Paul Butler, founder of Jamsocket, discusses how to identify necessary vs unnecessary complexity in Kubernetes and explains how his team successfully runs production workloads by being selective about which features they use.

You will learn:

- Why to be cautious with features like CRDs, StatefulSets, and Helm and how to evaluate if you really need them.
- How to stay on the "happy path" in Kubernetes by focusing on stable and simple resources like Deployments, Services, and ConfigMaps.
- When to consider alternatives like Google Cloud Run for simpler deployments that don't need the full complexity of Kubernetes.

Watch (or listen to) it here: https://kube.fm/kubernetes-hater-s-guide-paul

🌟 This episode is sponsored by Syntasso, the creators of Kratix, a framework for building composable internal developer platforms https://ku.bz/CJNDlLXVS

With @Birthmarkb "Diet Coke Lover" Farrell

helmper is a Go program that reads Helm Charts from remote OCI registries and pushes the charts container images to your registries with optional OS-level vulnerability patching.

More: https://github.com/ChristofferNissen/helmper

This week on Learn Kubernetes Weekly 105:

🇨🇳 Chinese Docker Hub complete shutdown: how far can Kubernetes image repositories go?
🤯 Overengineering this blog's preview site with Kubernetes
🧐 Taking a look at the Kube-proxy API
🥇 Kubernetes: the road to 1.0
🏃‍♂️ Extending Kubernetes functionality: A practical guide to custom resource definitions

Read it now: https://learnk8s.io/issues/105

🌟 This newsletter is brought to you by Syntasso, creators of Kratix, a framework for building composable developer platforms. Deploy on Kubernetes with speed, safety, and scalability https://ku.bz/0F0XMbqgN

Pinniped is the easy, secure way to log in to your Kubernetes clusters.

More: https://github.com/vmware-tanzu/pinniped

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55

DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/03598248-6bcb-4117-85b1-ecba6edb3070?s=55

DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
→ https://kube.careers/t/3d7c0bd7-abd8-4526-a376-458f65018709?s=55

Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
→ https://kube.careers/t/b6de3faf-adb8-462a-9dd9-260446149b27?s=55

👉 Browse all 1375 Kubernetes jobs on Kube Careers https://kube.careers

Tetragon enables powerful real-time, eBPF-based security observability and runtime enforcement.

It is Kubernetes-aware and understands identities so that security event detection can be configured to individual workloads.

More: https://tetragon.io

This article introduces Azure Kubernetes Service Workload Identities and provides a step-by-step demo on enabling and implementing them in AKS.

More: https://medium.com/@swordfish291/getting-started-with-azure-workload-identities-7f8ab78da40f

Is the Kubernetes job market still hot in 2024? 🔥

We analyzed 8772 Kubernetes job listings from Q3 2024 to find out:

💰 The average worldwide Kubernetes salary is $158,134, with North America averaging $169,627.
🌎 A whopping 62% of Kubernetes jobs are in North America, with Europe at 32.5%.
👩‍💻 Software Engineers remain the most sought-after role (42%), followed by DevOps and Platform Engineers.
🏡 68% of jobs allow some form of remote work, with hybrid roles gaining popularity.
🐍 Python continues to be the most in-demand programming language for Kubernetes roles.

Want to know which skills and tools are essential to land your next Kubernetes job? Check out our detailed State of the Kubernetes Job Market report for Q3 2024: https://ku.bz/vg_wXyNvj

Permify is an open-source authorization service for easily building and managing fine-grained, scalable, and extensible access controls for your applications and services.

More: https://github.com/Permify/permify

@miamorecadenza shares their journey in building a "compute as a faucet" home lab where infrastructure becomes invisible and tasks can be executed without manual intervention.

You will learn:

- How to evaluate operating systems for your home lab — from Rocky Linux to Talos Linux, and why minimal, immutable operating systems are gaining traction.
- How to implement a three-tier storage strategy combining Longhorn (replicated storage), NFS (bulk storage), and S3 (cloud storage) to handle different workload requirements.
- How to secure your home lab with certificate-based authentication, WireGuard VPN, and proper DNS configuration while protecting your home IP address.

Watch (or listen to) it here: https://ku.bz/2kzj2MgfH

🌟 This episode is sponsored by Nutanix — innovate faster with a complete and open cloud-native stack for all your apps and data anywhere https://ku.bz/wb_0GNHnr

With @Birthmarkb "SIG-Bart" Farrell

Reflector is a Kubernetes addon designed to monitor changes to resources (Secrets and ConfigMaps) and reflect changes to mirror resources in the same or other namespaces.

