Spotlight
Dave Altena
This article explains how a Security Context in Kubernetes works.
BioCatch Tech Blog
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes.
Ægir Máni Hauksson
This article explains how FQDN-Controller lets Kubernetes handle egress rules using domain names instead of fixed IPs.
It shows how this makes DNS-based network policies simple, flexible, and automatic.
Matt Brown
This tutorial walks you through running kube-bench for CIS compliance on Kubernetes, how to scan clusters using Jobs or CronJobs and understand which configurations pass or fail.
Tools and utilities
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews.
This open-source tool lets you analyze connectivity, inspect applied NetworkPolicies, and generate policy YAMLs, all with an interactive fuzzy-finder UI and JSON/table outputs.
This tool automates the issuance and renewal of TLS certificates inside Kubernetes by introducing custom resources like Certificate and Issuer.
SOPS: Secrets OPerationS is an operator for managing Kubernetes Secret Resources created from user-defined SopsSecrets CRDs, inspired by Bitnami SealedSecrets and sops.
This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe.
Events starting soon
November 17, 2025
Location: Malmö, SE
This is a free event.
November 17, 2025
This is a virtual event
This is a free event.
November 17, 2025
This is a virtual event
This is a free event.
November 17, 2025
This is a virtual event
This event requires an entrance fee
November 18, 2025
This is a virtual event
This event requires an entrance fee
November 18, 2025
This is a virtual event
This event requires an entrance fee
Learn from production
Dilshan Wijesooriya
This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions.
Narendrakumar NJ
Learn how UiPath replaced mutating webhooks with a Helm library solution, enabling flexible cross-service configuration management in Kubernetes without cluster-wide permissions.
angeloxx
This article dissects how Kyverno's policy generation, combined with Helm's namespace management, leads to race conditions, deletions, and re-creations that break deterministic behaviour, especially when synchronisation and background are enabled.
Tanat Lokejaroenlarb
Adevinta's SRE team replaced OPA's Gatekeeper with Kyverno to mitigate memory spikes caused by data.inventory syncing in high-churn clusters.
Kyverno’s API-based dynamic context handling slashed Gatekeeper usage from 8GB to 2.7GB.
Matching jobs
Data Engineer with NBC Universal
Salary: $100K to $130K a year
Location: based in the office (and remote from home) in New York, NY, USA
Tech stack: Kubernetes, AWS, GCP, Docker, SQL, Java, C++, Flink, Spark, Airflow
DevOps Engineer with Booz Allen
Salary: $86.9K to $198K a year
Location: based in the office in Annapolis Junction, MD, USA
Tech stack: Kubernetes, Azure, Terraform, Cloudformation
DevOps Engineer with Commerce
Salary: $99K to $172K a year
Location: remote from the United States of America
Tech stack: Kubernetes, AWS, Docker, Shell, Python, Scala, PHP, Ruby, Terraform, Ansible
DevOps Engineer with Manulife
Salary: $110.53K to $205.27K a year
Location: based in the office (and remote from home) in Toronto, ON, CA
Tech stack: Kubernetes, Docker, Javascript, Java, Typescript, Terraform, Cloudformation, Jenkins, GitHub Actions
DevOps Engineer with Shopmonkey
Salary: $165K to $185K a year
Location: based in the office (and remote from home) in Morgan Hill, CA, USA
Tech stack: Kubernetes, AWS, GCP, ArgoCD, Go, Shell, Typescript, Terraform, GitHub Actions, Gitlab
Build something
Ivan Delić
This tutorial shows how to enable passwordless kubectl access to an Oracle Kubernetes Engine (OKE) cluster by using OCI Instance Principals, dynamic groups, scoped IAM policies, and the OCI CLI exec plugin.
Sijo M Thomas
This tutorial explains Kubernetes authentication (“who you are”) and authorization (“what you can do”) workflows.
It shows how to issue user certificates, create a CertificateSigningRequest, approve it, and bind RBAC roles.
Poojan Mehta
This tutorial sets up Vault's database secrets engine in AKS to generate short-lived Postgres credentials on demand, using ExternalSecrets and VaultDynamicSecret to sync them into native Kubernetes Secrets.
Brian Sizemore
This tutorial shows how to restrict access to Kubernetes services without a VPN using oauth2-proxy with ingress-nginx.
More articles
This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges.
Jeffrey Taylor
This article shows how to build enterprise-level secret management in an MLOps setup using tools like Sealed Secrets, Git encryption, and clear team boundaries for secure, scalable credential handling.
NURUDEEN KAMILU
This article explains the governance differences between AWS Config and Kubernetes native policy engines and their complementary roles in cloud environments.
Kai Burjack
This article explains how to configure Istio to observe encrypted and unencrypted egress traffic in Kubernetes using TLS termination, origination, and certificate management.
