Kubesploit
@kubesploit.io
News and links on Kubernetes security curated by the @Learnk8s.io team
More K8s news, events, jobs → https://kube.today
More K8s news, events, jobs → https://kube.today
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation
➤ https://ku.bz/qg3j1t67t
➤ https://ku.bz/qg3j1t67t
December 20, 2025 at 6:06 PM
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation
➤ https://ku.bz/qg3j1t67t
➤ https://ku.bz/qg3j1t67t
This article explains how to secure Kubernetes at the transport (Layer 4) level, covering best practices around service mesh mTLS, network segmentation, access control, and encryption of in-cluster traffic
➤ https://ku.bz/62pM2bG-r
➤ https://ku.bz/62pM2bG-r
December 19, 2025 at 6:11 PM
This article explains how to secure Kubernetes at the transport (Layer 4) level, covering best practices around service mesh mTLS, network segmentation, access control, and encryption of in-cluster traffic
➤ https://ku.bz/62pM2bG-r
➤ https://ku.bz/62pM2bG-r
This article explains how to use Vault Agent Injector (a mutating webhook) to inject secrets into Kubernetes pods securely, without modifying application code
➜ https://ku.bz/DXC0qMd79
➜ https://ku.bz/DXC0qMd79
December 19, 2025 at 6:06 PM
This article explains how to use Vault Agent Injector (a mutating webhook) to inject secrets into Kubernetes pods securely, without modifying application code
➜ https://ku.bz/DXC0qMd79
➜ https://ku.bz/DXC0qMd79
This open-source platform lets you run a self-hosted zero-trust secure access solution supporting VPN-like WireGuard/QUIC, ZTNA, API/AI gateways, homelab access and Kubernetes ingress on your own infrastructure
➤ https://ku.bz/JWMdMH_J8
➤ https://ku.bz/JWMdMH_J8
December 18, 2025 at 6:11 PM
This open-source platform lets you run a self-hosted zero-trust secure access solution supporting VPN-like WireGuard/QUIC, ZTNA, API/AI gateways, homelab access and Kubernetes ingress on your own infrastructure
➤ https://ku.bz/JWMdMH_J8
➤ https://ku.bz/JWMdMH_J8
This code tool helps you gather logs, metrics and code changes, then uses AI-powered root-cause analysis to surface what broke in production and suggest immediate fixes
➜ https://ku.bz/srJCYmX4J
➜ https://ku.bz/srJCYmX4J
December 18, 2025 at 6:06 PM
This code tool helps you gather logs, metrics and code changes, then uses AI-powered root-cause analysis to surface what broke in production and suggest immediate fixes
➜ https://ku.bz/srJCYmX4J
➜ https://ku.bz/srJCYmX4J
Reposted by Kubesploit
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/M_ZTLCWtB
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/M_ZTLCWtB
December 17, 2025 at 6:11 PM
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/M_ZTLCWtB
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/M_ZTLCWtB
This article introduces ChaosRoom, a playful tool that helps engineers learn chaos engineering by running mini-games simulating faults and observing how systems respond
➜ https://ku.bz/2GlrYmTbT
➜ https://ku.bz/2GlrYmTbT
December 17, 2025 at 6:06 PM
This article introduces ChaosRoom, a playful tool that helps engineers learn chaos engineering by running mini-games simulating faults and observing how systems respond
➜ https://ku.bz/2GlrYmTbT
➜ https://ku.bz/2GlrYmTbT
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🐍 Kubernetes’s Python Moment
☁️ Leaving Big Cloud with Kubernetes
📦 DRA in Kubernetes v1.34
🛠️ APIs with Kong Ingress
🚑 Fixing Upstream Connect Errors
⭐️ Depot
Read it now: https://kube.today/issues/162
🐍 Kubernetes’s Python Moment
☁️ Leaving Big Cloud with Kubernetes
📦 DRA in Kubernetes v1.34
🛠️ APIs with Kong Ingress
🚑 Fixing Upstream Connect Errors
⭐️ Depot
Read it now: https://kube.today/issues/162
December 17, 2025 at 11:31 AM
This week on the Learn Kubernetes Weekly:
🐍 Kubernetes’s Python Moment
☁️ Leaving Big Cloud with Kubernetes
📦 DRA in Kubernetes v1.34
🛠️ APIs with Kong Ingress
🚑 Fixing Upstream Connect Errors
⭐️ Depot
Read it now: https://kube.today/issues/162
🐍 Kubernetes’s Python Moment
☁️ Leaving Big Cloud with Kubernetes
📦 DRA in Kubernetes v1.34
