Spotlight
Ogonna Nnamani
This tutorial walks you through setting up Google Cloud IAP for Kubernetes services, using CDKTF (TypeScript) to configure OAuth, BackendConfig, and service annotations so your internal tools are protected behind identity checks.
Vincent von Büren
This article describes a real-world incident in which a high-privilege Kubernetes service account token was accidentally logged in plaintext.
Luca Cavallin
This article explains how eBPF lets you run small, verified programs inside the Linux kernel to unlock powerful observability, security, and networking capabilities without custom kernel modules.
Mahendran
This article explains how to use Vault Agent Injector (a mutating webhook) to inject secrets into Kubernetes pods securely, without modifying application code.
Tools and utilities
PodCertificateSigner lets your Kubernetes cluster automatically issue TLS certificates for pods by handling PodCertificateRequest resources with a custom signer controller.
cert-manager-mcp-server provides cert-manager resource management through Model Context Protocol (MCP), letting AI assistants like Claude inspect certificates, issuers, and certificate requests directly in Kubernetes clusters.
Crowdsec is a security engine that detects malicious behavior from logs and community-shared intelligence, allowing you to block bad IPs and share threat data across your fleet.
This tool enables you to scan and enforce compliance across multi-cloud infrastructure with customizable YAML rules, alerts and integrations.
This code tool helps you gather logs, metrics and code changes, then uses AI-powered root-cause analysis to surface what broke in production and suggest immediate fixes.
Events starting soon
January 3, 2026
This is a virtual event
This event requires an entrance fee
January 3, 2026
Location: Rajkot, IN
This is a free event.
January 4, 2026
This is a virtual event
This is a free event.
January 7, 2026
This is a virtual event
This is a free event.
January 8, 2026
This is a virtual event
This is a free event.
January 10, 2026
This is a virtual event
This is a free event.
Learn from production
BioCatch Tech Blog
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes.
Dilshan Wijesooriya
This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions.
Narendrakumar NJ
Learn how UiPath replaced mutating webhooks with a Helm library solution, enabling flexible cross-service configuration management in Kubernetes without cluster-wide permissions.
angeloxx
This article dissects how Kyverno's policy generation, combined with Helm's namespace management, leads to race conditions, deletions, and re-creations that break deterministic behaviour, especially when synchronisation and background are enabled.
Matching jobs
DevSecOps Engineer with Built Technologies
Salary: $120K to $185K a year
Location: fully remote
Tech stack: Kubernetes, AWS, Python, Javascript, Typescript, Go, SQL, C++, C#, Snowflake
Machine Learning Engineer with Grafana Labs
Salary: CA$186.37K to CA$223.64K a year
Location: remote from Canada
Tech stack: Kubernetes, AWS, GCP, Azure, Docker, Python, Javascript, Typescript, Go, Rust
Platform Engineer with Geotab
Salary: $38.56K to $330K a year
Location: fully remote
Tech stack: Kubernetes, GCP, OpenShift, ArgoCD, Docker, Java, Python, Shell, Go, Terraform
Platform Engineer with National Information Solutions Cooperative (NISC)
Salary: $24.75K to $484K a year
Location: based in the office (and remote from home) in Cedar Rapids, IA; Lake Saint Louis, MO; Mandan, ND, USA
Tech stack: Kubernetes, AWS, Docker, SQL, Python, Java, Typescript, Cassandra, Spark, Terraform
Software Engineer with Forter
Salary: $67.5K to $660K a year
Location: based in the office (and remote from home) in NYC, NY, USA
Tech stack: Kubernetes, AWS, GCP, Azure, Docker, Python, Java, Kotlin, Rust, Go
Build something
Armel de Marsac
This article shows how to use the Kong OIDC plugin together with Keycloak to secure cluster services and HTTP routes at the API gateway level.
Isovalent
This tutorial walks you through enabling, running, and monitoring IPv6 networking on Kubernetes clusters using Cilium
Mohammed-Reda TARMIDI
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication.
Matt Brown
This tutorial walks you through running kube-bench for CIS compliance on Kubernetes, how to scan clusters using Jobs or CronJobs and understand which configurations pass or fail.
More articles
Muhammad Ateeb Aslam
This article explains how to remove permission checks from microservices and build a centralized authorization layer with Kong OSS and OpenFGA.
AmberWolf
This article explores why using Kubernetes namespaces alone is not a sufficient isolation or security boundary.
It shows common pitfalls and many attack paths that let a tenant escape isolation even if you only gave them access to a single namespace.
Shahar Azulay
This article explains how to enforce security and compliance by validating Kubernetes resource configs using Open Policy Agent (OPA) and Rego policies, with deployment tips for Gatekeeper and sidecars.
This article explains how to secure Kubernetes at the transport (Layer 4) level, covering best practices around service mesh mTLS, network segmentation, access control, and encryption of in-cluster traffic.
