Managing multiple clusters with ArgoCD across clouds? 🚀 Join Marc Boorshtein on Nov 12 to learn how to secure connections without static tokens. Discover token exchange, Kubernetes identity, and the latest in GitOps security. Don't miss this live demo! 🔒 #ArgoCD #GitOps

Good morning from #awsdmvcommunity day at HQ2! No one seems to know what our swag is, so what is it? Wrong answers only!!!!

Today we start the 4 part series for Kubernetes - An Enterprise Guide we are discussing chapter 8 Managing Secrets and antipatterns "In the last section we discussed why storing Secrets in Git, whether encrypted or not, is an antipattern" We are going to have the book authors

Had a great convo about multi-tenant Kubernetes at AWS DMV community day. Starts with "why not just a cluster per customer?" and ends with "wow, yeah that really makes sense!" this blog is getting kinda big so I'm going to break it up into a few parts - Intro, vCluster, and

Week two with the CNCF virtual book club tomorrow! We're going to talk through Chapter 9 - Building Multitenant Clusters with vCluster - buff.ly/3UnxBWy This was a really fun chapter because we don't just cover vCluster, but also how to automate its deployment and how

Do you know what legacy protocol Kubernetes is using?

Please please please don't embed a browser in your native app for login. Cookie management becomes a mess and logins usually involve multiple domains across multiple vendors.

Going to KubeCon? Want a free copy of Kubernetes: An Enterprise Guide 3rd Ed? Come by Loft Lab's booth on the 13th where I'll be signing 25 copies!

We've updated how to deploy OpenUnison with ArgoCD to using a multi source Application: buff.ly/48urdTg . If you're using the orchestra-login-portal-argocd chart, we'll continue to generate it and publish it until 10/31/2025. We also added instructions on how to deploy

Distroless containers are not more secure. A distroless container on a poorly configured kubernetes cluster is just as vulnerable to an attack.

Time to get this ArgoCon deck together!

Next stop, KubeCon! Excited to return to Salt Lake City where Tremolo Security was born in a bar at the Marriott.

OpenUnison 1.0.42 has been released! In addition to the great new features, OpenUnison now supports ARM! Run OpenUnison on your Pis, your macs, or your Graviton clusters! updates to the helm charts to make OpenUnison easier to customize for your environment, too.

SSO for argoproj Workflows is more complex then most applications. Learn how to delegate user's access to a Kubernetes ServiceAccount securely in a way that makes both your users and security team happy with OpenUnison. buff.ly/4gPrkfy

When you deploy Kubernetes, you usually begin your access with a certificate. It's easy, it's simple, it doesn't require a login, and it's a TERRIBLE IDEA!!!!! Friends don't let friends use certificates for accessing Kubernetes. For TBT, our blog post explains why!

We've updated our docs to make it easier to deploy OpenUnison using Argo CD's multi source Applications, so we're deprecating the old tremolo/orchestra-login-portal-argocd chart. We know it takes time to migrate, so we're going to continue supporting it until the end of 2025.

For TBT, how can you use your Kubernetes ServiceAccount tokens to access AWS services? tremolo.io/post/securely-…

Are you also at #kcddc? Come find me and say hi!

We've released OpenUnison 1.0.43! We've made building Security Token Services easier, simplified kubernetes logins with a new kubectl plugin, and made privileged access to Kubernetes a snap. Check out our new features with more blog posts coming soon! tremolo.io/post/openuniso…