🛠️ APIs with Kong Ingress
🚑 Fixing Upstream Connect Errors
⭐️ Depot
Read it now: https://kube.today/issues/162
This tool delivers real-time node/pod-level process, file and network visibility for Kubernetes and bare-metal environments, with rule-based alerts, dashboards and hybrid cloud support
➜ https://ku.bz/7lk94WvMv
➜ https://ku.bz/7lk94WvMv
December 16, 2025 at 6:06 PM
This tool delivers real-time node/pod-level process, file and network visibility for Kubernetes and bare-metal environments, with rule-based alerts, dashboards and hybrid cloud support
➜ https://ku.bz/7lk94WvMv
➜ https://ku.bz/7lk94WvMv
This article shows how to use the Kong OIDC plugin together with Keycloak to secure cluster services and HTTP routes at the API gateway level
➜ https://ku.bz/2Q103hfW1
➜ https://ku.bz/2Q103hfW1
December 15, 2025 at 6:06 PM
This article shows how to use the Kong OIDC plugin together with Keycloak to secure cluster services and HTTP routes at the API gateway level
➜ https://ku.bz/2Q103hfW1
➜ https://ku.bz/2Q103hfW1
December 14, 2025 at 6:06 PM
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews
➤ https://ku.bz/blQ6ybFXN
➤ https://ku.bz/blQ6ybFXN
December 13, 2025 at 6:06 PM
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews
➤ https://ku.bz/blQ6ybFXN
➤ https://ku.bz/blQ6ybFXN
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes
➤ https://ku.bz/zPwwpmMyV
➤ https://ku.bz/zPwwpmMyV
December 12, 2025 at 6:11 PM
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes
➤ https://ku.bz/zPwwpmMyV
➤ https://ku.bz/zPwwpmMyV
This open-source tool helps you manage authentication and access across servers, databases and Kubernetes clusters via API or CLI
➜ https://ku.bz/VYnDyMT1h
➜ https://ku.bz/VYnDyMT1h
December 12, 2025 at 6:06 PM
This open-source tool helps you manage authentication and access across servers, databases and Kubernetes clusters via API or CLI
➜ https://ku.bz/VYnDyMT1h
➜ https://ku.bz/VYnDyMT1h
This open-source tool lets you analyze connectivity, inspect applied NetworkPolicies, and generate policy YAMLs, all with an interactive fuzzy-finder UI and JSON/table outputs
➤ https://ku.bz/HJpY-dbmG
➤ https://ku.bz/HJpY-dbmG
December 12, 2025 at 6:11 AM
This open-source tool lets you analyze connectivity, inspect applied NetworkPolicies, and generate policy YAMLs, all with an interactive fuzzy-finder UI and JSON/table outputs
➤ https://ku.bz/HJpY-dbmG
➤ https://ku.bz/HJpY-dbmG
This article explains how to remove permission checks from microservices and build a centralized authorization layer with Kong OSS and OpenFGA
➜ https://ku.bz/50Pf5hFcV
➜ https://ku.bz/50Pf5hFcV
December 11, 2025 at 6:06 PM
This article explains how to remove permission checks from microservices and build a centralized authorization layer with Kong OSS and OpenFGA
➜ https://ku.bz/50Pf5hFcV
➜ https://ku.bz/50Pf5hFcV
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🔥 Informers Are Easy to Misuse
🎤 Three Optimization Lessons
🛑 Graceful Shutdown
🚪 Namespaces & Multi-tenancy
🎯 Centralizing Helm with HTTPProxy
⭐️ StormForge by CloudBolt
Read it now: https://kube.today/issues/161
🔥 Informers Are Easy to Misuse
🎤 Three Optimization Lessons
🛑 Graceful Shutdown
🚪 Namespaces & Multi-tenancy
🎯 Centralizing Helm with HTTPProxy
⭐️ StormForge by CloudBolt
Read it now: https://kube.today/issues/161
December 10, 2025 at 11:51 AM
This week on the Learn Kubernetes Weekly:
🔥 Informers Are Easy to Misuse
🎤 Three Optimization Lessons
🛑 Graceful Shutdown
🚪 Namespaces & Multi-tenancy
🎯 Centralizing Helm with HTTPProxy
⭐️ StormForge by CloudBolt
Read it now: https://kube.today/issues/161
🔥 Informers Are Easy to Misuse
🎤 Three Optimization Lessons
🛑 Graceful Shutdown
🚪 Namespaces & Multi-tenancy
🎯 Centralizing Helm with HTTPProxy
⭐️ StormForge by CloudBolt
Read it now: https://kube.today/issues/161
Tetragon enables powerful real-time, eBPF-based security observability and runtime enforcement
It is Kubernetes-aware and understands identities, allowing security event detection to be configured in relation to individual workloads
