Buu Lam’s Post

See how Karpenter using spot instances can take the heavy lifting out of Kubernetes autoscaling. Brent Eager, CISSP shares how you can reduce the time to get nodes added to your EKS cluster with Karpenter and if there’s a notable difference when using spot vs on demand instances, along with other practical tips to design your applications for performance and cost optimization. 📺 https://lnkd.in/eH8vedKV

Fantastic collaboration with the biggest web3 baremetal provider, Latitude.sh. Using edge technologies (RKE2 k8s with Cilium) is exciting since we use them for reliability, performance, security and decentralisation. https://lnkd.in/dJ5PmEif

Just completed all the below steps and captured the flags from Wiz and joined the K8s LAN Party 😁 1. Gained Shell Access to the Kubernetes Pod 2. Utilizing the dnscan tool loaded on my machine, I performed DNS scanning to find hidden internal services. 3. After completing the DNS scanning process, I identified the internal services and successfully captured the flag :) #Capturetheflag #CTF #Cloudsecurity #kubernetes #CTF Link: https://lnkd.in/gs5igRsH

I've been getting into the world of K8s these days. Started with a lot of reading, and now setting up my own personal cluster! As part of my exploring, I want to share my findings, workflows and work arounds. Check out this post on a not-so-well-documented workflow I've implemented, using DNS01 validation for Non-Wildcard domains using LetsEncrypt and Cloudflare, on Kubernetes!

My MVP needed to support SSL, so thanks to Let's Encrypt and #Certbot, it's now automated as feature in my MVP. One click deployment should mean just that! 🚀 #buildinpublic

There is a path to better relationships between security 🤝 developer teams. Our very own Olaf Molenveld is joining a roundtable discussion during #CodeSecDays on improving security and developer relationships. He'll be joined by industry experts from Docker, Inc, Snyk, Chainguard, and RedMonk. You can tune into this convo right from the comfort of your desk (or couch 😉 🍿): https://circle.ci/3KTsXe1 #DevSecOps #SoftwareDevelopment #CICD

Shift left with ALL vital context ◀️◀️ Get function-level reachability and runtime context that provide REAL results and less noise. Get unmatched clarity on your application’s security from development to deployment. Watch this demo video to see how we do it ➡️ https://hubs.la/Q02WW1BY0 💣 Early detection with deep insights into code, containers, and memory. 👈 Combines shift-left tools like SAST and SCA security #vulnerabilitymanagement #threatintelligence

Most people miss out on K8s ingress capabilities! 5 things you can do with Envoy Gateway: 1. Route to non-K8s targets – For example to a VM 2. Rate Limiting – By path, user, API client, by IP… and more! 3. Enforce AuthZ – Check proof of authorization of requests 4. mTLS Enforcement – Enforcing mTLS between client and ingress 5. WAF Integration – Block malicious traffic by integrating WAF It is not just a way to route traffic to services on Kubernetes.  It can do so much more! 💡 What is missing from this list? Add your ideas to the list below! 👇

In this guide, we will show you how to use Let’s Encrypt to make your Kubernetes applications more secure. This means that any information sent to and from your applications will be protected, which is very important for keeping data safe.