https://www.msbiro.net/tags/kubernetes/ Recent content in Kubernetes on Cloud Native & Open Source: A Team Lead’s Working Journal https://www.msbiro.net/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E https://www.msbiro.net/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E Hugo -- 0.163.1 en-us Fri, 22 May 2026 06:29:04 +0100 https://www.msbiro.net/posts/cloud-native-days-italy-2026-recap/ Fri, 22 May 2026 06:29:04 +0100 https://www.msbiro.net/posts/cloud-native-days-italy-2026-recap/ Cloud Native Days Italy 2026 wrapped up in Bologna. A personal recap from one of the organizers: speakers, MCs, sponsors, and a community worth celebrating. https://www.msbiro.net/posts/sentinelone-purple-mcp-singularity/ Mon, 11 May 2026 00:00:00 +0000 https://www.msbiro.net/posts/sentinelone-purple-mcp-singularity/ Hands-on review of SentinelOne's purple-mcp: how to connect Singularity alerts, vulnerabilities, and threat hunting to Claude Code for faster SOC triage. https://www.msbiro.net/posts/cve-2026-31431-copy-fail-linux-kernel-privilege-escalation/ Fri, 01 May 2026 09:00:00 +0100 https://www.msbiro.net/posts/cve-2026-31431-copy-fail-linux-kernel-privilege-escalation/ CVE-2026-31431 Copy Fail is a local privilege escalation in the Linux kernel exploitable with a 732-byte Python script. This post covers what it is, how to fix it, what to do when patching isn't immediate, and why runtime detection is the control that actually matters. https://www.msbiro.net/posts/ubuntu-2604-lts-security-container-workloads/ Thu, 30 Apr 2026 07:00:00 +0100 https://www.msbiro.net/posts/ubuntu-2604-lts-security-container-workloads/ Ubuntu 26.04 LTS 'Resolute Raccoon' just shipped. For teams running RHEL or Ubuntu on servers, this post breaks down what actually changed in security and container/Kubernetes workloads compared to 24.04 LTS, and whether it justifies starting the golden master rebuild now. https://www.msbiro.net/posts/kubernetes-1-36-security-release/ Tue, 21 Apr 2026 12:35:00 +0000 https://www.msbiro.net/posts/kubernetes-1-36-security-release/ Kubernetes 1.36 releases tomorrow with a significant security focus: user namespace isolation and SELinux volume labeling reaching GA, the end of Ingress NGINX, and a set of long-overdue removals that tighten the security posture of every cluster. https://www.msbiro.net/posts/linux-70-what-platform-security-leaders-should-know/ Thu, 16 Apr 2026 10:11:00 +0000 https://www.msbiro.net/posts/linux-70-what-platform-security-leaders-should-know/ Linux 7.0 is not a single-headline release, but it closes several real security gaps that cloud-native platforms have been working around for years. Here is what platform and security leaders should understand, plan for, and ask their teams. https://www.msbiro.net/posts/kubecon-eu-2026-amsterdam-recap/ Mon, 30 Mar 2026 14:00:00 +0000 https://www.msbiro.net/posts/kubecon-eu-2026-amsterdam-recap/ KubeCon EU 2026 Amsterdam is behind us. My fourth in a row, and the first as a Cloud Native Days Italy organizer. Here's a quick personal recap: the connections, the community, and a few words about where to find the technical content. https://www.msbiro.net/posts/trivy-supply-chain-attack/ Sat, 21 Mar 2026 07:32:37 +0000 https://www.msbiro.net/posts/trivy-supply-chain-attack/ A comprehensive analysis of the March 2026 Trivy supply chain incident: from malicious GitHub Actions to the self-propagating CanisterWorm. https://www.msbiro.net/posts/august-2026-countdown-k8s-ai-compliance/ Mon, 16 Mar 2026 04:00:00 +0000 https://www.msbiro.net/posts/august-2026-countdown-k8s-ai-compliance/ With the EU AI Act's full enforcement approaching in August 2026, it's time to shift from manual compliance to automated, platform-level governance in Kubernetes. This post outlines the technical requirements and DevSecOps strategies for ensuring your AI workloads are ready. https://www.msbiro.net/posts/datadog-state-of-devsecops-2026-report/ Fri, 06 Mar 2026 09:00:00 +0000 https://www.msbiro.net/posts/datadog-state-of-devsecops-2026-report/ Exploring the critical findings of the Datadog State of DevSecOps 2026 report, focusing on exploitable vulnerabilities, unmaintained libraries, and CI/CD security risks. https://www.msbiro.net/posts/kubecon-eu-2026-amsterdam-preview/ Wed, 04 Mar 2026 10:00:00 +0000 https://www.msbiro.net/posts/kubecon-eu-2026-amsterdam-preview/ March is here, and all roads lead to the RAI Amsterdam! As we count down to KubeCon EU 2026, I’m preparing for a whirlwind of networking, booth management with ReeVo, and hunting for the latest in supply chain security. https://www.msbiro.net/posts/back-to-basics-containers-linux-processes/ Fri, 20 Feb 2026 06:31:29 +0000 https://www.msbiro.net/posts/back-to-basics-containers-linux-processes/ Containers are Linux processes with namespaces and cgroups, nothing more. This article breaks down what Kubernetes securityContext, resource limits, and container escapes actually do at the kernel level, and shows you how to debug containers using standard Unix tools like nsenter and /proc. https://www.msbiro.net/posts/evaluating-oss-security-fresh-editor-s2c2f/ Sat, 27 Dec 2025 16:37:11 +0000 https://www.msbiro.net/posts/evaluating-oss-security-fresh-editor-s2c2f/ Holiday hacking from the couch: evaluating Fresh editor's security using OpenSSF Scorecard, Semgrep, and cargo audit. A practical guide to applying the S2C2F framework for secure OSS adoption without killing developer productivity. Learn how to vet unknown open-source tools in an afternoon before bringing them to corporate environments. https://www.msbiro.net/posts/k8s-security-2025-graduates-2026-preview/ Mon, 08 Dec 2025 10:05:05 +0000 https://www.msbiro.net/posts/k8s-security-2025-graduates-2026-preview/ Recap of Kubernetes security features that reached stable in 2025 + predictions for 2026 graduates. DevSecOps guide to production hardening. https://www.msbiro.net/posts/the-case-for-hardened-container-image-catalogs/ Sat, 29 Nov 2025 10:00:00 +0000 https://www.msbiro.net/posts/the-case-for-hardened-container-image-catalogs/ Why traditional vulnerability scanning isn't enough and how a hardened image catalog is essential for modern enterprise security and regulatory compliance. https://www.msbiro.net/posts/runc-container-breakout-vulnerabilities-2025/ Fri, 07 Nov 2025 06:45:00 +0000 https://www.msbiro.net/posts/runc-container-breakout-vulnerabilities-2025/ A summary of the recently disclosed runc container breakout vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881) and the recommended actions. https://www.msbiro.net/posts/external-secrets-operator-releases-resume/ Sun, 14 Sep 2025 22:51:03 +0000 https://www.msbiro.net/posts/external-secrets-operator-releases-resume/ External Secrets Operator resumes releases on September 22 with clearer governance and a new contribution ladder—see what changed and how to get involved https://www.msbiro.net/posts/external-secrets-operator-team-needs-help/ Fri, 15 Aug 2025 02:30:03 +0000 https://www.msbiro.net/posts/external-secrets-operator-team-needs-help/ The External Secrets Operator project faces challenges with long-term maintenance and needs new contributors. Learn about the situation, its impact on the Kubernetes community, and how you can help support this essential open-source security tool. https://www.msbiro.net/posts/kubernetes-133-user-namespace-isolation-security-matters/ Fri, 16 May 2025 09:30:03 +0000 https://www.msbiro.net/posts/kubernetes-133-user-namespace-isolation-security-matters/ Kubernetes 1.33 enables user namespace isolation by default for pods, greatly enhancing security by mapping container root users to unprivileged host UIDs. This post explores the feature’s security benefits including process isolation and lateral movement prevention, infrastructure requirements like Linux kernel 6.3 and compatible container runtimes, and how to enable user namespaces in your pod specifications. Learn why this advancement is crucial for securing Kubernetes workloads in modern environments. https://www.msbiro.net/posts/kubecon-2025-london/ Fri, 21 Feb 2025 09:30:03 +0000 https://www.msbiro.net/posts/kubecon-2025-london/ Heading to KubeCon EU 2025 in London for the third year in a row—this time representing ReeVo as a proud sponsor! I’ll be managing our booth, connecting with cloud-native professionals, partners, and contributors from across the globe. Join me in celebrating the power of community, collaboration, and innovation in the Kubernetes ecosystem—see you in London! https://www.msbiro.net/posts/confirmed-as-kubeweekly-editor-2025-giving-back-to-cloud-native-community-2025/ Thu, 09 Jan 2025 08:30:03 +0000 https://www.msbiro.net/posts/confirmed-as-kubeweekly-editor-2025-giving-back-to-cloud-native-community-2025/ Confirmed as KubeWeekly editor for 2025, continuing a community-driven role that curates the latest news and insights across Kubernetes and the cloud-native ecosystem. Learn what goes into KubeWeekly editorial, why this newsletter matters to the CNCF community, and how to get involved as a contributor or reader. https://www.msbiro.net/posts/kcd-italy-return-2025-as-cloud-native-days/ Thu, 05 Dec 2024 18:33:03 +0000 https://www.msbiro.net/posts/kcd-italy-return-2025-as-cloud-native-days/ KCD