This guide will teach you how to integrate HashiCorp Vault with Kubernetes Secrets CSI Driver, configure Kubernetes authentication, and create SecretProviderClass resources for secure secret management
➜ https://ku.bz/FSg9XsTZc
07.08.2025 18:11 — 👍 0 🔁 0 💬 0 📌 0
Nova scans your cluster for installed Helm charts, cross-checks them with public repos and flags outdated or deprecated charts and container images
➤ https://ku.bz/fNvPKdrLm
07.08.2025 18:06 — 👍 1 🔁 1 💬 0 📌 0
https://kube.careers/image-gen/digest?companies=OpenAI&companies=Airwallex&companies=Dexterity¤cy=USD&salaryFrom=168000&salaryTo=490000&subtitle=Selected+by+the+Kube+Careers+team&title=6+Kubernetes+security+jobs
06.08.2025 21:41 — 👍 1 🔁 1 💬 0 📌 0
argocd-vault-plugin is an Argo CD plugin that retrieves secrets from Secret Management tools and injects them into Kubernetes
➜ https://ku.bz/0Gz8zfVch
06.08.2025 18:06 — 👍 2 🔁 1 💬 0 📌 0
https://res.cloudinary.com/learnk8s/image/upload/v1754483183/linkedin-143_o3n8bx.png
This week on the Learn Kubernetes Weekly:
🤔 1000 TPS with 4-Core/16GB?
🧢 Cap or no cap
🔙 Reclaiming Idle GPUs
💰 How We Saved $1.22m/y
🕰️ Inside Kubernetes Scheduler
⭐️ LearnKube
Read it now: https://learnkube.com/issues/143
06.08.2025 12:41 — 👍 6 🔁 6 💬 0 📌 0
https://camo.githubusercontent.com/297e7dc4b5dba62502071c6152949fa05c27b9a7336fea264986ec02e66efc88/68747470733a2f2f70726f6a6563747376656c746f732e6769746875622e696f2f7376656c746f732f6173736574732f6d756c74692d636c7573746572732e706e67
Sveltos installs as a controller in a management cluster, deploying add-ons and policies (Helm charts, Kustomize, raw YAML) to target clusters by label selectors and sync rules, automating multi-cluster resource management and compliance
➜ https://ku.bz/RgJVTPtfJ
05.08.2025 19:06 — 👍 1 🔁 1 💬 0 📌 0
ToolHive secures Model Context Protocol (MCP) servers in Kubernetes using native features like RBAC, network policies, and StatefulSets
It isolates servers via a proxy, blocking direct network access for enterprise-grade security
➜ https://ku.bz/cJ4HXTrnS
05.08.2025 18:06 — 👍 0 🔁 0 💬 0 📌 0
This article demonstrates using Falco as a runtime security layer in Kubernetes
It explains how system calls are intercepted using eBPF or kernel modules and how Falco rules detect anomalous behavior like spawning shells or reading sensitive files
➤ https://ku.bz/vd3wWs24H
04.08.2025 18:11 — 👍 0 🔁 0 💬 0 📌 0
Reflector is a Kubernetes addon designed to monitor changes to resources (Secrets and ConfigMaps) and reflect changes to mirror resources in the same or other namespaces
➜ https://ku.bz/wPZw27PGH
04.08.2025 18:06 — 👍 1 🔁 1 💬 0 📌 0
🗣️ Hillai Ben-Sasson and Ronen Shustin, Security Researchers at Wiz, explain how gaining code execution on a node can allow attackers to exploit kubelet credentials to access sensitive cluster resources
Watch the full episode: https://ku.bz/yr16qNTFx
04.08.2025 14:43 — 👍 1 🔁 1 💬 0 📌 0
Popeye is a utility that scans live Kubernetes clusters and reports potential issues with deployed resources and configurations
It detects misconfigurations and helps you to ensure that best practices are in place
➤ https://ku.bz/D1Ch_MKP_
03.08.2025 18:06 — 👍 1 🔁 0 💬 0 📌 0
This article presents a practical method to build Docker images from Dockerfiles under strict no-root, no-privilege-escalation constraints
It leverages QEMU virtualization to encapsulate BuildKit inside a microVM
➤ https://ku.bz/Mfp6z5wxT
02.08.2025 18:06 — 👍 0 🔁 0 💬 0 📌 0
Kubeconform is a Kubernetes manifests validation tool
Similar to Kubeval, but with the following improvements:
➀ High performance
➁ Remote or local schemas locations
➂ Up-to-date schemas for all recent versions of Kubernetes
➤ https://ku.bz/jYH4-2Yw6
01.08.2025 18:11 — 👍 0 🔁 0 💬 0 📌 0
KSOPS is a kustomize exec plugin for SOPS encrypted resources
KSOPS can be used to decrypt any Kubernetes resource, but is most commonly used to decrypt encrypted Kubernetes Secrets and ConfigMaps
➜ https://ku.bz/615H3TNYJ
01.08.2025 18:06 — 👍 0 🔁 0 💬 0 📌 0
