Category: Cloud Native Security
-
My First KubeCon as a CNCF Ambassador: Atlanta 2025 Highlights
Read more: My First KubeCon as a CNCF Ambassador: Atlanta 2025 HighlightsThis year’s KubeCon in Atlanta brought together some of the most vibrant and forward-looking voices in the cloud-native ecosystem. Following an insightful and energetic Cloud Native Rejekts conference where the…
-
My Experience at Cloud Native Rejekts NA 2025
Read more: My Experience at Cloud Native Rejekts NA 2025After speaking last year at Cloud Native Rejekts Salt Lake City 2024 with Mathieu on “Platform Engineering Loves Security: Shift Down to Your Platform, not Left to Your Developers!”, I returned to Cloud Native…
-
Restricting Pod Access to Azure IMDS (Preview)
Read more: Restricting Pod Access to Azure IMDS (Preview)In the world of Kubernetes on Azure, there’s been a longstanding default: any pod in your AKS cluster can query the Azure Instance Metadata Service (IMDS). That’s powerful — but also…
-
Understanding Kubernetes API Server Concurrency Controls
Read more: Understanding Kubernetes API Server Concurrency ControlsKubernetes API performance depends heavily on how the API server manages concurrent requests. Two important parameters control how many simultaneous operations the control plane can process: –max-requests-inflight and –max-mutating-requests-inflight. These flags define how…
-
Kubernetes 1.34: What’s New in Security
Read more: Kubernetes 1.34: What’s New in SecurityReleased on August 27, 2025 under the theme “Of Wind & Will (O’ WaW)”, Kubernetes v1.34 brings a strong security focus, reinforcing zero-trust principles, secure defaults, and identity-aware operations across the platform. Projected ServiceAccount Tokens for…
-
User Namespaces in Kubernetes: Perspectives on Isolation and Escape
Read more: User Namespaces in Kubernetes: Perspectives on Isolation and EscapeUser Namespaces in Kubernetes are designed to improve pod isolation by mapping container users to non-root UIDs on the host. While they offer a promising sandboxing mechanism, their security implications…