Ingress-nginx CVE 2025-1974 Patch and Mitigation Guide
Today, ingress-nginx maintainers released patches for CVE-2025-1974. Learn impact, mitigation, upgrade steps to secure your Kubernetes cluster.
KMS provider encryption in Kubernetes
Configure Kubernetes API server to use a gRPC-based KMS v2 plugin. Learn setup, config file format, caching, plugin lifecycle, and event-driven use-cases.
Example: Local Kubernetes cluster with Cluster-level PodSecurity admission set to baseline
Learn to create a local kind Kubernetes cluster with cluster-level PodSecurity admission enforcing the baseline profile by default.
Ingress-nginx CVE-2025-1974: All You Need to Know
Learn about CVE-2025-1974, a buffer overflow in ingress-nginx Lua module. Understand impact, exploit path, and patch steps for v1.11.5 and v1.12.1 to secure your cluster.
Dump a Kubernetes Pod for Analysis
In this post, I'll show you how to dump a Kubernetes pod for inspection, and to analyze everything from container contents to configurations.
Kubernetes Official CVE Feed – Consume and Process
This article explains how to consume the Official CVE Feed from Kubernetes. Learn to fetch JSON and RSS feeds, parse entries, integrate with event pipelines, and automate alerts for new security issues.
Pod Security Standards in Kubernetes
Learn best practices to enforce Pod Security Standards using Kubernetes Pod Security Admission Controller. Configure policies, label namespaces, audit and enforce coping with sensitive workloads.
Certificates in Kubernetes
Kubernetes clusters require TLS certificates to authenticate API server, kubelets, and control plane components. This article explains certificate generation, signing, rotation, and revocation.