Kubesploit
@kubesploit.io
News and links on Kubernetes security curated by the @Learnk8s.io team
More K8s news, events, jobs → https://kube.today
More K8s news, events, jobs → https://kube.today
Reposted by Kubesploit
🗣️ @fasterthanli.me walks through his production incident where adding a home computer as a Kubernetes node caused TLS certificate renewals to fail
https://ku.bz/6Ll_7slr9
🌟 LearnKube
🎙 🎙Bart
https://ku.bz/6Ll_7slr9
🌟 LearnKube
🎙 🎙Bart
November 25, 2025 at 12:28 PM
🗣️ @fasterthanli.me walks through his production incident where adding a home computer as a Kubernetes node caused TLS certificate renewals to fail
https://ku.bz/6Ll_7slr9
🌟 LearnKube
🎙 🎙Bart
https://ku.bz/6Ll_7slr9
🌟 LearnKube
🎙 🎙Bart
Reposted by Kubesploit
🗣️ Ratan Tipirneni announces Calico AI, a new AI-powered initiative designed to unlock the value of Tigera's existing Calico platform
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
November 24, 2025 at 7:17 PM
🗣️ Ratan Tipirneni announces Calico AI, a new AI-powered initiative designed to unlock the value of Tigera's existing Calico platform
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➤ https://ku.bz/5665x_NRr
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➤ https://ku.bz/5665x_NRr
November 24, 2025 at 6:06 PM
This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➤ https://ku.bz/5665x_NRr
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➤ https://ku.bz/5665x_NRr
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/4ZQR0-Nf9
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/4ZQR0-Nf9
November 23, 2025 at 6:06 PM
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/4ZQR0-Nf9
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/4ZQR0-Nf9
This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges
➤ https://ku.bz/DzzV1cR4z
➤ https://ku.bz/DzzV1cR4z
November 22, 2025 at 6:06 PM
This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges
➤ https://ku.bz/DzzV1cR4z
➤ https://ku.bz/DzzV1cR4z
The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using `SubjectAccessReview`
➤ https://ku.bz/pQqpkgLM7
➤ https://ku.bz/pQqpkgLM7
November 21, 2025 at 6:11 PM
The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using `SubjectAccessReview`
➤ https://ku.bz/pQqpkgLM7
➤ https://ku.bz/pQqpkgLM7
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication
➜ https://ku.bz/HsWb7TCYL
➜ https://ku.bz/HsWb7TCYL
November 21, 2025 at 6:06 PM
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication
➜ https://ku.bz/HsWb7TCYL
➜ https://ku.bz/HsWb7TCYL
Reposted by Kubesploit
🗣️ Alex Chircop, Chief Architect @ Akamai, discusses three emerging Kubernetes tools: KCP for scaling control planes, OpenTelemetry for observability challenges, and advanced access control systems like OpenFGA and Cedar
Watch the full interview: https://ku.bz/jHLJL8H6t
Watch the full interview: https://ku.bz/jHLJL8H6t
November 21, 2025 at 4:07 PM
🗣️ Alex Chircop, Chief Architect @ Akamai, discusses three emerging Kubernetes tools: KCP for scaling control planes, OpenTelemetry for observability challenges, and advanced access control systems like OpenFGA and Cedar
Watch the full interview: https://ku.bz/jHLJL8H6t
Watch the full interview: https://ku.bz/jHLJL8H6t
This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions
➤ https://ku.bz/PzHb6bP62
➤ https://ku.bz/PzHb6bP62
November 20, 2025 at 6:11 PM
This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions
➤ https://ku.bz/PzHb6bP62
➤ https://ku.bz/PzHb6bP62
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation
➜ https://ku.bz/qg3j1t67t
➜ https://ku.bz/qg3j1t67t
November 20, 2025 at 6:06 PM
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation
➜ https://ku.bz/qg3j1t67t
➜ https://ku.bz/qg3j1t67t
