DEV Community: Guillermo Quiros

K8Studio & Cyber Helmets partner to increase speed from learning to real-world application

Guillermo Quiros — Tue, 27 May 2025 07:58:16 +0000

K8Studio & Cyber Helmets partner to increase speed from learning to real-world application.
Key takeaways:
Hands-on Kubernetes security training features K8Studio’s best-in-class data visualization tool paired with Cyber Helmet’s best-in-class instructors.
K8Studio’s version 3 features more speed, efficiency, and control for students and practitioners securing Kubernetes environments.
Integrated training experience enables a seamless transition from learning to real-world application for cloud engineers, security analysts, and DevSecOps leaders.
Fueling K8Studio’s innovation pipeline will be continuous feedback from Cyber Helmet’s world-class instructors and security customers.

Master Kubernetes security with K8Studio and Cyber Helmets
Kubernetes security is one of the most critical (and complex) challenges modern DevSecOps teams face. Enter version 3 of K8Studio.
We’ve harnessed the power of data visualization to change the game in cluster security and now we’re teaming up with Cyber Helmets to transform Kubernetes security training.
Starting today, K8Studio will be the default lab environment for all Cyber Helmets Kubernetes and cloud security training. Our partnership pairs our best-in-class tool with Cyber Helmet’s best-in-class instructors for an integrated training experience made for today’s security practitioners.
K8Studio simplifies Kubernetes management for all. From beginners studying Cloud to certified DevOps professionals, K8Studio’s innovative, intuitive tools enhance efficiency, productivity, and security of Kubernetes operations.
Intuitive cluster visualization complete with color coding and heatmaps, simplifies Kubernetes management by highlighting relationships and enabling detailed drill-downs. Imagine opening a comprehensive map of your clusters and spotting a security risk at first glance. K8Studio’s cutting-edge data visualization makes this possible.
This partnership creates an invaluable feedback loop for continuous K8Studio tool improvements furthering our cloud security innovation.

Why this partnership matters
Cyber Helmets knows that mastering Kubernetes security isn’t about memorizing commands—it’s about solving real problems in real environments. By embedding K8studio directly into their instructor-led training experience, they’re making that possible in ways that are more immersive, practical, and relevant than ever.
This means Cyber Helmets learners will get access to real sandbox environments, misconfigured clusters, guided exercises, and visual tooling—all seamlessly embedded in the Cyber Helmets courseware.
Think: less theory, more practical, problem-solving muscle.
With this integration, practitioners and students can practice spotting insecure role-based access controls (RBAC) and investigating cluster misconfigurations, and then learn how to fix them—in a live, risk-free setting.
And, with K8Studio, they’ll learn while using an intuitive data visualization tool with the ability to secure Kubernetes environments with more speed, efficiency, and control than ever before. Whether students or professionals, users can seamlessly transition from practicing within a course to applying their knowledge in real-world scenarios with K8Studio.
What learners can expect:
Hands-on Lab Environments
Each course will include interactive, pre-configured Kubernetes clusters designed to simulate real-world misconfigurations and vulnerabilities.
Guided Learning Scenarios
From insecure RBAC to vulnerable containers, learners will follow guided paths that show how to find, fix, and validate security issues in live environments.
Seamless Visual Integration
K8studio’s intuitive tools like CloudMaps will be embedded into Cyber Helmets instructor-led training, giving learners a clear picture of their environments and security posture.
Exclusive Access & Perks
Students and instructors will benefit from trial access and enhanced capabilities within K8studio as part of select courses.
Built for practitioners, backed by community
At the heart of this collaboration is a shared belief: security training should be hands-on, actionable, and immediately useful in the real world.
Whether you're a cloud engineer, security analyst, or DevSecOps leader, you’ll walk away with not just knowledge—but the tools and environments to master Kubernetes security through practice.
From our leadership
K8Studio Chief Executive Officer Guillermo Quiros said:
“With K8Studio, we set out to transform Kubernetes management at every level making it more accessible, efficient, and secure than ever. Combining our tool with the Cyber Helmets learning experience is a powerful and immersive way for practitioners to master their cluster security competency.”

