KubeFM KubeFM

In this KubeFM episode, Hillai and Ronen, security researchers at Wiz, explore the intricacies of hacking Alibaba Cloud's Kubernetes cluster.
They share their experiences and insights on identifying and exploiting vulnerabilities, mainly focusing on misconfigurations and their impact on cloud security.
You will learn:
How Hillai and Ronen gained access to a Kubernetes cluster through a Postgres database.
How they moved laterally and managed to obtain push and pull rights to a private container registry.
Recommendations for securing multi-tenant Kubernetes clusters and maintaining environment hygiene.
More info
Find all the links and info for this episode here: https://kube.fm/hacking-alibaba-ronen-hillai
Interested in sponsoring an episode? Learn more.

In this KubeFM episode, Faris shares his experience managing CoreDNS and scaling Kubernetes clusters with 900 nodes and 15k pods.
He shares the challenges and solutions encountered during an incident, providing valuable insights into maintaining a robust Kubernetes environment.
You will learn:
The importance of scaling the Kubernetes control plane for large clusters.
Strategies for optimizing CoreDNS to ensure efficient DNS resolution and prevent incidents.
The pros and cons of using VictoriaMetrics versus Prometheus for monitoring and observability.
Tips for maintaining a calm and effective team dynamic during high-stress situations.
Sponsor
This episode is sponsored by Datadog — a single, unified platform for monitoring CoreDNS alongside the rest of your stack. Try it free for 14 days and get a free t-shirt
More info
Find all the links and info for this episode here: https://kube.fm/coredns-scaling-farris
Interested in sponsoring an episode? Learn more.

In this KubeFM episode, Mircea shares his journey of migrating a home lab to Kubernetes, specifically choosing Talos over other operating systems like Ubuntu, Flatcar, or Bottlerocket.
Mircea also discusses his decision-making process and experiences in setting up and optimizing his Kubernetes home lab.
You will learn:
What is Talos Linux and how it compares to other operating systems.
The challenges and considerations involved in migrating to Kubernetes, including selecting network plugins and GitOps.
Insights into managing and securing Kubernetes clusters, focusing on the advantages of immutable operating systems.
Sponsor
This episode is brought to you by Digital Ocean — enjoy a free $200 credit when you start using DigitalOcean Kubernetes
More info
Find all the links and info for this episode here: https://kube.fm/talos-mircea
Interested in sponsoring an episode? Learn more.

With a passion for security and a knack for troubleshooting, Jen discusses the critical role of network policies in Kubernetes security, the complexities involved in their implementation, and the balance between security and manageability.
She also covers the importance of Custom Resource Definitions and shares her perspective on emerging Kubernetes tools.
In this KubeFM episode, you will learn:
The importance of observability in troubleshooting network policies and how it aids in debugging complex issues.
The trade-offs between the complexity of network policies and the security benefits they provide.
The skills, thought process and humility behind troubleshooting technologies you are unfamiliar with.
Sponsor
This episode is brought to you by Otterize — automate workload IAM policies: zero-friction development, zero-trust security.
More info
Find all the links and info for this episode here: https://kube.fm/network-observability-jen
Interested in sponsoring an episode? Learn more.

In this KubeFM episode, Alexander Block delves into the intricacies of Kubernetes templating and deployment tools, sharing his journey from frustration with existing solutions to creating his tool, kluctl.
Alex also discusses the challenges and solutions in Kubernetes templating and deployment, emphasizing the need for more adaptable tools in the Kubernetes ecosystem.
You will learn:
The fundamental flaws of Helm and how they impact Kubernetes deployments and tools packaging.
How tools such as Kustomize, CUE, jsonnet are only a partial solution to templating.
Alternatives to Helm and the future of Kubernetes resource templating and distribution.
Sponsor
This episode is sponsored by Komodor — simplify cluster management and troubleshooting to unlock the full value of Kubernetes.
More info
Find all the links and info for this episode here: https://kube.fm/kluctl-templating-codablock
Interested in sponsoring an episode? Learn more.

With the rapid pace of the cloud-native ecosystem, staying current with Kubernetes updates and managing upgrades becomes a daunting task for many organizations.
In this KubeFM episode, Mat discusses the necessity of long-term support for Kubernetes and explores the intricacies of managing Kubernetes upgrades in a fast-evolving landscape.
You will learn:
The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles.
Strategies for managing Kubernetes upgrades, including insights into the release cycle and the potential pitfalls of the upgrading process.
The role of managed services and semi-automatic upgrades in simplifying Kubernetes maintenance for organizations, especially in cost optimization and resource constraints.
The implications of charging for support of older Kubernetes versions and the potential for a community-based approach to navigating the complexities of Kubernetes upgrades.
Sponsor
This episode is sponsored by Learnk8s — expert Kubernetes training for your team
More info
Find all the links and info for this episode here: https://kube.fm/kubernetes-lts-mat
Interested in sponsoring an episode? Learn more.