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🔥 Kubernetes Security Contexts
🚀 OpenShift Stateful Workloads on AKS
🧠 Linux Swap for Kubernetes
💻 Remote Dev with MCP Servers
🔍 LLMs on Google Cloud Run
⭐️ StormForge, LearnKube
Read it now: https://kube.today/issues/158
🔥 Kubernetes Security Contexts
🚀 OpenShift Stateful Workloads on AKS
🧠 Linux Swap for Kubernetes
💻 Remote Dev with MCP Servers
🔍 LLMs on Google Cloud Run
⭐️ StormForge, LearnKube
Read it now: https://kube.today/issues/158
November 19, 2025 at 11:36 AM
This week on the Learn Kubernetes Weekly:
🔥 Kubernetes Security Contexts
🚀 OpenShift Stateful Workloads on AKS
🧠 Linux Swap for Kubernetes
💻 Remote Dev with MCP Servers
🔍 LLMs on Google Cloud Run
⭐️ StormForge, LearnKube
Read it now: https://kube.today/issues/158
🔥 Kubernetes Security Contexts
🚀 OpenShift Stateful Workloads on AKS
🧠 Linux Swap for Kubernetes
💻 Remote Dev with MCP Servers
🔍 LLMs on Google Cloud Run
⭐️ StormForge, LearnKube
Read it now: https://kube.today/issues/158
This open-source platform lets you run a self-hosted zero-trust secure access solution supporting VPN-like WireGuard/QUIC, ZTNA, API/AI gateways, homelab access and Kubernetes ingress on your own infrastructure
➜ https://ku.bz/JWMdMH_J8
➜ https://ku.bz/JWMdMH_J8
November 18, 2025 at 6:06 PM
This open-source platform lets you run a self-hosted zero-trust secure access solution supporting VPN-like WireGuard/QUIC, ZTNA, API/AI gateways, homelab access and Kubernetes ingress on your own infrastructure
➜ https://ku.bz/JWMdMH_J8
➜ https://ku.bz/JWMdMH_J8
Reposted by Kubesploit
🗣️ Tanat shares the complete journey of replacing EKS Managed Node Groups and Cluster Autoscaler with AWS Karpenter
https://ku.bz/T6hDSWYhb
🌟 StormForge
🎙 🎙Bart
https://ku.bz/T6hDSWYhb
🌟 StormForge
🎙 🎙Bart
November 18, 2025 at 11:34 AM
🗣️ Tanat shares the complete journey of replacing EKS Managed Node Groups and Cluster Autoscaler with AWS Karpenter
https://ku.bz/T6hDSWYhb
🌟 StormForge
🎙 🎙Bart
https://ku.bz/T6hDSWYhb
🌟 StormForge
🎙 🎙Bart
cnquery is a command-line tool that lets you inspect and query your cloud, Kubernetes, and servers from one place
➤ https://ku.bz/Jml2KcQ-N
➤ https://ku.bz/Jml2KcQ-N
November 18, 2025 at 5:51 AM
cnquery is a command-line tool that lets you inspect and query your cloud, Kubernetes, and servers from one place
➤ https://ku.bz/Jml2KcQ-N
➤ https://ku.bz/Jml2KcQ-N
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➜ https://ku.bz/M_ZTLCWtB
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➜ https://ku.bz/M_ZTLCWtB
November 17, 2025 at 6:06 PM
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➜ https://ku.bz/M_ZTLCWtB
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➜ https://ku.bz/M_ZTLCWtB
Reposted by Kubesploit
1,317 Kubernetes practitioners shared how they manage resources:
→ 56% still do it manually despite wanting automation
→ 45% regularly hit CPU throttling/OOM kills
→ 57% estimate 20%+ waste in compute costs
Report: https://kube.today/kubernetes-resource-management-2025
→ 56% still do it manually despite wanting automation
→ 45% regularly hit CPU throttling/OOM kills
→ 57% estimate 20%+ waste in compute costs
Report: https://kube.today/kubernetes-resource-management-2025
November 17, 2025 at 12:56 PM
1,317 Kubernetes practitioners shared how they manage resources:
→ 56% still do it manually despite wanting automation
→ 45% regularly hit CPU throttling/OOM kills
→ 57% estimate 20%+ waste in compute costs
Report: https://kube.today/kubernetes-resource-management-2025
→ 56% still do it manually despite wanting automation
→ 45% regularly hit CPU throttling/OOM kills
→ 57% estimate 20%+ waste in compute costs
Report: https://kube.today/kubernetes-resource-management-2025
