Spotlight
Nigel Douglas
This article shows how to scan Helm charts for insecure RBAC, secret leaks, and malicious templates using tools like Trivy, GitHub Search, and OPA.
Thomas Kooi
This article explains the risks of using unmaintained Docker images and how to detect vulnerabilities with tools like Trivy, SBOM operator, and Dependency Track.
Renato Vassão
This case study shows how Mindbody used Kyverno policy-as-code to dynamically manage Istio ingress gateways across hundreds of applications without updating individual Helm charts.
Narish Samplay
This tutorial teaches how to deploy HashiCorp Vault Secrets Operator on Google Kubernetes Engine to synchronize Vault secrets into Kubernetes Secret resources automatically.
Tools and utilities
Guardon is a Kubernetes admission controller that enforces security and compliance policies in real-time before resources are created in your cluster.
Synapse is a high-performance reverse proxy and firewall built with Rust, using XDP-based packet filtering for ultra-low latency protection at kernel level.
kubectl-rexec is a kubectl plugin that provides full audit logging for kubectl exec sessions, addressing the security gap where standard exec commands leave no trace of what happens inside containers.
Kaniop is a Kubernetes operator written in Rust for managing Kanidm identity management clusters, providing declarative identity management through GitOps workflows.
Dockadvisor is a lightweight Dockerfile linter built in Go that validates your Dockerfiles with over 60 rules covering syntax, security, and best practices.
Events starting soon
February 16, 2026
This is a virtual event
This is a free event.
February 17, 2026
Location: Québec, CA and virtual
This is a free event.
February 17, 2026
Location: Durham, US
This is a free event.
February 18, 2026
This is a virtual event
This is a free event.
February 18, 2026
This is a virtual event
This is a free event.
February 19, 2026
Location: Montpellier, FR
This is a free event.
Learn from production
BioCatch Tech Blog
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes.
Dilshan Wijesooriya
This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions.
Narendrakumar NJ
Learn how UiPath replaced mutating webhooks with a Helm library solution, enabling flexible cross-service configuration management in Kubernetes without cluster-wide permissions.
angeloxx
This article dissects how Kyverno's policy generation, combined with Helm's namespace management, leads to race conditions, deletions, and re-creations that break deterministic behaviour, especially when synchronisation and background are enabled.
Matching jobs
DevOps Engineer with Relativity Space
Salary: $140K to $178K a year
Location: based in the office in Long Beach, CA, USA
Tech stack: Kubernetes, GCP, On-premise, Helm, Go, Python, Shell, SQL, Javascript, Java
DevSecOps Engineer with Raft Company Website
Salary: $140K to $165K a year
Location: based in the office in Colorado Springs, CO, USA
Tech stack: Kubernetes, AWS, Helm, Docker, Java, Python, Go, Terraform, Gitlab, Ansible
DevSecOps Engineer with Red Cell Partners
Salary: $175K to $215K a year
Location: fully remote
Tech stack: Kubernetes, AWS, Python, Go, Shell, DynamoDB, Terraform, Cloudformation, CDK, Pulumi
Engineering Manager with Robinhood
Salary: $180K to $270K a year
Location: based in the office in Bellevue, WA, USA
Tech stack: Kubernetes, AWS, Python, SQL, Go, Java, Javascript, Typescript, C#
Head Of Engineering with Relativity Space
Salary: $263K to $337K a year
Location: remote from
Tech stack: Kubernetes, AWS, GCP, Docker, SQL, Python, Javascript, Java, C++, C#
Build something
Berk YAVUZ
This tutorial teaches how to deploy KubeArmor runtime security on Huawei Cloud Container Engine (CCE) using BPF-LSM for dynamic kernel-level policy enforcement without static profiles or reboots.
Nitin Yadav
This tutorial teaches how to securely manage and dynamically update Kubernetes secrets using AWS Secrets Manager, External-Secrets Operator, and Config-Reloader.
Ogonna Nnamani
This tutorial walks you through setting up Google Cloud IAP for Kubernetes services, using CDKTF (TypeScript) to configure OAuth, BackendConfig, and service annotations so your internal tools are protected behind identity checks.
Mahendran
This article explains how to use Vault Agent Injector (a mutating webhook) to inject secrets into Kubernetes pods securely, without modifying application code.
More articles
Dmitry Protsenko
This article outlines 12 best practices for hardening a Kubernetes cluster, focusing on non-root containers, avoiding hostPath volumes, and configuring Security Contexts properly.
raesene
This article walks through how an attacker might gain and maintain access in a Kubernetes cluster, showing techniques like node shell access, hidden namespaces and CSR abuse.
Anthony Critelli
This article explains how Kubernetes user namespaces work for container isolation and covers the security benefits of mapping container root users to unprivileged host users, thereby reducing privilege escalation risks.
Vincent von Büren
This article describes a real-world incident in which a high-privilege Kubernetes service account token was accidentally logged in plaintext.