Cyber Helmets Managing Director Aris Zikopoulos said:
“At Cyber Helmets, our mission has always been to deliver security training that’s grounded in reality—practical, hands-on, and directly applicable to the challenges professionals face every day. By integrating K8Studio into our training programs, we’re raising the bar for what effective Kubernetes security education looks like. This partnership combines real-world scenarios with intuitive tooling, giving learners the experience, context, and confidence they need to secure cloud-native environments at scale.”
Key improvements in K8Studio v3:
The Cyber Helmets partnership will benefit from the latest version of K8Studio. In version 3, we addressed the need for speed to insight for Kubernetes security.
Multicluster Workspace with Multi-Window Support: Thanks to the new Multi-Window Docking Layout Manager, you can open as many tabs as needed—across any cluster—and fully customize your workspace.
AI Copilot – Context-Aware Kubernetes Assistant: An integrated AI Copilot, designed to assist you intelligently based on your current selection and workspace context.
Advanced Logs: The new Advanced Logs feature allows you to view logs across Deployments or multi-container Pods in a consolidated, structured format.
Network Policies: Immediately see if workloads are not isolated by ingress/egress rules. The visualizer shows which Pods are effectively "open" and where policies are missing.
Service Accounts & RBAC: For any workload, quickly trace which service account is attached, what roles are bound to it, and what permissions it grants — no more hunting through YAML or CLI output.
Security Contexts: Directly inspect each container’s security context. Check if it’s running as root, if it has a writable filesystem, what Linux capabilities are enabled, and more — all in one place.
Access & Navigation Improvements: Streamlined exploration of resources and relationships. Whether you're checking a deployment, a role binding, or a policy, get to the data that matters faster than ever before.
A smarter way to learn Kubernetes security
This isn’t just an upgrade in tooling—it’s a shift in how Cyber Helmets approaches cloud-native security education. With Cyber Helmets and K8studio working together, learners gain both the skills and the confidence to secure complex Kubernetes environments in the wild.
This collaboration brings engineers, security practitioners, and DevOps leads closer to the real-world skills needed to protect modern infrastructure.
Stay tuned for the upcoming K8studio-powered Kubernetes security training experience — a first look at how this hands-on integration works in action and full Kubernetes course list is coming soon. K8studio will also be integrated into Cyber Helmets broader cloud security curriculum.

Using CloudMaps to monitor Clusters

Guillermo Quiros — Thu, 14 Nov 2024 19:15:22 +0000

Monitoring Kubernetes today is a complex task. Even with carefully chosen tools, we often face an overwhelming array of dashboards brimming with countless charts, necessitating multiple monitors.

This information overload makes it challenging to pinpoint what truly matters. Critical information gets buried under a sea of metrics, hindering our ability to quickly understand what is going on and make appropriate decisions. As Kubernetes clusters grow, the complexity increases exponentially, making observability even more crucial. So, what do we do to keep track without losing our minds? Please don’t say another dashboard!!!

At K8Studio we think that the way to tackle this problem is through effective data visualization. We need a data visualization that provides a summarized view of our cluster’s status, giving us context and revealing relationships between events and objects within the cluster. It should also allow us to drill down into details when necessary. An intuitive visualization that quickly communicates high volumes of data directly to our brains is essential.

At K8Studio, we believe the way to tackle this problem is with state-of-the-art data visualization. This visualization needs to have the following properties:

Provide a holistic view of our cluster.
Describe the cluster structure and the relationships between the different parts.
Surface relevant information and minimize noise.
Enable us to easily navigate to different levels of detail and back, while maintaining the context of the navigation.
Excel in communicating high volumes of data intuitively and effortlessly.

You may wonder what this magical visualization is. And the answer, like all good things in life, is pretty simple and straightforward: MAPS!

Since ancient times, humans have used maps to represent complex worlds. Over time, we have adapted to consume maps efficiently, which is why most of us can understand a map without needing any explanation. Maps have the unique ability to show relationships and interactions between different objects, giving us the big picture while allowing us to drill down into details without losing focus. Combined with heatmaps, they enable us to surface the relevant information effectively.

