This article discusses setting up a Validating Admission Webhook in Kubernetes to ensure system resource validity.

It covers configuring the webhook, deploying to Kubernetes, and testing the setup using Nginx containers.

More: https://adil.medium.com/how-to-set-up-a-validating-admission-webhook-on-kubernetes-bd0733bfcb51

Master Kubernetes with Learnk8s' Advanced Kubernetes workshops!

What should you expect?

- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.

The next online courses start on Jul 25: https://kube.events/t/1ebfa298-b5c6-4e42-8399-e43e6834683c

We also run in-person courses and corporate training: https://learnk8s.io/corporate-training

This article discusses a critical vulnerability in all versions of Docker Buildkit <=v0.12.4 that can result in container escape to the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e. when using FROM).

More: https://dev.to/snyk/buildkit-mount-cache-race-build-time-race-condition-container-breakout-cve-2024-23651-7k0

kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication, also known as kubectl oidc-login.

More: https://github.com/int128/kubelogin

If you are an admin running a Kubernetes cluster on AWS, you already need to manage AWS IAM credentials to provision and update the cluster.

You avoid managing a separate credential for Kubernetes access by using AWS IAM Authenticator for Kubernetes.

More: https://github.com/kubernetes-sigs/aws-iam-authenticator

In this article, you will discuss Supply Chain attacks and how attackers can abuse insecure pipelines to have initial access or produce malware in a secure environment.

More: https://systemweakness.com/owasp-k8s-security-supply-chain-vulnerabilities-3b831fefbb0a

The Otterize intents operator is a tool used to easily automate the creation of network policies and Kafka ACLs in a Kubernetes cluster using a human-readable format via a custom resource.

More: https://github.com/otterize/intents-operator

Learn to secure Kubernetes deployments with Kyverno: enforce policies on image signatures using Cosign, and manage container lifecycles from creation to cluster deployment with authentication checks.

More: https://blog.devops.dev/dumb-little-things-you-can-to-secure-k8s-container-signing-with-kyverno-and-cosign-fc4630177617

This article introduces Gatekeeper and shows you how to use it to create and enforce policies and governance for your Kubernetes clusters.

More: https://itnext.io/how-to-apply-policies-in-kubernetes-using-open-policy-agent-opa-gatekeeper-2d9948d9516b