Lightnews — Scholar-powered news

Kubesploit @kubesploit.io · 2h

The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using `SubjectAccessReview`

➜ https://ku.bz/pQqpkgLM7

1 1

Reposted by Kubesploit

KubeFM @kube.fm · 8h

Mai Nishitani, Director of Enterprise Architecture at NTT Data demonstrates how Model Context Protocol (MCP) enables Claude to directly interact with Kubernetes clusters through natural language commands

https://ku.bz/3hWvQjXxp

🌟 Testkube
🎙 🎙Bart

7 7

Kubesploit @kubesploit.io · 1d

This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions

➜ https://ku.bz/PzHb6bP62

1 1

Reposted by Kubesploit

KubeFM @kube.fm · 1d

The Making of Flux Ep 4: The Platform Builders 🏗️

GitLab, Microsoft & Mirantis reveal why they're embedding Flux into their platforms, from Azure Arc's managed service to Cordant's multi-cluster vision

https://ku.bz/tVqKwNYQH

🌟 ControlPlane
🎙 🎙Bart

7 9

Kubesploit @kubesploit.io · 2d

This tutorial explains Kubernetes authentication (“who you are”) and authorization (“what you can do”) workflows

It shows how to issue user certificates, create a CertificateSigningRequest, approve it, and bind RBAC roles

➤ https://ku.bz/mN0GKSR_c

Kubesploit @kubesploit.io · 3d

Blixt is an early-stage, sandbox-only Layer 4 load balancer project written in Rust

It integrates eBPF via Aya and manages routing logic via Kube-RS

It supports Gateway API objects like TCPRoute and UDPRoute, with KIND-based local testing only

➤ https://ku.bz/1cZxMK7Ck

https://github.com/kubernetes-sigs/blixt/assets/5332524/387ce94a-88fd-43a9-bde9-73fb9005564d

Kubesploit @kubesploit.io · 3d

cnquery is a command-line tool that lets you inspect and query your cloud, Kubernetes, and servers from one place

➜ https://ku.bz/Jml2KcQ-N

2 2

Kubesploit @kubesploit.io · 4d

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure that applications adhere to best practices

➤ https://ku.bz/yCpPFTs73

1 2

Kubesploit @kubesploit.io · 5d

This article explains the governance differences between AWS Config and Kubernetes native policy engines and their complementary roles in cloud environments

➤ https://ku.bz/ttgXTYdrZ

https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6bj3934bxmwbvfdvikbw.png

1

Reposted by Kubesploit

KubeFM @kube.fm · 5d

🗣️ Jim Bugwadia, Co-Founder & CEO @ Nirmata, explains how to transform security compliance from a boring obligation into an exciting part of engineering culture

Watch: https://ku.bz/hYZXTmPV9

1 1 3

Reposted by Kubesploit

Kube Careers @kube.careers · 5d

https://kube.careers/image-gen/digest?companies=OpenAI&companies=Replit&companies=Airwallex&currency=USD&salaryFrom=180000&salaryTo=490000&subtitle=Selected+by+the+Kube+Careers+team&title=6+Kubernetes+security+jobs

1 1 1

Kubesploit @kubesploit.io · 6d

This article shows how to build enterprise-level secret management in an MLOps setup using tools like Sealed Secrets, Git encryption, and clear team boundaries for secure, scalable credential handling

➜ https://ku.bz/2Dlnrr0W7

Kubesploit @kubesploit.io · 6d

kps-zeroexposure is a helm chart that fixes unhealthy or missing control-plane metrics targets in `kube-prometheus-stack` by deploying a secure Prometheus Agent as a DaemonSet

➤ https://ku.bz/jtT5DjB6h

https://github.com/adrghph/kps-zeroexposure/raw/master/images/schema.jpg

1 1

Reposted by Kubesploit

LearnKube @learnkube.com · 6d

This week on the Learn Kubernetes Weekly:

