Kubesploit
@kubesploit.io
News and links on Kubernetes security curated by the @Learnk8s.io team
More K8s news, events, jobs → https://kube.today
More K8s news, events, jobs → https://kube.today
Reposted by Kubesploit
🗣️ Ratan Tipirneni, President & CEO @ Tigera, announces Calico AI and bundling Istio to create a single unified platform for Kubernetes networking, security, and observability while remaining platform-agnostic
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
December 26, 2025 at 4:07 PM
🗣️ Ratan Tipirneni, President & CEO @ Tigera, announces Calico AI and bundling Istio to create a single unified platform for Kubernetes networking, security, and observability while remaining platform-agnostic
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
This article describes a real-world incident in which a high-privilege Kubernetes service account token was accidentally logged in plaintext
➜ https://ku.bz/FDn0rzCqQ
➜ https://ku.bz/FDn0rzCqQ
December 25, 2025 at 6:06 PM
This article describes a real-world incident in which a high-privilege Kubernetes service account token was accidentally logged in plaintext
➜ https://ku.bz/FDn0rzCqQ
➜ https://ku.bz/FDn0rzCqQ
Reposted by Kubesploit
Crowdsec is a security engine that detects malicious behavior from logs and community-shared intelligence, allowing you to block bad IPs and share threat data across your fleet
➜ https://ku.bz/M6t4FjWLg
➜ https://ku.bz/M6t4FjWLg
December 24, 2025 at 6:06 PM
Crowdsec is a security engine that detects malicious behavior from logs and community-shared intelligence, allowing you to block bad IPs and share threat data across your fleet
➜ https://ku.bz/M6t4FjWLg
➜ https://ku.bz/M6t4FjWLg
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🔥 Kubernetes 2.0 Vision
🐍 Escaping Python REPL Sandbox
🛠️ Karpenter at Beekeeper by LumApps
💥 JVM Crash Loop Debugging
🎮 Hands-On Chaos Engineering Games
⭐️ Depot
Read it now: https://kube.today/issues/163
🔥 Kubernetes 2.0 Vision
🐍 Escaping Python REPL Sandbox
🛠️ Karpenter at Beekeeper by LumApps
💥 JVM Crash Loop Debugging
🎮 Hands-On Chaos Engineering Games
⭐️ Depot
Read it now: https://kube.today/issues/163
December 24, 2025 at 11:31 AM
This week on the Learn Kubernetes Weekly:
🔥 Kubernetes 2.0 Vision
🐍 Escaping Python REPL Sandbox
🛠️ Karpenter at Beekeeper by LumApps
💥 JVM Crash Loop Debugging
🎮 Hands-On Chaos Engineering Games
⭐️ Depot
Read it now: https://kube.today/issues/163
🔥 Kubernetes 2.0 Vision
🐍 Escaping Python REPL Sandbox
🛠️ Karpenter at Beekeeper by LumApps
💥 JVM Crash Loop Debugging
🎮 Hands-On Chaos Engineering Games
⭐️ Depot
Read it now: https://kube.today/issues/163
This article explains how eBPF lets you run small, verified programs inside the Linux kernel to unlock powerful observability, security, and networking capabilities without custom kernel modules
➜ https://ku.bz/TYf7Jy6cs
➜ https://ku.bz/TYf7Jy6cs
December 23, 2025 at 6:06 PM
This article explains how eBPF lets you run small, verified programs inside the Linux kernel to unlock powerful observability, security, and networking capabilities without custom kernel modules
➜ https://ku.bz/TYf7Jy6cs
➜ https://ku.bz/TYf7Jy6cs
This tool enables you to scan and enforce compliance across multi-cloud infrastructure with customizable YAML rules, alerts and integrations
➜ https://ku.bz/JZJpNJqnz
➜ https://ku.bz/JZJpNJqnz
December 22, 2025 at 6:06 PM
This tool enables you to scan and enforce compliance across multi-cloud infrastructure with customizable YAML rules, alerts and integrations
