Learn Kubernetes Weekly issue 115
22 Jan 2025
Kubernetes has its "ADCS" how to backdoor a Kubernetes in silence
WgpSec
Learn how to utilize Kubernetes' certificate system for post-exploitation, including techniques for backdooring a Kubernetes cluster, exploiting ETCD certificates, and forging service account JWT tokens to gain persistent control over cluster resources.
GitOps secrets with Argo CD, Hashicorp Vault and the External Secret Operator
Kostis Kapelonis
In this article, you'll learn how to manage secrets using the External Secret Operator, Hashicorp Vault, and Argo CD, and discover how to avoid saving secrets in Git and automatically refresh secrets without pod restarts or application deployments.
Why is running as root in kubernetes containers dangerous?
Marcin Wasiucionek
In this article, you will learn about the security implications of running containers as root in Kubernetes, and how using non-root users can mitigate common attack vectors and enhance overall security.
Go deeper: linux runtime visibility meets wireshark
Ofek Shaked
In this article, you will learn about Traceeshark, a plugin for Wireshark that enables visual and interactive analysis of Tracee events, and discover how it simplifies the investigation of Linux runtime security issues and malware analysis.
Securing secrets in confidential containers: usage patterns to avoid
Pradipta Banerjee
In this article, you'll learn how to secure sensitive data in confidential containers, including best practices for avoiding common usage patterns that compromise security and restricting Kubernetes APIs to protect your secrets.
Scaling environments with OpenTelemetry and service mesh
Signadot
In this article, you will learn how to scale environments with OpenTelemetry and service meshes and discover a different approach to creating highly scalable dev, preview, and test environments.
Kubernetes operator: create the one with kubebuilder
Yuri Fenyuk
In this article, you will learn how to create a Kubernetes Operator using Kubebuilder to automate memory limit adjustments for a Golang web service.
Platform Engineer with Vosyn
Salary: $51.2K a year
Location: remote from Canada
Tech stack: Kubernetes, AWS, Azure, GCP, Python, Terraform
Solution Engineer with Tailscale
Salary: $150K to $200K a year
Location: remote from the United States
Tech stack: Kubernetes, Kustomize, Helm, Go, Shell, Typescript, Grafana, Prometheus, Fluentd
Software Engineer with LITIT
Salary: €36K to €60K a year
Location: remote from Lithuania
Tech stack: Kubernetes, Docker, Javascript, C#
DevSecOps Engineer with Auria
Salary: $93K to $160K a year
Location: based in the office (and remote from home) in Herndon, VA, USA
Tech stack: Kubernetes, AWS, Azure, On-premise, Docker, Shell, Python, Powershell, Terraform, Jenkins
Software Engineer with One
Salary: $100K to $170K a year
Location: remote from the United States
Tech stack: Kubernetes, AWS, Javascript, Typescript
Discover more Kubernetes jobs on Kube Careers →
encoder-run: source code embeddings operator
encoder-run
encoder-run is a Kubernetes operator designed to automate the lifecycle of source code embeddings. It also manages the underlying storage and model infrastructure.
rajatjindal
kubectl-modify-secret is a tool that allows users to modify Kubernetes secrets without having to worry about base64 encoding/decoding.
sbstp
Kubie is a tool that provides an alternative to kubectx, kubens, and the k on prompt modification script, offering context switching, namespace switching, and prompt customization.
Gardener implements the automated management and operation of Kubernetes clusters as a service and provides a fully validated extensibility framework that can be adjusted to any programmatic cloud or infrastructure provider.
democratic-csi implements the CSI spec providing storage for various container orchestration systems such as Kubernetes.
The current focus is providing storage via iscsi/nfs from zfs-based storage systems predominantly FreeNAS/TrueNAS and ZoL on Ubuntu.
Jan
23
Online workshop organized by Learnk8s.
This is a virtual event
This event requires an entrance fee
Jan
28
Securely access your Kubernetes control plane
Online meetup organized by The Platformers Community London.
This is a virtual event
This is a free event.
Jan
29
In-person conference organized by Cybersec Asia.
Location: Bangkok, TH
This event requires an entrance fee
Jan
25
In-person conference organized by Bitbash.
Location: Veenendaal, NL
This event requires an entrance fee
Jan
23
Kubernetes networking & security at scale: from troubleshooting to collaboration
Online workshop organized by Tigera.
This is a virtual event
This is a free event.
Discover more Kubernetes events on Kube Events →
expired
Location: Bucharest, RO
In-person conference organized by Cloud Native Romania.
The conference starts on the 6 May 2025.
expired
KubeCon + CloudNativeCon Japan 2025
Location: Tokyo, JP
In-person conference organized by Linux Foundation.
The conference starts on the 17 June 2025.
expired
KubeCon + CloudNativeCon China 2025
Location: Hong Kong, HK
In-person conference organized by Linux Foundation.
The conference starts on the 11 June 2025.
expired
Kubernetes Community Days Costa Rica 2025
Location: Heredia, CR
In-person conference organized by KCD Costa Rica.
The conference starts on the 3 May 2025.
expired
Kubernetes Community Days Texas Austin 2025
Location: Austin, TX, USA
In-person conference organized by KCD Texas.
The conference starts on the 15 May 2025.
37
days
Location: Hamburg, DE
In-person conference organized by Looevent.
The conference starts on the 9 September 2025.
expired
Kubernetes Community Days Helsinki 2025
Location: Helsinki, FI
In-person conference organized by KCD Helsinki.
The conference starts on the 6 May 2025.
expired
Kubernetes Community Days Beijing 2025
Location: Beijing, CN
In-person conference organized by KCD Beijing.
The conference starts on the 15 March 2025.
21
days
Kubernetes Community Days Czech & Slovak 2025
Location: Prague, CZ
In-person conference organized by KCD Czech & Slovak.
The conference starts on the 5 June 2025.
Until next time!
— Dan
Subscribe and, every Wednesday, receive the latest Kubernetes news!