Lightnews — Scholar-powered news

Kubesploit @kubesploit.io · 11h

This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions

➜ https://ku.bz/PzHb6bP62

1 1

Reposted by Kubesploit

KubeFM @kube.fm · 18h

The Making of Flux Ep 4: The Platform Builders 🏗️

GitLab, Microsoft & Mirantis reveal why they're embedding Flux into their platforms, from Azure Arc's managed service to Cordant's multi-cluster vision

https://ku.bz/tVqKwNYQH

🌟 ControlPlane
🎙 🎙Bart

7 9

Kubesploit @kubesploit.io · 1d

This tutorial explains Kubernetes authentication (“who you are”) and authorization (“what you can do”) workflows

It shows how to issue user certificates, create a CertificateSigningRequest, approve it, and bind RBAC roles

➤ https://ku.bz/mN0GKSR_c

Kubesploit @kubesploit.io · 2d

Blixt is an early-stage, sandbox-only Layer 4 load balancer project written in Rust

It integrates eBPF via Aya and manages routing logic via Kube-RS

It supports Gateway API objects like TCPRoute and UDPRoute, with KIND-based local testing only

➤ https://ku.bz/1cZxMK7Ck

https://github.com/kubernetes-sigs/blixt/assets/5332524/387ce94a-88fd-43a9-bde9-73fb9005564d

Kubesploit @kubesploit.io · 2d

cnquery is a command-line tool that lets you inspect and query your cloud, Kubernetes, and servers from one place

➜ https://ku.bz/Jml2KcQ-N

2 2

Kubesploit @kubesploit.io · 3d

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure that applications adhere to best practices

➤ https://ku.bz/yCpPFTs73

1 2

Kubesploit @kubesploit.io · 4d

This article explains the governance differences between AWS Config and Kubernetes native policy engines and their complementary roles in cloud environments

➤ https://ku.bz/ttgXTYdrZ

https://dev-to-uploads.s3.amazonaws.com/uploads/articles/6bj3934bxmwbvfdvikbw.png

1

Reposted by Kubesploit

KubeFM @kube.fm · 4d

🗣️ Jim Bugwadia, Co-Founder & CEO @ Nirmata, explains how to transform security compliance from a boring obligation into an exciting part of engineering culture

Watch: https://ku.bz/hYZXTmPV9

1 1 3

Reposted by Kubesploit

Kube Careers @kube.careers · 5d

https://kube.careers/image-gen/digest?companies=OpenAI&companies=Replit&companies=Airwallex&currency=USD&salaryFrom=180000&salaryTo=490000&subtitle=Selected+by+the+Kube+Careers+team&title=6+Kubernetes+security+jobs

1 1 1

Kubesploit @kubesploit.io · 5d

This article shows how to build enterprise-level secret management in an MLOps setup using tools like Sealed Secrets, Git encryption, and clear team boundaries for secure, scalable credential handling

➜ https://ku.bz/2Dlnrr0W7

Kubesploit @kubesploit.io · 5d

kps-zeroexposure is a helm chart that fixes unhealthy or missing control-plane metrics targets in `kube-prometheus-stack` by deploying a secure Prometheus Agent as a DaemonSet

➤ https://ku.bz/jtT5DjB6h

https://github.com/adrghph/kps-zeroexposure/raw/master/images/schema.jpg

1 1

Reposted by Kubesploit

LearnKube @learnkube.com · 5d

This week on the Learn Kubernetes Weekly:

🌍 Envs vs Clusters
🧩 Image Compatibility
🔁 Terraform → Crossplane
📊 Kube-State-Metrics
⚙️ Local Dev on K8s

⭐️ Testkube

Read it now: https://kube.today/issues/153

https://res.cloudinary.com/learnk8s/image/upload/v1760446374/linkedin-153_u2o697.png

7 8

Kubesploit @kubesploit.io · 5d

This project provides a RESTful API interface over the Bitwarden Rust SDK to enable the External Secrets Operator to fetch vault secrets securely

➜ https://ku.bz/t-WF03pc3

Reposted by Kubesploit

Kube Builders @kube.builders · 6d

Project Quay runs as a service inside or outside Kubernetes, storing images in S3 or local storage

