https://kube.careers/image-gen/digest?companies=Anthropic&companies=Tailscale&companies=Accenture+Federal+Services¤cy=USD&salaryFrom=180000&salaryTo=48500000&subtitle=Selected+by+the+Kube+Careers+team&title=6+Kubernetes+security+jobs
https://allthingsopen.org/wp-content/uploads/2025/06/helm-my-sample-chart-1024x573.png
This article shows how to scan Helm charts for insecure RBAC, secret leaks, and malicious templates using tools like Trivy, GitHub Search, and OPA
➤ https://ku.bz/k4MpGVLyZ
https://assets.learnk8s.io/linkedin-174.png
This week on the Learn Kubernetes Weekly:
🤖 75% Faster Debugging with AI
🔥 60% Less Pods, Doubled Traffic Capacity
📈 Scaling Django to 1M Users
⚠️ Kubernetes Bad Practices
🥷 PKI Credential Abuse
⭐️ LearnKube
Read it now: https://kube.today/issues/174
https://github.com/sajal-n/guardon/raw/main/assets/guardon-architecture.png
Guardon is a Kubernetes admission controller that enforces security and compliance policies in real-time before resources are created in your cluster
➤ https://ku.bz/d4hT8s9Sw
https://miro.medium.com/v2/1*cWzNFENJ0zUHf15yRJJ-1A.png
This article shows how to use tofu-controller to manage Terraform resources with GitOps for external systems like Grafana dashboards and HashiCorp Vault policies with continuous reconciliation and automatic drift detection
➜ https://ku.bz/B3y_Zflr7
🗣️ Fernando from SadServers on how he cut his Kubernetes bill from $1,000/month on GKE to $30/month on Hetzner with Edka — a 500% cost reduction for the same capacity
https://ku.bz/6nSDbz9m4
🌟 LearnKube
🎙 🎙Bart
https://miro.medium.com/v2/1*IG_Vh6FgW1jnOA1W2PKhNg.png
This article explains the risks of using unmaintained Docker images and how to detect vulnerabilities with tools like Trivy, SBOM operator, and Dependency Track
➤ https://ku.bz/WJ75qXRbV
Linnix is an eBPF + PSI-powered Kubernetes observability agent written in Rust that identifies which pod is actually stalling your services, not just consuming CPU
➜ https://ku.bz/x-VQLHwSW
"Zero trust flips the script: only allow the traffic you explicitly want, deny everything else."
Abhishek Rao on implementing zero trust in Kubernetes
📺: https://ku.bz/_q9XBgY2c
Synapse is a high-performance reverse proxy and firewall built with Rust, using XDP-based packet filtering for ultra-low latency protection at kernel level
➤ https://ku.bz/w2PFxxfN8
https://miro.medium.com/v2/1*OgGyyH1XLTMn9gI-4O5aYA.png
This article solves automated certificate distribution for EAP-TLS WiFi authentication using nginx-proxy on Kubernetes with step-ca, avoiding traditional MDM by hosting mobileconfig files at an HTTPS endpoint with mTLS authentication
➜ https://ku.bz/spclMhjDz
"We are very excited to announce the launch of Hadron Linux — a Linux distribution engineered from scratch by the Kairos team."
