Spotlight
Ivan Delić
This tutorial shows how to enable passwordless kubectl access to an Oracle Kubernetes Engine (OKE) cluster by using OCI Instance Principals, dynamic groups, scoped IAM policies, and the OCI CLI exec plugin.
Sijo M Thomas
This tutorial explains Kubernetes authentication (“who you are”) and authorization (“what you can do”) workflows.
It shows how to issue user certificates, create a CertificateSigningRequest, approve it, and bind RBAC roles.
NURUDEEN KAMILU
This article explains the governance differences between AWS Config and Kubernetes native policy engines and their complementary roles in cloud environments.
Kai Burjack
This article explains how to configure Istio to observe encrypted and unencrypted egress traffic in Kubernetes using TLS termination, origination, and certificate management.
Tools and utilities
argocd-vault-plugin is an Argo CD plugin that retrieves secrets from Secret Management tools and injects them into Kubernetes.
Blixt is an early-stage, sandbox-only Layer 4 load balancer project written in Rust.
KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure that applications adhere to best practices.
kps-zeroexposure is a helm chart that fixes unhealthy or missing control-plane metrics targets in kube-prometheus-stack by deploying a secure Prometheus Agent as a DaemonSet.
kubeseal-convert is a tool for importing secrets from pre-existing secrets management systems (e.g. Vault, Secrets Manager) into a SealedSecret.
Events starting soon
October 2, 2025
Location: Zürich, CH
This is a free event.
October 2, 2025
This is a virtual event
This is a free event.
October 2, 2025
Location: Freiburg, DE
This is a free event.
October 2, 2025
This is a virtual event
This is a free event.
October 2, 2025
Location: San Jose, CA, USA
This is a free event.
October 3, 2025
This is a virtual event
This is a free event.
Learn from production
Narendrakumar NJ
Learn how UiPath replaced mutating webhooks with a Helm library solution, enabling flexible cross-service configuration management in Kubernetes without cluster-wide permissions.
angeloxx
This article dissects how Kyverno's policy generation, combined with Helm's namespace management, leads to race conditions, deletions, and re-creations that break deterministic behaviour, especially when synchronisation and background are enabled.
Tanat Lokejaroenlarb
Adevinta's SRE team replaced OPA's Gatekeeper with Kyverno to mitigate memory spikes caused by data.inventory syncing in high-churn clusters.
Kyverno’s API-based dynamic context handling slashed Gatekeeper usage from 8GB to 2.7GB.
Kai Burjack
In this article, you'll learn how to improve observability and reduce costs for egress traffic in Kubernetes using Istio and caching, with a step-by-step guide on implementing Varnish Cache, TLS termination, and trust management.
Matching jobs
Data Engineer with Elicit
Salary: $185K to $305K a year
Location: remote from the United States
Tech stack: Kubernetes, Python, SQL, Javascript, Typescript, Spark, Airflow, Hadoop
Data Engineer with Southwest Career
Salary: $86.85K to $96.5K a year
Location: based in the office in Dallas, TX, USA
Tech stack: Kubernetes, AWS, On-premise, OpenShift, Shell, Python, SQL, Java, Cloudformation, Jenkins
DevOps Engineer with 1X Technologies AS
Salary: $124.1K to $139.93K a year
Location: based in the office in Palo Alto, CA, USA
Tech stack: Kubernetes, AWS, Azure, GCP, Docker, Shell, Python, Terraform, Cloudformation, CircleCI
DevOps Engineer with Barclays
Salary: $120K to $175K a year
Location: based in the office in Whippany, NJ, USA
Tech stack: Kubernetes, Docker, Go, Python
DevOps Engineer with Jasper
Salary: $170K to $200K a year
Location: remote from the United States
Tech stack: Kubernetes, GCP, Helm, ArgoCD, Go, Shell, Python, Typescript, Terraform, Jenkins
Build something
Poojan Mehta
This tutorial sets up Vault's database secrets engine in AKS to generate short-lived Postgres credentials on demand, using ExternalSecrets and VaultDynamicSecret to sync them into native Kubernetes Secrets.
Brian Sizemore
This tutorial shows how to restrict access to Kubernetes services without a VPN using oauth2-proxy with ingress-nginx.
Ajayi Ayodeji
This tutorial teaches how to manage Kubernetes secrets by syncing from external secret managers like AWS Secrets Manager using External Secrets Operator (ESO).
Ferris Hall
This tutorial teaches how to install and configure Falco on GKE for runtime security, test default rules, create alerts in Google Cloud Monitoring, and add custom rules.
More articles
Harsha Koushik
This article explains how to understand the limitations of Kubernetes' allowPrivilegeEscalation: false flag and its failure to prevent all privilege escalation methods.
Stefano Giannattasio
This article explains how to deploy a sidecar container to transform mounted secrets into structured JSON or .env files for applications.
It details watching mounted secrets in real-time and regenerating output on changes.
This article explains how Kubernetes v1.33 fixes a security flaw by requiring authorization checks for pods using cached private container images already present on a node.
Lars Lefebvre
This article explains how to use Transaction Tokens (TraTs) and the Tokenetes framework to securely propagate user identity and request context across microservices in Kubernetes.
