Kubesploit
@kubesploit.io
News and links on Kubernetes security curated by the @Learnk8s.io team
More K8s news, events, jobs → https://kube.today
More K8s news, events, jobs → https://kube.today
This tool lets your Kubernetes cluster automatically issue TLS certificates for pods by handling `PodCertificateRequest` resources with a custom signer controller
➜ https://ku.bz/9l1Dq8skJ
➜ https://ku.bz/9l1Dq8skJ
December 2, 2025 at 7:21 AM
This tool lets your Kubernetes cluster automatically issue TLS certificates for pods by handling `PodCertificateRequest` resources with a custom signer controller
➜ https://ku.bz/9l1Dq8skJ
➜ https://ku.bz/9l1Dq8skJ
This article explains how FQDN-Controller lets Kubernetes handle egress rules using domain names instead of fixed IPs
It shows how this makes DNS-based network policies simple, flexible, and automatic
➤ https://ku.bz/zy6XXtmd1
It shows how this makes DNS-based network policies simple, flexible, and automatic
➤ https://ku.bz/zy6XXtmd1
December 1, 2025 at 6:06 PM
This article explains how FQDN-Controller lets Kubernetes handle egress rules using domain names instead of fixed IPs
It shows how this makes DNS-based network policies simple, flexible, and automatic
➤ https://ku.bz/zy6XXtmd1
It shows how this makes DNS-based network policies simple, flexible, and automatic
➤ https://ku.bz/zy6XXtmd1
Reposted by Kubesploit
🗣️ Harsha Koushik explores the evolving landscape of cybersecurity attack surfaces
He explains the shift from traditional perimeter-focused defenses to more sophisticated attackers' methods, such as transient dependencies
Full episode: https://ku.bz/n_sJ04xMY
He explains the shift from traditional perimeter-focused defenses to more sophisticated attackers' methods, such as transient dependencies
Full episode: https://ku.bz/n_sJ04xMY
December 1, 2025 at 2:37 PM
🗣️ Harsha Koushik explores the evolving landscape of cybersecurity attack surfaces
He explains the shift from traditional perimeter-focused defenses to more sophisticated attackers' methods, such as transient dependencies
Full episode: https://ku.bz/n_sJ04xMY
He explains the shift from traditional perimeter-focused defenses to more sophisticated attackers' methods, such as transient dependencies
Full episode: https://ku.bz/n_sJ04xMY
Reposted by Kubesploit
Your container does not have GPU drivers installed
So, how does PyTorch inside it actually use the host's GPU?
Let me explain 🧵
So, how does PyTorch inside it actually use the host's GPU?
Let me explain 🧵
December 1, 2025 at 12:46 PM
Your container does not have GPU drivers installed
So, how does PyTorch inside it actually use the host's GPU?
Let me explain 🧵
So, how does PyTorch inside it actually use the host's GPU?
Let me explain 🧵
This tool automates the issuance and renewal of TLS certificates inside Kubernetes by introducing custom resources like `Certificate` and `Issuer`
➤ https://ku.bz/dcDQCrkPn
➤ https://ku.bz/dcDQCrkPn
November 30, 2025 at 6:06 PM
This tool automates the issuance and renewal of TLS certificates inside Kubernetes by introducing custom resources like `Certificate` and `Issuer`
➤ https://ku.bz/dcDQCrkPn
➤ https://ku.bz/dcDQCrkPn
This tutorial walks you through running kube-bench for CIS compliance on Kubernetes, how to scan clusters using Jobs or CronJobs and understand which configurations pass or fail
➤ https://ku.bz/ZjVpsVqNR
➤ https://ku.bz/ZjVpsVqNR
November 29, 2025 at 6:06 PM
This tutorial walks you through running kube-bench for CIS compliance on Kubernetes, how to scan clusters using Jobs or CronJobs and understand which configurations pass or fail
➤ https://ku.bz/ZjVpsVqNR
➤ https://ku.bz/ZjVpsVqNR
SOPS: Secrets OPerationS is an operator for managing Kubernetes Secret Resources created from user-defined SopsSecrets CRDs, inspired by Bitnami SealedSecrets and sops
➤ https://ku.bz/Hmfb28_s_
➤ https://ku.bz/Hmfb28_s_
November 28, 2025 at 6:06 PM
SOPS: Secrets OPerationS is an operator for managing Kubernetes Secret Resources created from user-defined SopsSecrets CRDs, inspired by Bitnami SealedSecrets and sops
➤ https://ku.bz/Hmfb28_s_
➤ https://ku.bz/Hmfb28_s_
Reposted by Kubesploit