Italy is coming back in June 2025 in Bologna, rebranded as Cloud Native Days Italy. While the name is changing, the event will continue its tradition of high-quality sessions and community engagement, bringing together developers, architects, and cloud-native enthusiasts from across Italy and beyond. https://www.msbiro.net/posts/kubecon-eu-2024-why-attending-a-conference-is-important/ Fri, 15 Mar 2024 05:30:03 +0000 https://www.msbiro.net/posts/kubecon-eu-2024-why-attending-a-conference-is-important/ Insights from attending KubeCon EU 2024 in Paris—why large-scale conferences matter for networking, learning, and community engagement in the cloud-native world. This post explores the unique opportunities to meet peers, vendors, and open-source contributors, attend top technical sessions, and access session recordings and resources provided by the CNCF. https://www.msbiro.net/posts/cyberark-conjur-132-released/ Thu, 01 Feb 2024 12:30:03 +0000 https://www.msbiro.net/posts/cyberark-conjur-132-released/ CyberArk released Conjur 13.2 with important bug fixes, support for OpenShift 4.14, and new key features including high availability for the Vault Synchronizer and enhanced support for the Container Storage Interface (CSI) driver. This release improves disaster recovery strategies and optimizes secret injection into Kubernetes pods, representing another solid step in Conjur’s ongoing evolution. https://www.msbiro.net/posts/kubeweekly-k8s-newsletter/ Thu, 25 Jan 2024 11:30:03 +0000 https://www.msbiro.net/posts/kubeweekly-k8s-newsletter/ KubeWeekly is a curated newsletter delivering the latest Kubernetes and CNCF community news, articles, and videos straight to your inbox. As an editor during early 2024, I help select and share valuable content to keep the cloud-native community informed and connected. Discover how to subscribe and join this vibrant ecosystem of Kubernetes enthusiasts and professionals. https://www.msbiro.net/posts/kcd-italy-2024-bologna/ Wed, 17 Jan 2024 11:44:03 +0000 https://www.msbiro.net/posts/kcd-italy-2024-bologna/ KCD Italy 2024 is announced for June 20, 2024, in Bologna at the Savoia Regency Hotel. This Kubernetes Community Day event, supported by CNCF and organized by the Italian Kubernetes community, welcomes developers, architects, and enthusiasts to share knowledge and experiences. The CFP is open with English sessions welcome, and sponsorship opportunities are available to engage with the vibrant cloud-native community. https://www.msbiro.net/posts/cyberark-conjur-131-released/ Thu, 07 Dec 2023 08:30:03 +0000 https://www.msbiro.net/posts/cyberark-conjur-131-released/ CyberArk has released Conjur 13.1, a point update focusing on under-the-hood improvements that enhance the resiliency of Conjur followers. Key changes include major upgrades to the underlying container base image, PostgreSQL, and etcd versions, as well as enhanced flexibility in vault synchronization and secret segregation. This release is recommended for all Conjur Enterprise users seeking improved performance and stability. https://www.msbiro.net/posts/conjur-13-is-available/ Tue, 06 Jun 2023 18:30:03 +0000 https://www.msbiro.net/posts/conjur-13-is-available/ CyberArk has released Conjur 13.0, bringing notable enhancements like OIDC login support, secret data segregation for followers, optimized password management, and faster Vault synchronization for enterprise environments. This post covers the highlights of version 13, why you should consider upgrading, and how these improvements impact admins, security teams, and Kubernetes users. https://www.msbiro.net/posts/cyberark-conjur-authenticators-integrations/ Mon, 22 Aug 2022 10:26:03 +0000 https://www.msbiro.net/posts/cyberark-conjur-authenticators-integrations/ detailing the variety of authenticators such as host/user API key, OIDC, AWS IAM, Kubernetes with SPIFFE-compliant mutual TLS, and more. Learn how these authenticators enable secure secrets retrieval and integrations with popular DevOps tools and cloud platforms, enhancing security and flexibility for dynamic environments. https://www.msbiro.net/posts/cyberark-conjur-architecture-system-requirements/ Sun, 24 Jul 2022 11:40:03 +0000 https://www.msbiro.net/posts/cyberark-conjur-architecture-system-requirements/ This post provides a comprehensive overview of CyberArk Conjur Enterprise architecture, detailing its multi-node cluster design with auto-failover capabilities, follower deployment for scaling, and essential system requirements for production and test environments. Essential reading for anyone planning to deploy Conjur as an enterprise-grade secrets manager.