At K8Studio, we have tried to adapt the concepts of maps to cloud computing, and more specifically to the management of Kubernetes Clusters. That is why we have introduced a new concept called CloudMaps in our latest release of K8Studio.

The primary function of CloudMaps is to represent your cluster as a map using color coding and heatmaps, providing a clear view of the status of different objects. It organizes objects by namespace and shows the network relationships between them, allowing you to understand who is connecting to whom. Additionally, CloudMaps features robust zoom capabilities with a minimap to enable detailed drill-downs when needed without losing focus of the whole. Cloud Maps combine the power of intuitive mapping with the precision needed for Kubernetes observability, helping us master the complexity of our clusters with ease.

This is how Cloud Maps look. When zoomed out, we can see the composition of our cluster and the workloads in different namespaces organized by application name. We can observe the number of pods and the status of both workloads and pods. The map also displays the relationships between objects, such as service-to-workload and workload-to-PVC connections. Workloads are marked with application icons to provide us with more information about the deployed images. All of this offers us a holistic view of the cluster. In this example, we can clearly see all the workloads with issues highlighted in yellow. Even someone unfamiliar with the cluster can grasp its composition and status within three seconds.

Once we have the big picture, we can zoom in on the map to see more detailed information about a specific part of the cluster that interests us. For instance, in this example, we can zoom in and see a Redis deployment with six unscheduled pods. We also see two services and their ports accessing the pods, and six PVCs, each bound at 8Gi. Just by zooming in, we gain more in-depth information, similar to how we would use a physical map to explore an area in greater detail. For example, at this zoom level, we can see the ports and target ports of the services, the size of the PVC, and their status.

To obtain more information about any object, we can simply click on the object to select it. A right-hand panel will appear, displaying additional details about the selected object.

In this panel, you can view even more detailed information. As the pictures below show, this panel includes different sections:

The Quick Editor: Showing the basic information and status.
YAML Editor: Providing access to the full YAML configuration.
The Timeline: Combining status and events ordered by time.
Metrics: Showing relevant metrics of the selected object, including CPU, memory with request and limit, network, and I/O operations.

This panel enables us to gather extensive information, empowering us to detect issues and take the appropriate actions. Moreover, when the selected object is a pod, we can seamlessly establish an SSH connection or access the specific container logs via our integrated terminal.

To conclude, we’ve incorporated nodes into the map, providing insight into their status, CPU, and memory utilization, along with details on the pods they host and the capacity for additional pods. An intriguing feature is that when selecting a pod, it will also be highlighted within the workload objects, facilitating a clear understanding of pod distribution and placement within the cluster. This comprehensive view enables seamless navigation and informed decision-making within the cluster environment.

The application can be downloaded at K8studio or on our GitHub Page

BTW If you like what we are building give us a star on GitHub.The team and I would be extremely grateful.

Pod Security with K8Studio

Guillermo Quiros — Thu, 14 Nov 2024 19:01:54 +0000

K8Studio 2.0.0 introduces significant improvements focused on Pod Security to streamline and enhance Kubernetes security management. This release addresses three core security areas essential for assessing and enforcing pod-level security policies:

Network Policies — Provides visibility into applied network policies, including detailed checks on ingress and egress rules, to control traffic flow to and from pods and secure inter-pod communication.
Security Context — Offers insights into the security context of each pod, allowing you to verify configurations such as user privileges, Linux capabilities, and namespace isolation levels, which are critical for securing workloads.
Service Account Roles — Enables examination of service account roles linked to pods, providing information on the permissions granted, which is crucial for understanding access scopes and limiting exposure.

These features collectively offer a structured approach to assessing pod security configurations, making it easier to identify and address potential vulnerabilities across deployed Kubernetes environments.

Network Policy

In this version, the dashboard’s Workload Widget now includes a section that provides a quick overview of workloads with ingress or egress rules applied, helping you instantly assess whether each workload is properly secured by network policies.

In the Quick Editor, we’ve added a detailed view of network policies, allowing you to see exactly which ports are open for both ingress and egress traffic on each workload. This feature provides visibility into the specific protocols and port ranges configured, making it easier to verify and adjust access rules directly from the editor. By offering granular insights into traffic flow, this enhancement helps ensure that workloads are configured with the appropriate network security settings to minimize exposure and control communication paths effectively.