Ettore Di Giacinto on the new minimal OS for edge Kubernetes
📺: https://ku.bz/wMhKpZ5bQ
📣: https://ku.bz/_9RmXnjDJ
This case study shows how Mindbody used Kyverno policy-as-code to dynamically manage Istio ingress gateways across hundreds of applications without updating individual Helm charts
➤ https://ku.bz/F6-Xr10Yv
cek is a command-line tool for exploring OCI container image filesystems, reading file contents, and inspecting layer mechanics without running containers by connecting to container daemons or pulling from registries
➜ https://ku.bz/VWLLdYCbb
🗣️ Nicholaos Mouzourakis breaks down common deployment patterns for Open Policy Agent (OPA) in Kubernetes environments, comparing pods, replica sets, daemon sets, sidecars, and WASM modules
Watch: https://ku.bz/S-2vQ_j-4
https://kube.careers/image-gen/digest?companies=Anthropic&companies=Tailscale&companies=Accenture+Federal+Services¤cy=USD&salaryFrom=180000&salaryTo=48500000&subtitle=Selected+by+the+Kube+Careers+team&title=6+Kubernetes+security+jobs
kubectl-rexec is a kubectl plugin that provides full audit logging for kubectl exec sessions, addressing the security gap where standard exec commands leave no trace of what happens inside containers
➤ https://ku.bz/yRQZ9Jrml
https://miro.medium.com/v2/1*8TDt4rqtDbttn_cgyTI5OA.png
This article demonstrates how to exploit Kubernetes PKI and kubelet credentials after gaining node access to escalate from pod compromise to full cluster control
➜ https://ku.bz/NxVxjKtt0
pwru is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities
It allows fine-grained introspection of kernel state to facilitate debugging network connectivity issues
➜ https://ku.bz/Q3X1ngZGC
https://assets.learnk8s.io/linkedin-173.png
This week on the Learn Kubernetes Weekly:
🔥 Egress with Squid Proxy
💪 OS Migration Reduced Infra 30%
⚡ Auto & Load-based Scaling
🎯 Smart Scheduling: Cost Optimization
🤖 Claude Code Pilots K8s
⭐️ Hadron
Read it now: https://kube.today/issues/173
https://miro.medium.com/v2/1*IByftEWWfDpRv1zAO1myJA.png
This tutorial teaches how to deploy HashiCorp Vault Secrets Operator on Google Kubernetes Engine to synchronize Vault secrets into Kubernetes Secret resources automatically
➤ https://ku.bz/QnvFmQp8h
https://github.com/chainloop-dev/chainloop/raw/main/docs/img/overview-1.png
Chainloop is an evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports, with contract-based workflows, Rego policy evaluation, and third-party integrations such as Dependency-Track and Guac
➜ https://ku.bz/_wQslV4bc
https://res.cloudinary.com/learnk8s/image/upload/v1772544380/gpu-sharing-problems-2026/slide-1.png
You want to share GPUs: one team runs inference, another trains models, and both need the same expensive cards.
The problem is that GPUs don't behave like CPU and RAM under contention.
(I will cover this on Thursday: ku.bz/multitenant26 )
🧵
"We assumed that implicit budget happens in Karpenter. It's not the case."
Adhi Sutandi on Karpenter's default 10% disruption budget catching his team off guard
📺: https://ku.bz/XyVfsSQPr
https://miro.medium.com/v2/1*yWRFXVn8EpPq4JT6PG6JeA.png
This article explains a critical security issue where AWS CSI drivers gave DaemonSet service accounts the ability to patch nodes, completely breaking node isolation in multi-tenant clusters
➤ https://ku.bz/xGP7ymMvW
Kaniop is a Kubernetes operator written in Rust for managing Kanidm identity management clusters, providing declarative identity management through GitOps workflows
➤ https://ku.bz/D1JBBy0B3
https://interlaye.red/images/squid-egress-mermaid.png
This tutorial teaches how to implement Kubernetes egress control using Squid proxy and NetworkPolicy for visibility and enforcement of outbound traffic without service mesh complexity
➜ https://ku.bz/XyLs9nnzh
"The supply chain has become the sharp end of the wedge."
Andrew Martin on why CISOs are prioritizing SBOMs, Cosign signatures, and continuous runtime validation in Kubernetes
📺: https://ku.bz/wyMlWGTqf
https://res.cloudinary.com/learnk8s/image/upload/v1772004192/kubex-book-2026/slide-1.png
Gulcan and I wrote a free book on right-sizing GPUs in Kubernetes.
Here's the short version (thread)
https://res.cloudinary.com/learnk8s/image/upload/v1772003454/kubex-book-2026/gpu-right-sizing.png
How much of your GPU spend is actually producing work?
We published a free book on right-sizing GPUs in Kubernetes, covering metrics to architecture decisions across 4 chapters.
ku.bz/KL4jRvsL4
