Welcome to a special security issue of kubelist. This week's issue is loaded with good security information for your control plane, your workloads, your applications, your mind, your body, and your soul. Most importantly, and very rare for our industry, is that there's zero fear mongering or scare tactics! So read up, learn, and feel good.
On the official Kuberenetes blog, Andrew Martin provides some great tips for securing your cluster. He details methods for both the control plane and workloads, with hard information and supporting links. The kubelist editors particularly appreciate the tips 7 and 10, which will help with current and future configurations.
The kubelist editors have no idea why this story features a hobbit hole illustration, but we love it.
Bit.ly gave the world three great things: A way to obscure your rickrolls, a great pufferfish, and OAuth2 Proxy. On his blog, Alen Komljen details how to setup OAuth2 Proxy with an NGINX ingress to add GitHub login to a Kibana instance. This is a great setup for quickly adding some level of authentication to utility applications.
On the Google Cloud Platform Blog Anil Dhawan introduces the newly rebranded Google Cloud Platform Marketplace (formerly Cloud Launcher), and its new Kuberenetes Apps feature. Details on implementation are light, but these appear to be coming from Google's click-to-deploy repo, and using the SIG apps Application CRD, at least in part.
On the Container Solutions blog, Jason Smith provides a tutorial introduction to mutating admission webhooks. Mutating admission webhooks and their siblings, validating admission webhooks, are the next ingredent to stock in your Kubernetes extensibility pantry after you've mastered baking with custom resource definitions. Don't forget to check out the site's background; it's like you're reading the Death Star plans!
Two out of three ain't bad for YAML!