Security Context

In the Quick Editor, users can access detailed security context configurations that fall under three main categories: RunAsUser, RunAsGroup, and FsGroup. Each of these categories includes key properties for fine-tuning pod-level security:

RunAsUser
Defines the user identity under which the container’s processes will run. This setting is essential for enforcing least-privilege access:

RunAsUser — Specifies the user ID (UID) that processes within the container will use, allowing you to avoid root-level execution and enforce user-specific permissions.
RunAsNonRoot — Enforces that the container runs as a non-root user. Setting this to true ensures that the container operates without root privileges, adding an extra layer of security even if RunAsUser is not set.
AllowPrivilegeEscalation — Controls whether a process in the container can escalate privileges (e.g., gain root privileges). Setting this to false prevents potential privilege escalation attacks within the container, restricting processes to the permissions initially assigned.

RunAsGroup
Specifies the primary group identity for the container’s processes, which is helpful for managing group-based access permissions:

RunAsGroup — Defines the primary group ID (GID) that container processes will use. This setting enables group-specific access control within the container, particularly useful in multi-user environments.
Capabilities — Provides fine-grained control over Linux capabilities granted to the container. By specifying capabilities to add or drop, such as NET_ADMIN (for network management), you can limit the permissions granted to processes, further controlling the container's security scope.

FsGroup
Sets the group ID applied to the filesystem for volumes within the pod, offering centralized control over file and directory permissions:

FsGroup — Assigns a filesystem group ID to all files within the pod’s mounted volumes, making it easier to manage file permissions for shared storage scenarios.
ReadOnlyRootFilesystem — Enforces a read-only root filesystem for the container, ensuring that the container’s core files cannot be altered. This setting prevents accidental or malicious modifications to the root filesystem, reinforcing the container’s immutability.
Privileged — Grants the container elevated permissions to access all host resources. This setting effectively removes the usual container security boundaries, which can be useful in specific cases (such as hardware access) but should be used cautiously due to security implications.

By grouping these properties, the Quick Editor in K8Studio 2.0.0 offers a structured and intuitive approach for configuring security contexts, allowing users to define user, group, and filesystem permissions clearly. This setup supports more granular control over pod security and aligns deployments with Kubernetes best practices.

Service Account

In this release, we’ve implemented a feature in the Quick Editor that shows which Roles or ClusterRoles are bound to the service account assigned to each pod. This addition is crucial for providing visibility into the access controls applied to workloads.

Importance of Service Account Roles in Pod Security
In Kubernetes, each pod runs with a service account, which is associated with specific permissions defined by Roles or ClusterRoles. These permissions control the actions that a pod, through its service account, can perform within the cluster. Understanding the roles associated with a service account is critical for the following reasons:

Access Control — Roles and ClusterRoles define what resources a pod can access and which operations it can perform on those resources (e.g., get, list, create, delete). This helps prevent unauthorized access to sensitive resources by ensuring each pod only has the permissions it truly needs, following the principle of least privilege.
Resource Isolation — By carefully assigning roles to service accounts, you can isolate workloads based on their function or security requirements. For example, a pod handling sensitive data might have restricted access to certain namespaces or be limited to read-only actions, reducing the risk of accidental or malicious modifications to cluster resources.
Minimizing Attack Surface — Restricting the service account’s permissions reduces the potential impact if a pod is compromised. A tightly scoped service account ensures that even if an attacker gains access to the pod, they cannot escalate privileges or access unrelated cluster resources, limiting the security impact of a breach.
Auditing and Compliance — Assigning explicit roles to service accounts provides a clear audit trail of what permissions were granted to each pod. This is important for compliance and security audits, as it allows teams to verify that pods are running with the correct permissions and no excess access.

With these new features, we aim to enhance the visibility and identification of potential security vulnerabilities within your Kubernetes cluster. By providing clear insights into pod security configurations, network policies, and service account roles, K8Studio 2.0.0 empowers users to proactively assess and mitigate security risks. This streamlined approach allows for quicker detection of security holes, enabling you to maintain a robust and secure Kubernetes environment effectively.

