Learn · Security & Reliability

Security & Reliability

Governance that holds under stress: authority, admission, secrets posture, signal discipline, and the ability to contain incidents without theatre.

Security topic map Observability topic map Lab: RBAC forbidden

What this module covers

Trust boundaries and operational honesty.

Identity & authority: service accounts, RBAC scope, and least privilege that doesn’t collapse under urgency.
Policy on the write path: admission controls, failurePolicy posture, and availability-aware governance.
Secrets handling: threat models, rotation costs, and exposure minimization.
Signal discipline: logs/events/metrics/traces that preserve causality and reduce noise.

Readings

Serious posture, stated precisely.

Text

RBAC and the Governance of Power

Least privilege, role design, and the cost of over-granting.

Text

Pod Security Admission and the Hierarchy of Trust

Baselines, exemptions, and keeping the runtime honest.

Text

The Dark Order’s Guide to Observability in Kubernetes

Logs, metrics, traces, events, audit—and the distortions that destroy truth.

Practice

Least privilege and write-path stability.

Lab

RBAC Forbidden Triage

Prove subject/verb/resource/scope; fix bindings without over-granting.

Atlas

Admission Webhook Timeouts

Restore write-path stability; define break-glass posture with audit.

Text

Secrets, Sealing, and the False Promise of Safety

Threat models, encryption boundaries, audit, rotation posture, and workload identity.

Return to the path

Use the path as structure; use the archive as depth.

Curriculum

Learning Path

Return to the staged progression and choose the next shelf with intent.

Topic map

Troubleshooting (Archive)

Symptom-first atlas entries plus labs and doctrine for on-call reality.