It scans images for vulnerabilities with Clair, supports image signing, and enforces repository access and security policies via webhooks and RBAC

➜ https://ku.bz/mXXL2JPl4

https://access.redhat.com/webassets/avalon/d/Red_Hat_Quay-3.14-Red_Hat_Quay_architecture-en-US/images/e3ae13590acc34352a2b97e875749345/178_Quay_architecture_0821_on_Azure.png

1 1

Reposted by Kubesploit

KubeFM @kube.fm · 6d

🗣️ Niels Claeys shares how his team built a data platform processing up to 1.5 million core hours monthly and the specific optimizations they discovered: from scheduler changes to spot instance usage

https://ku.bz/hGRfkzDJW

🌟 Testkube
🎙 🎙Bart

6 9

Reposted by Kubesploit

Kube Careers @kube.careers · 7d

🍽️ Platform Engineering eating DevOps' lunch?

We analyzed 509 Kubernetes jobs in Q3 2025:

💰 Avg salary: $177,983 (NA) / €92,113 (EU)
🏠 67% remote… but only 0.29% truly location-free

Full report: https://kube.careers/state-of-kubernetes-jobs-2025-q3

⭐️ LearnKube

https://res.cloudinary.com/learnk8s/image/upload/v1760333097/preview-2025q3_ugarmg.png

6 8

Reposted by Kubesploit

KubeFM @kube.fm · 7d

🗣️ The Making of Flux Episode 3 is here!

From hitting the "scaling wall" to operational excellence—Philippe (Orange) and Arnab (Nomura) share how they transformed their Kubernetes operations with GitOps

https://ku.bz/tWcHlJm7M

🌟 ControlPlane
🎙 🎙Bart

6 8

Kubesploit @kubesploit.io · 8d

This article explains how to configure Istio to observe encrypted and unencrypted egress traffic in Kubernetes using TLS termination, origination, and certificate management

➤ https://ku.bz/rc3DypN0f

2 2

Kubesploit @kubesploit.io · 9d

kubeseal-convert is a tool for importing secrets from pre-existing secrets management systems (e.g. Vault, Secrets Manager) into a SealedSecret

➤ https://ku.bz/fQPD8MvbX

Kubesploit @kubesploit.io · 10d

This article explains how to configure Kubernetes SecurityContext settings at the pod and container levels to enforce security policies like non-root execution, volume permissions, and Linux capabilities

➤ https://ku.bz/nJ8Zkh6x9

Kubesploit @kubesploit.io · 11d

This repo demonstrates CVE-2024-0132, a container escape in NVIDIA Container Toolkit

It swaps directory contents during validation, causing the toolkit to mount the entire host filesystem into the container instead of just a library file

➤ https://ku.bz/0Z5QPQl_N

Reposted by Kubesploit

KubeFM @kube.fm · 11d

🗣️ Andrei Kvapil explains strategies using pull request models for real-time inspection and control

Watch: https://ku.bz/0mvh5s4Ld

2 2

Kubesploit @kubesploit.io · 12d

This tutorial sets up Vault's database secrets engine in AKS to generate short-lived Postgres credentials on demand, using ExternalSecrets and VaultDynamicSecret to sync them into native Kubernetes Secrets

➤ https://ku.bz/MbNs69CsB

Reposted by Kubesploit

LearnKube @learnkube.com · 12d

This week on the Learn Kubernetes Weekly:

🌀 Kafkian SplitDNS
⚙️ Amazon EKS Auto Mode
👩‍💻 Cloud-Native Roles Are Engineers
🚀 Start Sidecar First
📈 Custom Event Aggregation
⚡ Single Replica Pitfalls

⭐️ AWS

Read it now: https://kube.today/issues/152

https://res.cloudinary.com/learnk8s/image/upload/v1759838783/linkedin-152_h5b1rt.png

7 9

Reposted by Kubesploit

KubeFM @kube.fm · 13d

🗣️ Vitalii explains how Agoda built macOS VZ Kubelet, a custom solution that registers macOS hosts as Kubernetes nodes handles 20,000 iOS tests at scale

https://ku.bz/q_JS76SvM

🌟 Testkube
🎙 🎙Bart

6 8