🌍 Envs vs Clusters
🧩 Image Compatibility
🔁 Terraform → Crossplane
📊 Kube-State-Metrics
⚙️ Local Dev on K8s

⭐️ Testkube

Read it now: https://kube.today/issues/153

https://res.cloudinary.com/learnk8s/image/upload/v1760446374/linkedin-153_u2o697.png

7 8

Kubesploit @kubesploit.io · 6d

This project provides a RESTful API interface over the Bitwarden Rust SDK to enable the External Secrets Operator to fetch vault secrets securely

➜ https://ku.bz/t-WF03pc3

Reposted by Kubesploit

Kube Builders @kube.builders · 7d

Project Quay runs as a service inside or outside Kubernetes, storing images in S3 or local storage

It scans images for vulnerabilities with Clair, supports image signing, and enforces repository access and security policies via webhooks and RBAC

➜ https://ku.bz/mXXL2JPl4

https://access.redhat.com/webassets/avalon/d/Red_Hat_Quay-3.14-Red_Hat_Quay_architecture-en-US/images/e3ae13590acc34352a2b97e875749345/178_Quay_architecture_0821_on_Azure.png

1 1

Reposted by Kubesploit

KubeFM @kube.fm · 7d

🗣️ Niels Claeys shares how his team built a data platform processing up to 1.5 million core hours monthly and the specific optimizations they discovered: from scheduler changes to spot instance usage

https://ku.bz/hGRfkzDJW

🌟 Testkube
🎙 🎙Bart

6 9

Reposted by Kubesploit

Kube Careers @kube.careers · 8d

🍽️ Platform Engineering eating DevOps' lunch?

We analyzed 509 Kubernetes jobs in Q3 2025:

💰 Avg salary: $177,983 (NA) / €92,113 (EU)
🏠 67% remote… but only 0.29% truly location-free

Full report: https://kube.careers/state-of-kubernetes-jobs-2025-q3

⭐️ LearnKube

https://res.cloudinary.com/learnk8s/image/upload/v1760333097/preview-2025q3_ugarmg.png

6 8

Reposted by Kubesploit

KubeFM @kube.fm · 8d

🗣️ The Making of Flux Episode 3 is here!

From hitting the "scaling wall" to operational excellence—Philippe (Orange) and Arnab (Nomura) share how they transformed their Kubernetes operations with GitOps

https://ku.bz/tWcHlJm7M

🌟 ControlPlane
🎙 🎙Bart

6 8

Kubesploit @kubesploit.io · 9d

This article explains how to configure Istio to observe encrypted and unencrypted egress traffic in Kubernetes using TLS termination, origination, and certificate management

➤ https://ku.bz/rc3DypN0f

2 2

Kubesploit @kubesploit.io · 10d

kubeseal-convert is a tool for importing secrets from pre-existing secrets management systems (e.g. Vault, Secrets Manager) into a SealedSecret

➤ https://ku.bz/fQPD8MvbX

Kubesploit @kubesploit.io · 11d

This article explains how to configure Kubernetes SecurityContext settings at the pod and container levels to enforce security policies like non-root execution, volume permissions, and Linux capabilities

➤ https://ku.bz/nJ8Zkh6x9

Kubesploit @kubesploit.io · 12d

This repo demonstrates CVE-2024-0132, a container escape in NVIDIA Container Toolkit

It swaps directory contents during validation, causing the toolkit to mount the entire host filesystem into the container instead of just a library file

➤ https://ku.bz/0Z5QPQl_N

Reposted by Kubesploit

KubeFM @kube.fm · 12d

🗣️ Andrei Kvapil explains strategies using pull request models for real-time inspection and control

Watch: https://ku.bz/0mvh5s4Ld

2 2

Kubesploit @kubesploit.io · 13d

This tutorial sets up Vault's database secrets engine in AKS to generate short-lived Postgres credentials on demand, using ExternalSecrets and VaultDynamicSecret to sync them into native Kubernetes Secrets

➤ https://ku.bz/MbNs69CsB