Series
Kubernetes Production & Security
Operations and security for production Kubernetes: ETCD recovery, RBAC, network policy, secret rotation, hardening and real runbooks.
- 1Technology
Cost-Aware Design on a Kubernetes Platform
Practical principles for a Kubernetes platform architecture that scales on the cloud while keeping budget discipline.
- 2Tutorials
Multi-Environment Promotion Pipeline with GitOps
A practical, GitOps-based guide for building a controlled promotion flow across development, test, and production environments.
- 3Tutorials
External Secrets Flow for Kubernetes Secret Rotation
A guide based on External Secrets for pulling secret data from a central vault and applying rotation in Kubernetes environments.
- 4Technology
Microservice Architecture with Kubernetes
A practical guide that addresses service boundaries, traffic management, SLOs, and platform responsibilities together when designing microservices on…
- 5Tutorials
Safe Version Promotion with Argo CD Image Updater
A guide for setting up a safe promotion model on a GitOps pipeline without leaving container versions to uncontrolled automation.
- 6Tutorials
Gradually Tightening Kubernetes Network Policies with Cilium
A guide to moving Kubernetes network policy from observability into enforced control without breaking production.
- 7Tutorials
Runtime Security Observation with Falco
A Falco-based setup guide for surfacing suspicious runtime behavior across Linux and Kubernetes environments.
- 8Tutorials
Publishing Services on Bare Metal Kubernetes with MetalLB
A clear design framework based on MetalLB for publishing services on bare metal Kubernetes clusters without a cloud load balancer.
- 9Tutorials
Protecting the Kubernetes Control Plane with API Priority and Fairness
A practical APF setup that prioritizes critical traffic and fairly queues noisy callers, lowering the risk of API server overload.
- 10Tutorials
Designing Maintenance Waves for Kubernetes Node OS Patching
Roll out node patches in maintenance waves rather than all-at-once: drain, PDB, parallelism, and a safe rollback path.
- 11Tutorials
Kubernetes Admission Webhook Timeouts: A Runbook for Frozen Deploys
Field runbook to rapidly triage hung deploys caused by Validating/Mutating webhook latency and apply a risk-controlled mitigation.
- 12Tutorials
Kubernetes ETCD Quorum Loss: Triage and Recovery Runbook
A runbook for quickly diagnosing ETCD quorum during API 5xx/timeout storms and walking through safe recovery steps via snapshot restore.
- 13Tutorials
Workload Identity and mTLS with SPIFFE/SPIRE
A guide to wiring service-to-service mTLS through SPIFFE identities and SPIRE-issued short-lived certificates instead of relying on IPs and static secrets.
- 14Technology
Kubernetes Etcd Encryption at Rest + KMS Design
Protecting Secrets with real cryptography rather than just base64: encryption configuration, KMS integration, and an operational rotation model.
- 15Tutorials
Phased Hardening of Kubernetes with PSA + Kyverno
Roll out security guardrails in production clusters gradually with Pod Security Admission (PSA) and Kyverno: an audit→warn→enforce plan.
- 16Tutorials
Kubernetes RBAC: Least Privilege + Break-Glass Model
A practical RBAC framework for role design, identity integration, and time-boxed emergency access (break-glass) without depending on cluster-admin.
- 17Tutorials
GitOps Secrets Management with SOPS + age
A practical SOPS + age setup and operational discipline for keeping encrypted secrets in Git and decrypting them safely inside CI/CD and the cluster.
- 18Tutorials
Kubernetes Control Plane Certificate Expiry: A Runbook
When API Server access suddenly breaks with x509 errors; certificate renewal and safe recovery steps for kubeadm-based clusters.
- 19Tutorials
Kubernetes API Server Audit Log: Policy and SIEM Pipeline
Collecting Kubernetes audit logs without drowning in noise: a practical approach to policy, retention, masking and SIEM correlation.
- 20Tutorials
Defense Strategies Against Kubernetes DNS Cache Poisoning
Learn effective defense strategies against DNS cache poisoning attacks in Kubernetes environments. Discover methods to strengthen your security.
- 21Technology
Kubernetes Network Policies: Invisible Walls Between Pods
Learn how to secure network traffic between pods using Kubernetes Network Policies. A from-A-to-Z guide with detailed examples for Network…