This week on Learn Kubernetes Weekly 161:

🔥 Kubernetes Informers Are So Easy... To Misuse!
🎤 KubeCon 2025: Three Things This Year’s Conversations Told Me About Kubernetes Optimization
🛑 Importance of Graceful Shutdown in Kubernetes
🚪 Breaking Boundaries: Kubernetes Namespaces and Multi-tenancy
🎯 Centralizing Helm Charts: Moving Beyond Ingress with HTTPProxy

Read it now: https://kube.today/issues/161

⭐️ This newsletter is brought to you by StormForge by CloudBolt — ML-powered Kubernetes rightsizing that keeps clusters fast, efficient, and under control https://ku.bz/2CSC8dH38

kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication, also known as kubectl oidc-login.

More: https://ku.bz/tVhnrW9MG

This article explains how to remove permission checks from microservices and build a centralized authorization layer with Kong OSS and OpenFGA.

More: https://ku.bz/50Pf5hFcV

This open-source tool helps you manage authentication and access across servers, databases and Kubernetes clusters via API or CLI.

More: https://ku.bz/VYnDyMT1h

This article shows how to use the Kong OIDC plugin together with Keycloak to secure cluster services and HTTP routes at the API gateway level.

More: https://ku.bz/2Q103hfW1

This tool delivers real-time node/pod-level process, file and network visibility for Kubernetes and bare-metal environments, with rule-based alerts, dashboards and hybrid cloud support.

More: https://ku.bz/7lk94WvMv

This week on Learn Kubernetes Weekly 162:

🐍 Kubernetes Needs Its Python Moment
☁️ Migrating Kubernetes out of the Big Cloud Providers
📦 Kubernetes v1.34: DRA Consumable Capacity
🛠️ Managing APIs in Kubernetes with Kong Ingress Controller
🚑 Fixing Upstream Connect Errors (Docker, Kubernetes, Spring Boot & More)

Read it now: https://kube.today/issues/162

⭐️ This newsletter is brought to you by Depot — Speed up your Docker builds by up to 40x with Depot's cloud-based builders https://ku.bz/bnY9lr632

This article introduces ChaosRoom, a playful tool that helps engineers learn chaos engineering by running mini-games simulating faults and observing how systems respond.

More: https://ku.bz/2GlrYmTbT

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨‍💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV

DevSecOps Engineer with Airwallex
💰 $200K to $300K a year
🏠🏃🏻‍♂️🌎 San Francisco, CA, USA
→ https://ku.bz/9V59yN3h9

Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4

DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨‍💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk

👉 Browse 867 jobs on Kube Careers https://kube.careers

This code tool helps you gather logs, metrics and code changes, then uses AI-powered root-cause analysis to surface what broke in production and suggest immediate fixes.

More: https://ku.bz/srJCYmX4J

This article explains how to use Vault Agent Injector (a mutating webhook) to inject secrets into Kubernetes pods securely, without modifying application code.

More: https://ku.bz/DXC0qMd79

This tool enables you to scan and enforce compliance across multi-cloud infrastructure with customizable YAML rules, alerts and integrations.

More: https://ku.bz/JZJpNJqnz

This article explains how eBPF lets you run small, verified programs inside the Linux kernel to unlock powerful observability, security, and networking capabilities without custom kernel modules.

More: https://ku.bz/TYf7Jy6cs

This week on Learn Kubernetes Weekly 163:

🔥 What would a Kubernetes 2.0 Look Like
🐍 Trying to Break out of the Python REPL Sandbox in a Kubernetes Environment: A Practical Journey
🛠️ Karpenter at Beekeeper by LumApps: Fun Stories
💥 Extracting JVM Data from Crash-Looping Java Containers in Kubernetes
🎮 ChaosRoom: Hands-On Chaos Engineering Through Games

Read it now: https://kube.today/issues/163

⭐️ This newsletter is brought to you by Depot — Speed up your Docker builds by up to 40x with Depot's cloud-based builders https://ku.bz/mTfYrBkWZ

Crowdsec is a security engine that detects malicious behavior from logs and community-shared intelligence, allowing you to block bad IPs and share threat data across your fleet.

More: https://ku.bz/M6t4FjWLg

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨‍💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV

DevSecOps Engineer with Airwallex
💰 $200K to $300K a year
🏠🏃🏻‍♂️🌎 San Francisco, CA, USA
→ https://ku.bz/9V59yN3h9

Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4

DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨‍💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk

👉 Browse 1011 jobs on Kube Careers https://kube.careers

This article describes a real-world incident in which a high-privilege Kubernetes service account token was accidentally logged in plaintext.

More: https://ku.bz/FDn0rzCqQ

Ratan Tipirneni, President & CEO @ Tigera, explains how Tigera is responding to market demands by announcing two major developments: Calico AI and bundling Istio with their solution.

He discusses the key market trend driving this decision: customers want a single, unified platform that provides everything needed for Kubernetes networking, network security, and observability, while remaining platform-agnostic to avoid vendor lock-in.

Watch the interview: https://ku.bz/fwFG0jZNk

Read the announcement: https://ku.bz/1nljhB1vQ

cert-manager-mcp-server provides cert-manager resource management through Model Context Protocol (MCP), letting AI assistants like Claude inspect certificates, issuers, and certificate requests directly in Kubernetes clusters.

More: https://ku.bz/RwfN0Qz5g

PodCertificateSigner lets your Kubernetes cluster automatically issue TLS certificates for pods by handling PodCertificateRequest resources with a custom signer controller.

More: https://ku.bz/rbMcq48rD