This article shows how to build enterprise-level secret management in an MLOps setup using tools like Sealed Secrets, Git encryption, and clear team boundaries for secure, scalable credential handling
➤ https://ku.bz/2Dlnrr0W7
➤ https://ku.bz/2Dlnrr0W7
November 15, 2025 at 6:06 PM
This article shows how to build enterprise-level secret management in an MLOps setup using tools like Sealed Secrets, Git encryption, and clear team boundaries for secure, scalable credential handling
➤ https://ku.bz/2Dlnrr0W7
➤ https://ku.bz/2Dlnrr0W7
This project provides a RESTful API interface over the Bitwarden Rust SDK to enable the External Secrets Operator to fetch vault secrets securely
➤ https://ku.bz/t-WF03pc3
➤ https://ku.bz/t-WF03pc3
November 15, 2025 at 8:51 AM
This project provides a RESTful API interface over the Bitwarden Rust SDK to enable the External Secrets Operator to fetch vault secrets securely
➤ https://ku.bz/t-WF03pc3
➤ https://ku.bz/t-WF03pc3
Reposted by Kubesploit
🗣️ Tim Miller CEO and Co-founder at Kusari challenges the common belief that minimal container images automatically mean better security
Watch: https://ku.bz/-2Sqn9Jb9
Watch: https://ku.bz/-2Sqn9Jb9
November 14, 2025 at 7:17 PM
🗣️ Tim Miller CEO and Co-founder at Kusari challenges the common belief that minimal container images automatically mean better security
Watch: https://ku.bz/-2Sqn9Jb9
Watch: https://ku.bz/-2Sqn9Jb9
November 14, 2025 at 6:06 PM
Reposted by Kubesploit
Project Quay runs as a service inside or outside Kubernetes, storing images in S3 or local storage
It scans images for vulnerabilities with Clair, supports image signing, and enforces repository access and security policies via webhooks and RBAC
➤ https://ku.bz/mXXL2JPl4
It scans images for vulnerabilities with Clair, supports image signing, and enforces repository access and security policies via webhooks and RBAC
➤ https://ku.bz/mXXL2JPl4
November 14, 2025 at 2:41 PM
Project Quay runs as a service inside or outside Kubernetes, storing images in S3 or local storage
It scans images for vulnerabilities with Clair, supports image signing, and enforces repository access and security policies via webhooks and RBAC
➤ https://ku.bz/mXXL2JPl4
It scans images for vulnerabilities with Clair, supports image signing, and enforces repository access and security policies via webhooks and RBAC
➤ https://ku.bz/mXXL2JPl4
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews
➜ https://ku.bz/blQ6ybFXN
➜ https://ku.bz/blQ6ybFXN
November 13, 2025 at 6:06 PM
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews
➜ https://ku.bz/blQ6ybFXN
➜ https://ku.bz/blQ6ybFXN
Reposted by Kubesploit
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes
➜ https://ku.bz/zPwwpmMyV
➜ https://ku.bz/zPwwpmMyV
November 12, 2025 at 6:06 PM
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes
➜ https://ku.bz/zPwwpmMyV
➜ https://ku.bz/zPwwpmMyV
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
⚙️ gRPC with ALB and Traefik
🧭 Prevent Failures with Topology Spread
📜 Demystifying Kubernetes YAML
🔗 Shared Socket with eBPF
🌐 Kubernetes Networking Guide
⭐️ Testkube
Read it now: https://kube.today/issues/157
⚙️ gRPC with ALB and Traefik
🧭 Prevent Failures with Topology Spread
📜 Demystifying Kubernetes YAML
🔗 Shared Socket with eBPF
🌐 Kubernetes Networking Guide
⭐️ Testkube
Read it now: https://kube.today/issues/157
November 12, 2025 at 11:31 AM
This week on the Learn Kubernetes Weekly:
⚙️ gRPC with ALB and Traefik
🧭 Prevent Failures with Topology Spread
📜 Demystifying Kubernetes YAML
🔗 Shared Socket with eBPF
🌐 Kubernetes Networking Guide
⭐️ Testkube
Read it now: https://kube.today/issues/157
⚙️ gRPC with ALB and Traefik
🧭 Prevent Failures with Topology Spread
📜 Demystifying Kubernetes YAML
🔗 Shared Socket with eBPF
🌐 Kubernetes Networking Guide
⭐️ Testkube
Read it now: https://kube.today/issues/157