K8Studio CloudMaps: Using Maps to master Kubernetes observability

Guillermo Quiros — Mon, 10 Jun 2024 09:44:46 +0000

Monitoring Kubernetes today is a complex task. Even with carefully chosen tools, we often face an overwhelming array of dashboards brimming with countless charts, necessitating multiple monitors.

At K8Studio, we believe the way to tackle this problem is with state-of-the-art data visualization. This visualization needs to have the following properties:

The primary function of CloudMaps is to represent your cluster as a map using color coding and heatmaps, providing a clear view of the status of different objects. It organizes objects by namespace and shows the network relationships between them, allowing you to understand who is connecting to whom. Additionally, CloudMaps features robust zoom capabilities with a minimap to enable detailed drill-downs when needed without losing focus of the whole. Cloud Maps combine the power of intuitive mapping with the precision needed for Kubernetes observability, helping us master the complexity of our clusters with ease.

Zoom in with relation links between objects
To obtain more information about any object, we can simply click on the object to select it. A right-hand panel will appear, displaying additional details about the selected object.

In this panel, you can view even more detailed information. As the pictures below show, this panel includes different sections:

The application can be downloaded at K8studio or on our GitHub Page

BTW If you like what we are building give us a star on [Github](https://github.com/guiqui/k8Studio. The team and I would be extremely grateful.

K8Studio Kubernetes IDE New Version

Guillermo Quiros — Thu, 14 Mar 2024 06:44:53 +0000

Last January, we launched version 0.2.3 to the world, putting it out there to gauge the community's thoughts - what works, what doesn't, and what's missing. At the outset, K8Studio had just a couple of hundred users. However, within two weeks of exclusively blogging on Medium, we achieved a remarkable milestone of 5000 users.

This surge in user engagement was instrumental in uncovering numerous bugs, particularly those related to connection issues. We identified challenges with individuals connecting through SSO or behind a proxy, as well as issues with users dealing with many clusters. Additionally, user feedback highlighted a reluctance towards the mandatory sign-in requirement, and we recognized the absence of the proper infrastructure to manage professional licenses.

After a month and a half of intensive hard work, to be completely honest, and a bit exhausted(I Fell like a pianist after playing the Rachmaninoff Concerto n2), I am thrilled to present the latest and greatest version of K8Studio.

This new version can be downloaded at K8studio or on our GitHub Page.BTW If you like what we are building give us a star on Github.

Well, let's see in detail what we have under the hood.

Cluster Management enhancements.
Many of you pointed out that working with numerous clusters was challenging, and identification was difficult. We have listened to your feedback, and this is what we have done to enhance the experience:

Cluster List View.
The list view makes it easier to manage multiple clusters. It includes more relevant columns and information such as user, context, cluster, and configuration files. All columns are filterable and sortable.

The Grid also provides the possibility to change visibility, add or remove clusters to the Hotbar, and toggle cluster monitoring on/off.

Color coding and customizable icons
Now we can customize the cluster icon or choose the icon color

Groups
We have also introduced a grouping feature, allowing you to classify your clusters and apply color coding to these groups.

Add Cluster metrics
Many of you have requested the ability to view cluster status without the need to open each cluster individually. Now, within the cluster view, you can easily access all pod statistics, as well as CPU and memory usage per node, without navigating away from the cluster view. Additionally, we have introduced the option to turn off monitoring of cluster status for those who prefer not to use this feature.

Adding and managing Cluster Configurations.
Several changes have been implemented in this domain. Many of you have observed that the previous cluster forms were somewhat intricate and susceptible to errors. We have replaced all of those with the following functionalities:

Add a cluster providing the YML configuration.

Add a cluster by providing either a file or a folder containing configuration files. In this scenario, we also actively monitor changes and instantly reflect them in K8Studio

Managing proxy settings.
In previous versions of K8Studio, working with clusters that used a proxy for connection was not possible. Now, K8Studio reads and handles proxy settings seamlessly:

K8Studio now reads HTTP_PROXY, HTTPS_PROXY,NO_PROXY environement variables.
Proxy settings that are set on the configuration files using proxy-url.
We support HTTP,HTTPS and sock5,4 proxies.
Provide proxy configuration in the cluster settings:

License management:
In the area of licensing, we've made significant efforts to enhance the user experience and make it easier to try and use K8Studio. Firstly, there's no longer a need to log in every time you use K8Studio.
Additionally, we've introduced a guest mode that lasts for 30 days, allowing anyone to try the application without the need for registration. Furthermore, we've added a Personal account option, which is free for non-commercial or non-professional usage. The Personal account can be activated online by registering and following the provided instructions.

