Author: cslab

While operating Kubernetes, you might encounter moments where you think, “Huh? Why is this appearing here?” The most common misconception is the belief that “Pods will be evenly distributed (Round-Robin) across nodes.” Today, through a ‘Pod concentration phenomenon’ that I personally experienced, I will delve into the invisible logic of how the Kubernetes scheduler actually…

Hello everyone! Today, I’d like to talk about some “unfamiliar IP ranges” that you might encounter when working with cloud-native environments. When operating Kubernetes, you might sometimes wonder, “Huh? Our company’s VPC range is 10.0.0.0/16, so why am I seeing 34.x.x.x?” or “Why are AWS EKS Pod IPs 100.64.x.x?” These two cases arose for different…

Hello everyone! On my journey to conquer 15 certifications as a ‘Golden Kuberstronaut’, I’ve finally passed the 11th hurdle: the CAPA (Certified Argo Project Associate) exam! 🥳 Following my previous success with CBA (Backstage), this time I challenged an exam covering the entire Argo Project, a core component of cloud-native deployment. Although I was already…

This is a test post to verify the uploader. Here is an image: End of post. This is real end of post.

Hello! Today, we’re going to dive deep into the “Mystery of the Missing Sidecar Container”, a situation that engineers working with Kubernetes and Istio environments might have encountered at least once. What if you injected Istio, but the proxy container isn’t visible in the YAML file, yet `kubectl` shows it normally? It’s not a bug.…

Hello everyone! Today, we’re going to dive deep into Service Accounts, the fundamental core of Kubernetes security. If you simply thought, “Isn’t that what’s used to grant permissions to Pods?”, you’ll gain a deeper understanding from today’s post. In particular, the concepts of Projected Volumes and Bound Tokens, which have become the standard in recent…

Hello everyone! Today, we’re going to dive deep into why PV (PersistentVolume), PVC (PersistentVolumeClaim), and SC (StorageClass), which can be called the “flower” of Kubernetes storage, are absolutely necessary. When you first start learning Kubernetes, you might have this question: > _”Wouldn’t it be easier to just directly write the AWS EBS ID or NFS…

Hello, security researchers who strive for systematic analysis! 🕵️‍♂️ Until last time, we dissected malware code (static), executed it (dynamic), and visualized logs to uncover every detail of the crime. Now, your notes are probably filled with raw evidence like “wrote a value to the Registry Run key” or “deleted shadow copies with cmd.exe”. But…

Hello, security enthusiasts! 👋 After approximately four years since 2021, the OWASP Top 10 2025 (Release Candidate) was officially announced in November. This 2025 version goes beyond simple ranking changes, notably reflecting the recent surge in Supply Chain Attacks and the complexity of Cloud/IaC environments. There are many points to emphasize when teaching Terraform or…

Hello everyone! Today, I’d like to provide a very detailed overview of the ‘Docker Life Cycle’, which is fundamental when studying Docker but often confuses many. docker create, docker start, docker run… What exactly is the difference between these seemingly similar commands? 🤔 The answer to this question becomes clear once you understand Docker’s life…