This tutorial teaches how to deploy Crossview on Kubernetes with Helm and secure it for enterprise use with session auth, SSO, proxy header auth, RBAC, TLS, and high-availability settings ➤ ku.bz/hwQDK693G

This tutorial explains how Amazon EKS Pod Identity session policies let teams restrict pod IAM permissions with inline policies ➤ ku.bz/NtVpLWQ60

This tutorial teaches how to secure LLM inference services on Kubernetes using Authorino and Envoy for authentication and authorization ➜ ku.bz/NWFrLKFbF

This tutorial teaches how to implement container image signature verification in Kubernetes using Cosign for signing, Kyverno for policy enforcement, and Sigstore Policy Controller for admission control ➜ ku.bz/vT_tmP0lj

This article shows how to maintain VM-level network security during KubeVirt live migration by using Calico labels and policy enforcement rather than node or pod IPs ➤ ku.bz/mggD2nXf6

This tutorial shows how to secure east-west traffic in GKE using an Internal Regional Gateway with Envoy proxies, certificates, HTTP Routes with path rewriting, and a zero-trust architecture for service-to-service communication ➜ ku.bz/VqqYrclKm

This week on the Learn Kubernetes Weekly: 🧠 Kubernetes Patterns to LLM Workloads 🐢 Why Grafana is Slow 📊 Observability at Albert Heijn 🎬 Vibe Coding a Media Server 🔌 Kong Gateway Custom Plugins ⭐️ WeAreDevelopers Read it now: kube.today/issues/187

This tutorial teaches how to enforce signed container images in Kubernetes using Cosign for signing, Harbor for storage, and Kyverno admission controller for verification, including custom CA trust configuration and CI/CD integration patterns ➜ ku.bz/CjQLsVFWf

Trupositive is a wrapper that automatically tags Terraform and CloudFormation resources with Git commit SHA, branch, and repository metadata for auditability and infrastructure traceability ➤ ku.bz/jy_MxscNM

This article shows a Zero Trust blueprint using mutual TLS (mTLS) and Istio security policies to make internal and external APIs secure by default, with step-by-step configs and lessons from real systems ➜ ku.bz/Ft_3_HxjS

New on LearnKube: microservice authentication with Kubernetes Service Accounts Use Service Account tokens, the TokenReview API, and audience-bound projected tokens to authenticate service-to-service calls Full guide: learnkube.com/microservices-…

This article introduces KubeUser, an open source Kubernetes operator that automates user certificate, RBAC, and kubeconfig creation from a declarative custom resource ➤ ku.bz/t3c88n2-h

Warden is an open source runtime access gateway that lets AI agents, pods, pipelines, and services use identity-based policies to reach cloud APIs, databases, and storage without storing long-lived credentials ➤ ku.bz/KTFVJj-Tv

This tutorial teaches how to eliminate static kubeconfig files by configuring HashiCorp Vault as an OIDC provider for authentication with dynamic, short-lived tokens ➤ ku.bz/m2GQwKDZl

Sealed Secrets Web is a tool that provides a web interface for managing and encrypting sensitive data in Kubernetes using the Sealed Secrets service by Bitnami ➜ ku.bz/WS8Y2DHgS

This tool runs inside Kubernetes and automatically decrypts secrets encrypted with Mozilla SOPS, and then creates standard Kubernetes Secret objects from them ➤ ku.bz/fy2bXhv9X

ESP Kubernetes Reference Implementation runs compliance scanning in Kubernetes using ESP policies with pull-based agents that execute NIST, CIS, and STIG controls and produce CUI-free attestations forwarded to SIEM or cloud functions ➜ ku.bz/z00YcWHVS

📋 Most teams have a production checklist. The tougher question is when the checklist actually gets used. Is it before a launch, after an incident, during a security review, when a migration is already halfway done, or only when someone senior asks if the team is sure? Kubernetes readiness is about more than just correct YAML. It’s also about operational ownership: who understands the system, how the team reviews risks, and whether they can explain what happens when production doesn’t go as planned. When does your team review Kubernetes production readiness?

This tutorial shows how to build a hub-style multi-cluster cert-manager control plane where a central hub cluster manages certificate issuance and distribution across multiple spoke clusters using cert-manager and trust-manager ➜ ku.bz/LKB8W3PMJ

This week on the Learn Kubernetes Weekly: 🔥 Qwen 3.5 27B on GKE with B200 GPUs 🤖 AI-Powered IT Helpdesk ⚙️ Ansible AWX on Kubernetes 🛡️ Kubermatic SecureGuard 🔐 Secrets Management ⭐️ StormForge Read it now: kube.today/issues/186