Spotlight
Fabián Sellés Rosa
This case study shows how upgrading to Kubernetes 1.34 caused KIAM pods to fail due to service account token expiration changes, revealing that legacy clients using long-lived tokens now expire after 24 hours instead of 90 days.
Rodrigo Caldas
This article shows how to use tofu-controller to manage Terraform resources with GitOps for external systems like Grafana dashboards and HashiCorp Vault policies with continuous reconciliation and automatic drift detection.
Sudhi
This article solves automated certificate distribution for EAP-TLS WiFi authentication using nginx-proxy on Kubernetes with step-ca, avoiding traditional MDM by hosting mobileconfig files at an HTTPS endpoint with mTLS authentication.
Deepanshu khanna
This article demonstrates how to exploit Kubernetes PKI and kubelet credentials after gaining node access to escalate from pod compromise to full cluster control.
Tools and utilities
AgentDiscover Scanner detects autonomous AI agents and Shadow AI in codebases using static analysis for Python and JavaScript, network monitoring for active LLM traffic, and Kubernetes runtime detection via Cilium Tetragon eBPF.
Linnix is an eBPF + PSI-powered Kubernetes observability agent written in Rust that identifies which pod is actually stalling your services, not just consuming CPU.
cek is a command-line tool for exploring OCI container image filesystems, reading file contents, and inspecting layer mechanics without running containers by connecting to container daemons or pulling from registries.
pwru is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities.
Chainloop is an evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports, with contract-based workflows, Rego policy evaluation, and third-party integrations such as Dependency-Track and Guac.
Events starting soon
April 2, 2026
Location: Cluj-Napoca, RO
This is a free event.
April 2, 2026
Location: London, GB
This is a free event.
April 3, 2026
This is a virtual event
This is a free event.
April 4, 2026
Location: Bengaluru, IN
This is a free event.
April 4, 2026
Location: Ibadan, NG
This is a free event.
April 4, 2026
This is a virtual event
This event requires an entrance fee
Learn from production
Renato Vassão
This case study shows how Mindbody used Kyverno policy-as-code to dynamically manage Istio ingress gateways across hundreds of applications without updating individual Helm charts.
BioCatch Tech Blog
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes.
Dilshan Wijesooriya
This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions.
Narendrakumar NJ
Learn how UiPath replaced mutating webhooks with a Helm library solution, enabling flexible cross-service configuration management in Kubernetes without cluster-wide permissions.
Matching jobs
Data Engineer with Astranis
Salary: $29 a year
Location: based in the office in San Francisco, CA, USA
Tech stack: Kubernetes, Python, SQL
Data Engineer with Coface
Salary: $64.8K to $2.48L a year
Location: based in the office in Mumbai, IN
Tech stack: Kubernetes, Docker, SQL, Python
DevOps Engineer with AssureSoft
Salary: $90K to $198K a year
Location: remote from
Tech stack: Kubernetes, AWS, GCP, ArgoCD, Terraform
DevOps Engineer with Avride
Salary: $54K to $325.49K a year
Location: based in the office in Austin, TX, USA
Tech stack: Kubernetes, AWS, Docker, C++, Python, GitHub Actions
DevOps Engineer with Candidly
Salary: $70.74K to $539K a year
Location: remote from
Tech stack: Kubernetes, AWS, Azure, On-premise, Docker, Python, SQL, MySQL, Cloudformation, CDK
Build something
Ravi Rajput
This tutorial teaches how to implement layered security in Kubernetes using Kyverno for admission control and KubeArmor for runtime protection to enforce guardrails.
Narish Samplay
This tutorial teaches how to deploy HashiCorp Vault Secrets Operator on Google Kubernetes Engine to synchronize Vault secrets into Kubernetes Secret resources automatically.
Berk YAVUZ
This tutorial teaches how to deploy KubeArmor runtime security on Huawei Cloud Container Engine (CCE) using BPF-LSM for dynamic kernel-level policy enforcement without static profiles or reboots.
Nitin Yadav
This tutorial teaches how to securely manage and dynamically update Kubernetes secrets using AWS Secrets Manager, External-Secrets Operator, and Config-Reloader.
More articles
Jonathan Merlevede
This article explains how EKS authentication tokens work by pre-signing AWS STS GetCallerIdentity calls, and how you can use this technique to implement IAM-based authentication in your own services.
Nigel Douglas
This article shows how to scan Helm charts for insecure RBAC, secret leaks, and malicious templates using tools like Trivy, GitHub Search, and OPA.
Thomas Kooi
This article explains the risks of using unmaintained Docker images and how to detect vulnerabilities with tools like Trivy, SBOM operator, and Dependency Track.
SOC Inspiration
This article explains a critical security issue where AWS CSI drivers gave DaemonSet service accounts the ability to patch nodes, completely breaking node isolation in multi-tenant clusters.
