no public cloud
After existing backup solutions proved unreliable, they built a new architecture using pgBackRest + ArgoCD
https://ku.bz/Rg_sQYSmw
🌟 LearnKube
🎙 🎙Bart
After existing backup solutions proved unreliable, they built a new architecture using pgBackRest + ArgoCD
https://ku.bz/Rg_sQYSmw
🌟 LearnKube
🎙 🎙Bart
Kaniop is a Kubernetes operator written in Rust for managing Kanidm identity management clusters, providing declarative identity management through GitOps workflows
➜ https://ku.bz/D1JBBy0B3
➜ https://ku.bz/D1JBBy0B3
February 2, 2026 at 6:36 PM
Kaniop is a Kubernetes operator written in Rust for managing Kanidm identity management clusters, providing declarative identity management through GitOps workflows
➜ https://ku.bz/D1JBBy0B3
➜ https://ku.bz/D1JBBy0B3