➜ https://ku.bz/JZJpNJqnz
➜ https://ku.bz/JZJpNJqnz
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication
➤ https://ku.bz/HsWb7TCYL
➤ https://ku.bz/HsWb7TCYL
December 21, 2025 at 6:06 PM
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication
➤ https://ku.bz/HsWb7TCYL
➤ https://ku.bz/HsWb7TCYL
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation
➤ https://ku.bz/qg3j1t67t
➤ https://ku.bz/qg3j1t67t
December 20, 2025 at 6:06 PM
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation
➤ https://ku.bz/qg3j1t67t
➤ https://ku.bz/qg3j1t67t
This article explains how to secure Kubernetes at the transport (Layer 4) level, covering best practices around service mesh mTLS, network segmentation, access control, and encryption of in-cluster traffic
➤ https://ku.bz/62pM2bG-r
➤ https://ku.bz/62pM2bG-r
December 19, 2025 at 6:11 PM
This article explains how to secure Kubernetes at the transport (Layer 4) level, covering best practices around service mesh mTLS, network segmentation, access control, and encryption of in-cluster traffic
➤ https://ku.bz/62pM2bG-r
➤ https://ku.bz/62pM2bG-r
This article explains how to use Vault Agent Injector (a mutating webhook) to inject secrets into Kubernetes pods securely, without modifying application code
➜ https://ku.bz/DXC0qMd79
➜ https://ku.bz/DXC0qMd79
December 19, 2025 at 6:06 PM
This article explains how to use Vault Agent Injector (a mutating webhook) to inject secrets into Kubernetes pods securely, without modifying application code
➜ https://ku.bz/DXC0qMd79
➜ https://ku.bz/DXC0qMd79
This open-source platform lets you run a self-hosted zero-trust secure access solution supporting VPN-like WireGuard/QUIC, ZTNA, API/AI gateways, homelab access and Kubernetes ingress on your own infrastructure
➤ https://ku.bz/JWMdMH_J8
➤ https://ku.bz/JWMdMH_J8
December 18, 2025 at 6:11 PM
This open-source platform lets you run a self-hosted zero-trust secure access solution supporting VPN-like WireGuard/QUIC, ZTNA, API/AI gateways, homelab access and Kubernetes ingress on your own infrastructure
➤ https://ku.bz/JWMdMH_J8
➤ https://ku.bz/JWMdMH_J8
This code tool helps you gather logs, metrics and code changes, then uses AI-powered root-cause analysis to surface what broke in production and suggest immediate fixes
➜ https://ku.bz/srJCYmX4J
➜ https://ku.bz/srJCYmX4J
December 18, 2025 at 6:06 PM
This code tool helps you gather logs, metrics and code changes, then uses AI-powered root-cause analysis to surface what broke in production and suggest immediate fixes
➜ https://ku.bz/srJCYmX4J
➜ https://ku.bz/srJCYmX4J
Reposted by Kubesploit
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/M_ZTLCWtB
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/M_ZTLCWtB
December 17, 2025 at 6:11 PM
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/M_ZTLCWtB
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/M_ZTLCWtB
This article introduces ChaosRoom, a playful tool that helps engineers learn chaos engineering by running mini-games simulating faults and observing how systems respond
➜ https://ku.bz/2GlrYmTbT
➜ https://ku.bz/2GlrYmTbT
December 17, 2025 at 6:06 PM
This article introduces ChaosRoom, a playful tool that helps engineers learn chaos engineering by running mini-games simulating faults and observing how systems respond
➜ https://ku.bz/2GlrYmTbT
➜ https://ku.bz/2GlrYmTbT
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🐍 Kubernetes’s Python Moment
☁️ Leaving Big Cloud with Kubernetes
📦 DRA in Kubernetes v1.34