This post introduces an Argo CD RBAC Operator that replaces manual ConfigMap edits with CRDs like `ArgoCDRole` and `ArgoCDRoleBinding`
➤ https://ku.bz/Z6Nrf3Szw
01.08.2025 15:16 — 👍 2 🔁 1 💬 0 📌 0
Learn how UiPath replaced mutating webhooks with a Helm library solution, enabling flexible cross-service configuration management in Kubernetes without cluster-wide permissions
➜ https://ku.bz/frf79NxRC
31.07.2025 19:06 — 👍 2 🔁 1 💬 0 📌 0
This article explains how Kubernetes handles Linux capability names inconsistently, with behavior differing between container runtimes like containerd and CRI-O
➜ https://ku.bz/Fk3B8xWbr
31.07.2025 18:06 — 👍 1 🔁 0 💬 0 📌 0
https://kube.careers/image-gen/digest?companies=OpenAI&companies=Airwallex&companies=Dexterity¤cy=USD&salaryFrom=168000&salaryTo=310000&subtitle=Selected+by+the+Kube+Careers+team&title=6+Kubernetes+security+jobs
30.07.2025 21:41 — 👍 1 🔁 1 💬 0 📌 0
Kyverno is a policy engine designed for Kubernetes
It can validate, mutate, and generate configurations using admission controls and background scans
Kyverno policies are Kubernetes resources and do not require learning a new language
➜ https://ku.bz/swJ_5DtbJ
30.07.2025 18:11 — 👍 1 🔁 1 💬 0 📌 0
This article shows how to run multiple tenants on one Kubernetes cluster using Namespaces, RBAC, Kyverno, NetworkPolicies, Capsule, and vCluster
➤ https://ku.bz/cY_wDHz89
30.07.2025 18:06 — 👍 1 🔁 1 💬 0 📌 0
https://res.cloudinary.com/learnk8s/image/upload/v1752819173/linkedin-142_dkhr2v.png
This week on the Learn Kubernetes Weekly:
🐳 How Kubernetes Runs Containers
0️⃣ Why Scale to Zero?
💰 Saved 80% on Observability
📝 Configuration taxonomy
🏎️ Eviction thresholds
⭐️ LearnKube
Read it now: https://learnkube.com/issues/142
30.07.2025 11:31 — 👍 7 🔁 7 💬 0 📌 0
https://dev-to-uploads.s3.amazonaws.com/uploads/articles/82bkochnf9ujeqfvbhdp.png
This tutorial covers east-west routing configuration utilizing CoreDNS, Traefik, cert-manager, and trust-manager for domain resolution and secure certificate management
➜ https://ku.bz/QfzB7zPcf
29.07.2025 18:06 — 👍 0 🔁 0 💬 0 📌 0
The ClusterSecret operator keeps matching namespaces updated with secrets:
- New matching namespaces receive the secret automatically. - Changes to the ClusterSecret update all related secrets, and deleting it also removes all cloned secrets
➜ https://ku.bz/L452YC-Mp
28.07.2025 18:06 — 👍 0 🔁 0 💬 0 📌 0
This deep dive walks through debugging a common Kubernetes issue: running containers with a non-root UID
➤ https://ku.bz/3zgW6dYQX
27.07.2025 18:06 — 👍 0 🔁 0 💬 0 📌 0
ingress-nginx CVE-2025-1974 vulnerability allows unauthenticated remote access to its admission controller, enabling full Kubernetes cluster takeover via RCE
Mitigation requires urgent patching, network hardening, and audit log inspection
➤ https://ku.bz/Vb7mRcxpQ
26.07.2025 18:06 — 👍 0 🔁 0 💬 0 📌 0
This repo is a collection of NetworkPolicy recipes to lock down Kubernetes traffic
➤ https://ku.bz/9CYLSX8vm
25.07.2025 18:11 — 👍 1 🔁 0 💬 0 📌 0
The tutorial explains how to securely integrate AWS Secrets Manager with Kubernetes using the External Secrets Operator (ESO), automating secret synchronization via YAML configurations and IAM credentials to eliminate hardcoded secrets
➜ https://ku.bz/TR1h6vSwl
25.07.2025 18:06 — 👍 0 🔁 0 💬 0 📌 0
This post analyzes CVE-2025-1767, a Kubernetes vulnerability where gitRepo volumes let pods clone any host-local Git repo if the attacker knows the path
➤ https://ku.bz/CDGd1YFlx
24.07.2025 18:11 — 👍 0 🔁 0 💬 0 📌 0
k8s-remix is an operator to compose secrets with the same flexibility as a pod env spec field
It monitors changes to configmaps and secrets mentioned in the dataFrom field, and triggers an update whenever these resources are updated
➜ https://ku.bz/vpTfmB6mP
24.07.2025 18:06 — 👍 0 🔁 0 💬 0 📌 0
https://kube.careers/image-gen/digest?companies=OpenAI&companies=Airwallex&companies=Dexterity¤cy=USD&salaryFrom=168000&salaryTo=310000&subtitle=Selected+by+the+Kube+Careers+team&title=6+Kubernetes+security+jobs
23.07.2025 21:41 — 👍 1 🔁 1 💬 0 📌 0
