Google just released a whitepaper explaining why and how you start using a service mesh like Istio. Definitely a must read if you are considering to implement a mesh.

Do you know the feeling of having a dozen of terminals open (with something like `kubectl get xxx --watch`) while debugging an issue? Well, Octant is a web-based, highly extensible platform to better understand how applications run on a Kubernetes cluster. It offers a combination of introspective tooling, cluster navigation, and object management along with a plugin system to further extend its capabilities. I started using it recently and I personally love it.

This is a project from raesene which aims to make use of Docker (and specifically Kind) to create a lab environment for testing Kubernetes exploits and security tools entirely locally on a single machine, without any requirement for remote resources or Virtual Machines. The project contains already a starter set of playbooks which will bring up clusters with specific misconfigurations that can be exploited, correlated with their own walkthroughs.

You might have heard that Kubernetes 1.16 has now been released. If so, you might have also heard that a bunch of old API paths/versions got removed (including security APIs). If (when) you upgrade you should be prepared for these breaking changes: Kubeval should help with catching these, as well as similar breaking changes in the future, in your CI pipelines.

Or what happens if you ignore AWS warning emails... On the plus side, at the end of the article you can find a gist for what to do when you leak your AWS credentials.

That's a very well written article explaining all the pros of using certificate-based authentication for SSH, and how to set it up for AWS.

At the same time (see above), AWS is explaining how to secure, rotate, and use SSH keypairs for inter-cluster communication.

If you are looking for training in the AWS space, you must know that Scott is one of the most knowledgeable experts in the field.