🛠️ APIs with Kong Ingress
🚑 Fixing Upstream Connect Errors
⭐️ Depot
Read it now: https://kube.today/issues/162
🐍 Kubernetes’s Python Moment
☁️ Leaving Big Cloud with Kubernetes
📦 DRA in Kubernetes v1.34
🛠️ APIs with Kong Ingress
🚑 Fixing Upstream Connect Errors
⭐️ Depot
Read it now: https://kube.today/issues/162
December 17, 2025 at 11:31 AM
This week on the Learn Kubernetes Weekly:
🐍 Kubernetes’s Python Moment
☁️ Leaving Big Cloud with Kubernetes
📦 DRA in Kubernetes v1.34
🛠️ APIs with Kong Ingress
🚑 Fixing Upstream Connect Errors
⭐️ Depot
Read it now: https://kube.today/issues/162
🐍 Kubernetes’s Python Moment
☁️ Leaving Big Cloud with Kubernetes
📦 DRA in Kubernetes v1.34
🛠️ APIs with Kong Ingress
🚑 Fixing Upstream Connect Errors
⭐️ Depot
Read it now: https://kube.today/issues/162
This tool delivers real-time node/pod-level process, file and network visibility for Kubernetes and bare-metal environments, with rule-based alerts, dashboards and hybrid cloud support
➜ https://ku.bz/7lk94WvMv
➜ https://ku.bz/7lk94WvMv
December 16, 2025 at 6:06 PM
This tool delivers real-time node/pod-level process, file and network visibility for Kubernetes and bare-metal environments, with rule-based alerts, dashboards and hybrid cloud support
➜ https://ku.bz/7lk94WvMv
➜ https://ku.bz/7lk94WvMv
This article shows how to use the Kong OIDC plugin together with Keycloak to secure cluster services and HTTP routes at the API gateway level
➜ https://ku.bz/2Q103hfW1
➜ https://ku.bz/2Q103hfW1
December 15, 2025 at 6:06 PM
This article shows how to use the Kong OIDC plugin together with Keycloak to secure cluster services and HTTP routes at the API gateway level
➜ https://ku.bz/2Q103hfW1
➜ https://ku.bz/2Q103hfW1
December 14, 2025 at 6:06 PM
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews
➤ https://ku.bz/blQ6ybFXN
➤ https://ku.bz/blQ6ybFXN
December 13, 2025 at 6:06 PM
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews
➤ https://ku.bz/blQ6ybFXN
➤ https://ku.bz/blQ6ybFXN
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes
➤ https://ku.bz/zPwwpmMyV
➤ https://ku.bz/zPwwpmMyV
December 12, 2025 at 6:11 PM
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes
➤ https://ku.bz/zPwwpmMyV
➤ https://ku.bz/zPwwpmMyV
This open-source tool helps you manage authentication and access across servers, databases and Kubernetes clusters via API or CLI
➜ https://ku.bz/VYnDyMT1h
➜ https://ku.bz/VYnDyMT1h
December 12, 2025 at 6:06 PM
This open-source tool helps you manage authentication and access across servers, databases and Kubernetes clusters via API or CLI
➜ https://ku.bz/VYnDyMT1h
➜ https://ku.bz/VYnDyMT1h
This open-source tool lets you analyze connectivity, inspect applied NetworkPolicies, and generate policy YAMLs, all with an interactive fuzzy-finder UI and JSON/table outputs
➤ https://ku.bz/HJpY-dbmG
➤ https://ku.bz/HJpY-dbmG
December 12, 2025 at 6:11 AM
This open-source tool lets you analyze connectivity, inspect applied NetworkPolicies, and generate policy YAMLs, all with an interactive fuzzy-finder UI and JSON/table outputs
➤ https://ku.bz/HJpY-dbmG
➤ https://ku.bz/HJpY-dbmG
This article explains how to remove permission checks from microservices and build a centralized authorization layer with Kong OSS and OpenFGA
➜ https://ku.bz/50Pf5hFcV
➜ https://ku.bz/50Pf5hFcV
December 11, 2025 at 6:06 PM
This article explains how to remove permission checks from microservices and build a centralized authorization layer with Kong OSS and OpenFGA
➜ https://ku.bz/50Pf5hFcV
➜ https://ku.bz/50Pf5hFcV