🗣️ Alex Arnell shares three Kubernetes tools worth watching: OpenTelemetry Operator for auto-instrumentation, SPIFFE and Spire for identity management, and KEDA for scale-to-zero capabilities
Watch the full interview: https://ku.bz/Lsr8gltrH
Watch the full interview: https://ku.bz/Lsr8gltrH
November 28, 2025 at 4:08 PM
🗣️ Alex Arnell shares three Kubernetes tools worth watching: OpenTelemetry Operator for auto-instrumentation, SPIFFE and Spire for identity management, and KEDA for scale-to-zero capabilities
Watch the full interview: https://ku.bz/Lsr8gltrH
Watch the full interview: https://ku.bz/Lsr8gltrH
This article shows why setting `hostUsers: false` in PodSecurityPolicies or PodSecurity admission helps prevent pods from sharing host user IDs, reducing privilege risks
➤ https://ku.bz/Cy4YDVjJ4
➤ https://ku.bz/Cy4YDVjJ4
November 27, 2025 at 6:06 PM
This article shows why setting `hostUsers: false` in PodSecurityPolicies or PodSecurity admission helps prevent pods from sharing host user IDs, reducing privilege risks
➤ https://ku.bz/Cy4YDVjJ4
➤ https://ku.bz/Cy4YDVjJ4
Reposted by Kubesploit
Thorough testing is critical when implementing webhooks in Kubernetes, as explained by Gordon Myers
Watch: https://ku.bz/Dmn93dd7M
Watch: https://ku.bz/Dmn93dd7M
November 26, 2025 at 2:57 PM
Thorough testing is critical when implementing webhooks in Kubernetes, as explained by Gordon Myers
Watch: https://ku.bz/Dmn93dd7M
Watch: https://ku.bz/Dmn93dd7M
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🔥 CPU Limits: Scylla and Charybdis
🧭 Kubernetes v1.34 Restart Controls
🗂️ Kubernetes Cached Clients
💸 True Cost of a Workload
🪙 Cloud Cost Optimization
⭐️ Heroku
Read it now: https://kube.today/issues/159
🔥 CPU Limits: Scylla and Charybdis
🧭 Kubernetes v1.34 Restart Controls
🗂️ Kubernetes Cached Clients
💸 True Cost of a Workload
🪙 Cloud Cost Optimization
⭐️ Heroku
Read it now: https://kube.today/issues/159
November 26, 2025 at 11:31 AM
This week on the Learn Kubernetes Weekly:
🔥 CPU Limits: Scylla and Charybdis
🧭 Kubernetes v1.34 Restart Controls
🗂️ Kubernetes Cached Clients
💸 True Cost of a Workload
🪙 Cloud Cost Optimization
⭐️ Heroku
Read it now: https://kube.today/issues/159
🔥 CPU Limits: Scylla and Charybdis
🧭 Kubernetes v1.34 Restart Controls
🗂️ Kubernetes Cached Clients
💸 True Cost of a Workload
🪙 Cloud Cost Optimization
⭐️ Heroku
Read it now: https://kube.today/issues/159
Reposted by Kubesploit
🗣️ @fasterthanli.me walks through his production incident where adding a home computer as a Kubernetes node caused TLS certificate renewals to fail
https://ku.bz/6Ll_7slr9
🌟 LearnKube
🎙 🎙Bart
https://ku.bz/6Ll_7slr9
🌟 LearnKube
🎙 🎙Bart
November 25, 2025 at 12:28 PM
🗣️ @fasterthanli.me walks through his production incident where adding a home computer as a Kubernetes node caused TLS certificate renewals to fail
https://ku.bz/6Ll_7slr9
🌟 LearnKube
🎙 🎙Bart
https://ku.bz/6Ll_7slr9
🌟 LearnKube
🎙 🎙Bart
Reposted by Kubesploit
🗣️ Ratan Tipirneni announces Calico AI, a new AI-powered initiative designed to unlock the value of Tigera's existing Calico platform
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
November 24, 2025 at 7:17 PM
🗣️ Ratan Tipirneni announces Calico AI, a new AI-powered initiative designed to unlock the value of Tigera's existing Calico platform
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
Watch: https://ku.bz/fwFG0jZNk
Read: https://ku.bz/1nljhB1vQ
This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➤ https://ku.bz/5665x_NRr
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➤ https://ku.bz/5665x_NRr
November 24, 2025 at 6:06 PM
This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➤ https://ku.bz/5665x_NRr
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config
➤ https://ku.bz/5665x_NRr
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/4ZQR0-Nf9
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/4ZQR0-Nf9
November 23, 2025 at 6:06 PM
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/4ZQR0-Nf9
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository
➤ https://ku.bz/4ZQR0-Nf9
This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges
➤ https://ku.bz/DzzV1cR4z
➤ https://ku.bz/DzzV1cR4z
November 22, 2025 at 6:06 PM
This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges
➤ https://ku.bz/DzzV1cR4z
➤ https://ku.bz/DzzV1cR4z
The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using `SubjectAccessReview`
➤ https://ku.bz/pQqpkgLM7
➤ https://ku.bz/pQqpkgLM7
November 21, 2025 at 6:11 PM
The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using `SubjectAccessReview`
➤ https://ku.bz/pQqpkgLM7
➤ https://ku.bz/pQqpkgLM7
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication
➜ https://ku.bz/HsWb7TCYL
➜ https://ku.bz/HsWb7TCYL
November 21, 2025 at 6:06 PM
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication
➜ https://ku.bz/HsWb7TCYL
➜ https://ku.bz/HsWb7TCYL
Reposted by Kubesploit
🗣️ Alex Chircop, Chief Architect @ Akamai, discusses three emerging Kubernetes tools: KCP for scaling control planes, OpenTelemetry for observability challenges, and advanced access control systems like OpenFGA and Cedar
Watch the full interview: https://ku.bz/jHLJL8H6t
Watch the full interview: https://ku.bz/jHLJL8H6t
November 21, 2025 at 4:07 PM
🗣️ Alex Chircop, Chief Architect @ Akamai, discusses three emerging Kubernetes tools: KCP for scaling control planes, OpenTelemetry for observability challenges, and advanced access control systems like OpenFGA and Cedar
Watch the full interview: https://ku.bz/jHLJL8H6t
Watch the full interview: https://ku.bz/jHLJL8H6t
This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions
➤ https://ku.bz/PzHb6bP62
➤ https://ku.bz/PzHb6bP62
November 20, 2025 at 6:11 PM
This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions
➤ https://ku.bz/PzHb6bP62
➤ https://ku.bz/PzHb6bP62
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation
➜ https://ku.bz/qg3j1t67t
➜ https://ku.bz/qg3j1t67t
November 20, 2025 at 6:06 PM
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation
➜ https://ku.bz/qg3j1t67t
➜ https://ku.bz/qg3j1t67t
Reposted by Kubesploit
This week on the Learn Kubernetes Weekly:
🔥 Kubernetes Security Contexts
🚀 OpenShift Stateful Workloads on AKS
🧠 Linux Swap for Kubernetes
💻 Remote Dev with MCP Servers
🔍 LLMs on Google Cloud Run
⭐️ StormForge, LearnKube
Read it now: https://kube.today/issues/158
🔥 Kubernetes Security Contexts
🚀 OpenShift Stateful Workloads on AKS
🧠 Linux Swap for Kubernetes
💻 Remote Dev with MCP Servers
🔍 LLMs on Google Cloud Run
⭐️ StormForge, LearnKube
Read it now: https://kube.today/issues/158
November 19, 2025 at 11:36 AM
This week on the Learn Kubernetes Weekly:
🔥 Kubernetes Security Contexts
🚀 OpenShift Stateful Workloads on AKS
🧠 Linux Swap for Kubernetes
💻 Remote Dev with MCP Servers
🔍 LLMs on Google Cloud Run
⭐️ StormForge, LearnKube
Read it now: https://kube.today/issues/158
🔥 Kubernetes Security Contexts
🚀 OpenShift Stateful Workloads on AKS
🧠 Linux Swap for Kubernetes
💻 Remote Dev with MCP Servers
🔍 LLMs on Google Cloud Run
⭐️ StormForge, LearnKube
Read it now: https://kube.today/issues/158
This open-source platform lets you run a self-hosted zero-trust secure access solution supporting VPN-like WireGuard/QUIC, ZTNA, API/AI gateways, homelab access and Kubernetes ingress on your own infrastructure
➜ https://ku.bz/JWMdMH_J8
➜ https://ku.bz/JWMdMH_J8
November 18, 2025 at 6:06 PM
This open-source platform lets you run a self-hosted zero-trust secure access solution supporting VPN-like WireGuard/QUIC, ZTNA, API/AI gateways, homelab access and Kubernetes ingress on your own infrastructure
➜ https://ku.bz/JWMdMH_J8
➜ https://ku.bz/JWMdMH_J8
Reposted by Kubesploit
🗣️ Tanat shares the complete journey of replacing EKS Managed Node Groups and Cluster Autoscaler with AWS Karpenter
https://ku.bz/T6hDSWYhb
🌟 StormForge
🎙 🎙Bart
https://ku.bz/T6hDSWYhb
🌟 StormForge
🎙 🎙Bart
November 18, 2025 at 11:34 AM
🗣️ Tanat shares the complete journey of replacing EKS Managed Node Groups and Cluster Autoscaler with AWS Karpenter
https://ku.bz/T6hDSWYhb
🌟 StormForge
🎙 🎙Bart
https://ku.bz/T6hDSWYhb
🌟 StormForge
🎙 🎙Bart
cnquery is a command-line tool that lets you inspect and query your cloud, Kubernetes, and servers from one place
➤ https://ku.bz/Jml2KcQ-N
➤ https://ku.bz/Jml2KcQ-N
November 18, 2025 at 5:51 AM
cnquery is a command-line tool that lets you inspect and query your cloud, Kubernetes, and servers from one place
➤ https://ku.bz/Jml2KcQ-N
➤ https://ku.bz/Jml2KcQ-N