The article demonstrates how to disable anonymous Kubernetes API server authentication globally using a new AuthenticationConfiguration object while preserving health check endpoints. ➜

This tutorial shows how to configure External Secrets Operator in EKS, AKS, GKE, and self-managed clusters using OIDC-based identity federation. ➜

This guide shows how to detect Kubernetes runtime threats (e.g. sudo misuse, suspicious file access) using Falco + eBPF, forward logs with Fluent Bit, and route them to Parseable log streams like `falcowarn` or `falconotice`. ➤

Learn how Confidential Containers use Kata Agent Policies to control container execution in secure environments. This allows administrators to define granular rules restricting images, processes, and actions. ➤

RT @K8sFM: 🗣️ @SudermanJr, CTO at @fairwindsops, discusses three key areas in Kubernetes: mutating admission policy, dynamic resource alloc….

kpatch enables runtime kernel function patching by injecting precompiled replacement functions directly into the live kernel. It's built on the `CONFIG_LIVEPATCH` infrastructure and uses `ftrace` to reroute function calls at runtime. ➤

Secrets Webhook is a tool that enables direct secret injection into Kubernetes Pods through a mutating webhook. ➜

Gatekeeper's `k8sallowedrepos` can be bypassed if repo entries lack a trailing `/`. Attackers exploit prefix matching to pull images from fake subdomains like `. Aqua shows real examples, a fixed v2 policy, and Trivy detection. ➜

Distroless images improve security but lack shell/debug tools. This article shows two solutions: attach a temporary ephemeral container using kubectl debug, or define a persistent sidecar with a shared PID namespace. ➤

RT @K8sFM: 🗣️ @YakirKad and Assaf Morag from @AquaSecTeam highlight how even sectors known for their security, such as finance and insuranc….

RT @kubecareers:

kubectl-rexec enforces auditable pod shell access by blocking native kubectl exec via a ValidatingWebhook and routing sessions through a proxied APIService that logs all activity. ➤

k8s-aws-iam-controller automates trust policy management for IAM Roles used in IRSA setups. It watches annotated ServiceAccounts, validates via RoleUsagePolicy, and updates the role trust statements. ➜

RT @learnk8s: This week on the Learn Kubernetes Weekly:. 🍯 Securing Kubernetes with honeypots.💻 Autoscale with My MacBook Screen Lock.💣 Ing….

Learn how Beelzebub runs honeypots inside your Kubernetes cluster to detect lateral movement. It fakes real services, captures attacker commands like docker ps or ls, and logs them for analysis via Grafana or fluentd. ➜

Nova scans your cluster for installed Helm charts, cross-checks them with public repos and flags outdated or deprecated charts and container images. ➜

RT @K8sFM: 🗣️ @timsaprogrammer CEO and Co-founder at @kusaridev explains how GitOps and Flux improve security through automated workflows….

ZTM (Zero Trust Mesh) offers a secure, decentralized alternative to Kubernetes service exposure methods like LoadBalancer and Ingress. It uses encrypted tunnels and zero-trust principles to eliminate open ports and simplify cross-cluster/remote access. ➤

Kubewarden deploys as an admission controller, loading user-defined WebAssembly policies that inspect and validate API requests in real time. It enforces resource compliance before persistence, supporting custom logic and dynamic updates cluster-wide. ➤

Learn how to create a precise policy that tracks critical cluster events, secures sensitive data, and provides actionable security insights without overwhelming log volumes. ➤