Spotlight
Josh Woolbright
This tutorial shows how to secure an ArgoCD based EKS GitOps workflow with External Secrets Operator, IRSA, and AWS SSM Parameter Store so secrets stay out of Git and sync safely into Kubernetes.
Gaurang Malvankar
This tutorial explains how to prevent, detect, and clean up leaked secrets in Git repositories using .env files, Kubernetes Secrets, Gitleaks, GitGuardian, and git-filter-repo.
Moeid Heidari
This tutorial teaches how to deploy Crossview on Kubernetes with Helm and secure it for enterprise use with session auth, SSO, proxy header auth, RBAC, TLS, and high-availability settings.
This tutorial explains how Amazon EKS Pod Identity session policies let teams restrict pod IAM permissions with inline policies.
Tools and utilities
Trupositive is a wrapper that automatically tags Terraform and CloudFormation resources with Git commit SHA, branch, and repository metadata for auditability and infrastructure traceability.
Warden is an open source runtime access gateway that lets AI agents, pods, pipelines, and services use identity-based policies to reach cloud APIs, databases, and storage without storing long-lived credentials.
This tool runs inside Kubernetes and automatically decrypts secrets encrypted with Mozilla SOPS, and then creates standard Kubernetes Secret objects from them.
Siclaw is an open source AI SRE platform for read-only infrastructure diagnostics, root cause analysis, team workflows, Kubernetes access, and MCP-based investigation without changing live systems directly.
PII-Shield is a sidecar that sanitizes logs before they leave the pod by detecting secrets and personal data, preserving JSON structure, and supporting Helm based deployment..
Events starting soon
May 18, 2026
Location: London, UK
This event requires an entrance fee
May 18, 2026
Location: Boston, MA, USA
This event requires an entrance fee
May 18, 2026
Location: San Francisco, CA, USA
This event requires an entrance fee
May 19, 2026
Location: Soltau, DE
This event requires an entrance fee
May 19, 2026
Location: Aarhus, DK
This is a free event.
May 19, 2026
This is a virtual event
This is a free event.
Learn from production
Matt Camp
This case study shows how Unitary built Osmia, an open-source orchestration layer on EKS to run autonomous AI coding agents safely at scale using pod isolation, Karpenter, IRSA-based secrets, and real-time trajectory scoring.
Fabián Sellés Rosa
This case study shows how upgrading to Kubernetes 1.34 caused KIAM pods to fail due to service account token expiration changes, revealing that legacy clients using long-lived tokens now expire after 24 hours instead of 90 days.
Renato Vassão
This case study shows how Mindbody used Kyverno policy-as-code to dynamically manage Istio ingress gateways across hundreds of applications without updating individual Helm charts.
BioCatch Tech Blog
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes.
Matching jobs
DevOps Engineer with Epic Kids Inc.
Salary: $90 to $484K a year
Location: remote from
Tech stack: Kubernetes, GCP, Helm, ArgoCD, Docker, Python, Airflow, Terraform, GitHub Actions, Jenkins
DevOps Engineer with Prime Intellect
Salary: $150K to $300K a year
Location: based in the office (and remote from home) in San Francisco, CA, USA
Tech stack: Kubernetes, GCP, Go, Python, Rust, Typescript, Terraform, Ansible, Grafana, Prometheus
DevOps Engineer with TMS LLC
Salary: $85 a day
Location: remote from
Tech stack: Kubernetes, Azure, Terraform, Azure DevOps
DevSecOps Engineer with CHAOS Industries
Salary: $140K to $220K a year
Location: based in the office in Hawthorne, CA, USA
Tech stack: Kubernetes, Azure, On-premise, Docker, C++, Go, Java, Python, Rust, Azure DevOps
DevSecOps Engineer with PactFi
Salary: $12.6K to $445.5K a year
Location: based in the office in New York, NY, USA
Tech stack: Kubernetes, AWS, Docker, Python, Redis, Pulumi, Terraform, Jenkins
Build something
Felix Hoang
This tutorial teaches how to eliminate static kubeconfig files by configuring HashiCorp Vault as an OIDC provider for authentication with dynamic, short-lived tokens.
Charles Sullivan
This tutorial teaches how to build a cert-manager external issuer that uses a YubiHSM 2 to sign TLS certificates via Go's crypto.Signer interface.
This tutorial teaches how to implement Kubernetes egress control using Squid proxy and NetworkPolicy for visibility and enforcement of outbound traffic without service mesh complexity.
Ravi Rajput
This tutorial teaches how to implement layered security in Kubernetes using Kyverno for admission control and KubeArmor for runtime protection to enforce guardrails.
More articles
Muhaned Yahya
This article introduces KubeUser, an open source Kubernetes operator that automates user certificate, RBAC, and kubeconfig creation from a declarative custom resource.
Fabián Sellés Rosa
This article explains how one team evaluated Crossplane and KRO to replace KIAM with EKS Pod Identities, balancing flexibility, maturity, and operational overhead after outages.
Radek Maciaszek
This article explains how PAI adds security hooks, memory, reusable skills, and verification steps on top of Claude Code to make AI-assisted Kubernetes work more safely and more under control.
This article explains how to secure production debugging in Kubernetes with least-privilege RBAC, controlled exec access, ephemeral containers, and short-lived just-in-time credentials for on-call teams.
