This week's articles
Why You Should Enable GKE Shielded Nodes Today
#gcp, #k8s, #defense
When Shielded GKE Nodes is enabled, the GKE control plane cryptographically verifies that every node in the cluster is a virtual machine running in a managed instance group in Google's data center and that the kubelet is only getting the certificate for itself. But Shielded GKE Nodes addresses a much bigger problem.
Intricacies of IAM Conditions
In-depth look at some of the intricacies present when using IAM Conditions, with examples and tips to keep in mind when scoping out IAM roles.
Introducing GitHub Container Registry
GitHub Container Registry introduces easy sharing across organizations, fine-grained permissions, and free, anonymous downloads for public container images. Perfect timing, since many people started pondering alternatives for DockerHub cause of the recent limitations they just announced.
How we threat model
High level summary of how Threat Models are handled at GitHub.
Escalating to Domain Admin in Azure AD Domain Services
How to escalate to Domain Admin in Azure AD Domain Services (Microsoft's hosted Active Directory) leveraging Shay Ber's DNSAdmin trick. Interesting thing about this is customers are not supposed to have or be able to get Domain Admin rights.
Scaling Kubernetes Networking With EndpointSlices
EndpointSlices are a new API that provides a scalable and extensible alternative to the Endpoints API. EndpointSlices track IP addresses, ports, readiness, and topology information for Pods backing a Service.