➜ https://ku.bz/WrhnVyd2p
It is Kubernetes-aware and understands identities, allowing security event detection to be configured in relation to individual workloads
➜ https://ku.bz/WrhnVyd2p
December 9, 2025 at 6:06 PM
Tetragon enables powerful real-time, eBPF-based security observability and runtime enforcement
It is Kubernetes-aware and understands identities, allowing security event detection to be configured in relation to individual workloads
➜ https://ku.bz/WrhnVyd2p
It is Kubernetes-aware and understands identities, allowing security event detection to be configured in relation to individual workloads
➜ https://ku.bz/WrhnVyd2p
This article explores why using Kubernetes namespaces alone is not a sufficient isolation or security boundary
It shows common pitfalls and many attack paths that let a tenant escape isolation even if you only gave them access to a single namespace
➜ https://ku.bz/PCmRjmB57
It shows common pitfalls and many attack paths that let a tenant escape isolation even if you only gave them access to a single namespace
➜ https://ku.bz/PCmRjmB57
December 8, 2025 at 6:06 PM
This article explores why using Kubernetes namespaces alone is not a sufficient isolation or security boundary
It shows common pitfalls and many attack paths that let a tenant escape isolation even if you only gave them access to a single namespace
➜ https://ku.bz/PCmRjmB57
It shows common pitfalls and many attack paths that let a tenant escape isolation even if you only gave them access to a single namespace
➜ https://ku.bz/PCmRjmB57
Reposted by Kubesploit
🚀 It's that time of the year! What did I achieve in 2025?
A thread 🧵
A thread 🧵
December 8, 2025 at 2:06 PM
🚀 It's that time of the year! What did I achieve in 2025?
A thread 🧵
A thread 🧵
Kube No Trouble (kubent) is a tool to check whether you're using any deprecated APIs in your cluster and therefore should upgrade your workloads first, before upgrading your Kubernetes cluster
➜ https://ku.bz/zMyZdL3w6
➜ https://ku.bz/zMyZdL3w6
December 5, 2025 at 6:06 PM
Kube No Trouble (kubent) is a tool to check whether you're using any deprecated APIs in your cluster and therefore should upgrade your workloads first, before upgrading your Kubernetes cluster
➜ https://ku.bz/zMyZdL3w6
➜ https://ku.bz/zMyZdL3w6
This tutorial walks you through enabling, running, and monitoring IPv6 networking on Kubernetes clusters using Cilium
➜ https://ku.bz/b6RFcGQjF
➜ https://ku.bz/b6RFcGQjF
December 4, 2025 at 6:06 PM
This tutorial walks you through enabling, running, and monitoring IPv6 networking on Kubernetes clusters using Cilium
➜ https://ku.bz/b6RFcGQjF
➜ https://ku.bz/b6RFcGQjF
This tool provides a Model Context Protocol (MCP) server for querying Kubernetes Audit Logs across cloud providers using AWS CloudWatch, GCP Logging, and Alibaba SLS
➜ https://ku.bz/Hm_CMFF66
➜ https://ku.bz/Hm_CMFF66
December 3, 2025 at 6:06 PM
This tool provides a Model Context Protocol (MCP) server for querying Kubernetes Audit Logs across cloud providers using AWS CloudWatch, GCP Logging, and Alibaba SLS
➜ https://ku.bz/Hm_CMFF66
➜ https://ku.bz/Hm_CMFF66
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🌐 Networking from Packets to Pods
⚙️ Istio Upgrades
🔍 Finding Kubernetes Exit Codes
🔒 Security fundamentals: networking
📊 Jaeger Tracing on Kubernetes
⭐️ vCluster Labs
Read it now: https://kube.today/issues/160
🌐 Networking from Packets to Pods
⚙️ Istio Upgrades
🔍 Finding Kubernetes Exit Codes
🔒 Security fundamentals: networking
📊 Jaeger Tracing on Kubernetes
⭐️ vCluster Labs
Read it now: https://kube.today/issues/160
December 3, 2025 at 11:56 AM
This week on the Learn Kubernetes Weekly:
🌐 Networking from Packets to Pods
⚙️ Istio Upgrades
🔍 Finding Kubernetes Exit Codes
🔒 Security fundamentals: networking
📊 Jaeger Tracing on Kubernetes
⭐️ vCluster Labs
Read it now: https://kube.today/issues/160
🌐 Networking from Packets to Pods
⚙️ Istio Upgrades
🔍 Finding Kubernetes Exit Codes
🔒 Security fundamentals: networking
📊 Jaeger Tracing on Kubernetes
⭐️ vCluster Labs
Read it now: https://kube.today/issues/160