We've introduced two types of professional accounts: online and airtight, responding to the numerous requests for the possibility of using the application in controlled environments. The activation process for both types of accounts is straightforward and can be completed online:

We've also implemented a License Management Console where users can purchase licenses, assign/unassign licenses, invite users to redeem a license, and manage subscriptions and invoices.

In addition to that we have corrected a ton of bugs raised by the community, Many many thanks to everyone involved in making K8Studio a better IDE.
Please don't hesitate to let us know what you think about K8studio.

K8Studio Kubernetes IDE

Guillermo Quiros — Wed, 17 Jan 2024 07:04:24 +0000

It's been an exhilarating journey since we first embarked on the K8studio project four years ago. Although there were pauses along the way, the last five months have seen a renewed commitment and a resurgence of enthusiasm. Today, we are thrilled to share with you the exciting developments as we revive and reimagine K8studio.

The application can be downloaded at k8studio or in our GitHub Page

Our primary goal remains unwavering—to create a comprehensive graphical interface that empowers users to effortlessly manage their Kubernetes clusters.

BTW If you like what we are building give us a star on Github

So let me give you an overview of the application page by page:

Home Page

The "Home Page" window is where your Kubernetes management journey kicks off. Here, you can add, delete, and organize your clusters effortlessly.
K8studio smartly reads clusters from your .kube/config without altering it. Yet, we understand your Kubernetes landscape might extend beyond. That's why we empower you to manually add clusters or import them from various configuration files, all without disturbing the original setup.

Upon configuring a cluster, it's time to access it with a simple double click.

Graphical view

After opening a cluster, the first window reveals the Deployment View, a user-friendly graphical snapshot offering a holistic overview of the cluster. This view groups workloads, services, ingresses, and persistent volumes by namespace and instance. Furthermore, it visually represents the connections between different objects, providing a swift assessment of pod count and status.

What makes this view exceptional is its complete interactivity. Users can perform CRUD operations using intuitive D&D functionality. The sidebar complements this by allowing users to edit object definitions swiftly. Featuring a quick editor, YAML editor, log pages, and, if Prometheus is deployed, showcasing metrics of the selected object directly from the graphical view.

Grid view

Switching to the grid view allows for a comprehensive tabular display of all Kubernetes objects. The left bar enables the selection of specific object types, and this view is entirely interactive and updated in real-time. Users can seamlessly search and filter objects by namespace, rearrange columns, and create custom filters. This ensures an efficient and customized way to locate the desired information with ease.

Node View

The Node View offers a comprehensive display of all available nodes, showcasing the pods they house along with their current status. Additionally, it provides key insights into the CPU and memory status, offering a holistic perspective on the overall health and performance of the nodes within the cluster.

Integrate Terminal

No Kubernetes tool is complete without a terminal! Enter our world-class integrated terminal—a constant companion that supports multiple instances and remembers the correct cluster context. This feature ensures a seamless experience, allowing users to download to text and switch between multiple shell types effortlessly. The terminal is always at your fingertips, ready to enhance your Kubernetes management experience.

Helm View

The Helm view serves as a centralized hub for managing Helm repositories. Users can effortlessly search, install charts, and oversee the entire lifecycle of installed releases. This feature streamlines the Helm-related operations, providing a seamless and efficient experience for repository management and chart deployment within the cluster.

RBAC View
The RBAC (Role-Based Access Control) view simplifies the creation and management of cluster roles and roles. Users can easily configure permissions and assign them to individuals, groups, or service accounts. Additionally, this view facilitates the creation of users and groups, providing a summary of user permissions.

Thank you for taking the time to read! If you have any suggestions, we'd love to hear from you. We're currently in the alpha phase and value your feedback.