Shielded GKE nodes provide strong, verifiable node identity & integrity, giving assurance that your node OS hasn't been tampered with and is running in a Google data center.

The Kubernetes IoT Edge Working Group has developed a whitepaper to expose the security challenges of distributed deployments outside of the typical data center. The whitepaper identifies a comprehensive list of edge security challenges and concerns that the CNCF and Kubernetes communities should recognize.

How to perform a vulnerability analysis on a host using Kubernetes as the platform. It creates a Job that deploys a pod that will scan the host for any vulnerabilities.

A Lightweight and Simpler Service Mesh Made by the Traefik Team. One of the main differences is that Maesh does not use any sidecar container but handles routing through proxy endpoints running on each node. The mesh controller runs in a dedicated pod and handles all the configuration parsing and deployment to the proxy nodes.

Nice post which describes the concepts behind the Virtual Kubelet, an open-source implementation of the kubelet with the purpose of connecting Kubernetes to other APIs. Beware of the security implications (like communicating with other services outside of the Kubernetes cluster and outside of the region/cloud provider) though!

That's a nice illustration from Corey Quinn (@QuinnyPig)