More: https://github.com/emberstack/kubernetes-reflector

This week on Learn Kubernetes Weekly 106:

⏰ How to solve the issue of network latency jitters caused by a massive number of IPVS rules
🏋️‍♀️ Load testing Kubernetes clients without breaking the bank
🚦 Terminating elegantly: a guide to graceful shutdowns
📉 How I reduced EKS Windows node start time from 5 min to ~90s
🤔 How Kubernetes Requests and Limits Really Work

Read it now: https://learnk8s.io/issues/106

🌟 This newsletter is brought to you by Testkube — Scale all of your tests with Kubernetes, integrate seamlessly with CI/CD and centralize test troubleshooting and reporting https://ku.bz/_bByjc0mQ

This article explains how to use Sealed Secrets with Kubernetes applications, covering the creation and encryption of secrets, and deployment via ArgoCD.

More: https://devoriales.com/post/351/using-sealed-secrets-with-your-kubernetes-applications

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with xAI
💰 $180K to $440K a year
🏠 From the office in San Francisco / Palo Alto, CA, USA
→ https://kube.careers/t/c7cf5fcf-05bc-4e15-948b-f58c1c47fd9f?s=55

DevSecOps Engineer with Worldcoin
💰 $236K to $323K a year
🏠 From the office in San Francisco, CA, USA
→ https://kube.careers/t/e824f971-4831-4329-8dfd-2edcce0c9ed5?s=55

DevSecOps Engineer with Gemini
💰 $248K to $310K a year
👨‍💻 Remote from the United States
→ https://kube.careers/t/03598248-6bcb-4117-85b1-ecba6edb3070?s=55

DevSecOps Engineer with Uniswap Labs
💰 $264K to $294K a year
🏠 From the office in New York, NY, USA
→ https://kube.careers/t/3d7c0bd7-abd8-4526-a376-458f65018709?s=55

Security Architect with Adobe Inc.
💰 $191.7K to $345.7K a year
🏠 From the office in Seattle, WA / San Francisco / San Jose, CA, USA
→ https://kube.careers/t/b6de3faf-adb8-462a-9dd9-260446149b27?s=55

👉 Browse all 1409 Kubernetes jobs on Kube Careers https://kube.careers

Learn how to integrate 1Password with External Secrets Operator to automate pulling secrets into a Kubernetes Secret, enabling secure secret management across different stages.

More: https://dev.to/3deep5me/using-1password-with-external-secrets-operator-in-a-gitops-way-4lo4

The article explores the evolution of pod privileges in EKS, covering the transition from Host Role to Proxy metadata servers, IRSA, and finally Pod Identity, highlighting the key features and improvements of each approach.

More: https://asrathore08.medium.com/journey-of-pods-privilege-in-eks-f04c780e2f1b

Confidential Containers is an open source community that works to enable cloud native confidential computing by leveraging Trusted Execution Environments to protect containers and data.

More: https://github.com/confidential-containers

Kubernetes Network Policies control pod communication.

This guide introduces Network Policies, including implementing and troubleshooting policies to enhance the security of your Kubernetes applications.

More: https://medium.com/@muppedaanvesh/a-hands-on-guide-to-kubernetes-network-policy-%EF%B8%8F-041bebe19a23

Tim Miller CEO and Co-founder at Kusari explains why minimal containers are just one piece of the supply chain security puzzle.

He discusses how container minimization must be complemented with supply chain tracking and provenance information. Tim highlights how the Software Development Life Cycle (SDLC) often removes complexity but also eliminates crucial tracking information needed for security incident response.

Watch the full interview: https://ku.bz/-2Sqn9Jb9

This interview is a reaction to Harsha Koushik's episode https://ku.bz/n_sJ04xMY

This week on Learn Kubernetes Weekly 107:

💰 How I came to build a cheap server cluster for VDI
🐝 eBPF maps state synchronization across multi-node Kubernetes cluster
🕸️ Service Meshes decoded: is Istio Ambient worth it?
🗑️ How to uninstall Multus CNI without borking your Kubernetes cluster
📝 Kubernetes configuration in 2024

Read it now: https://learnk8s.io/issues/107

🌟 This newsletter is brought to you by Robusta Dev — reduce Prometheus and Kubernetes troubleshooting time by 80% with an AI Assistant. Fewer alerts and better developer experience https://ku.bz/NdP67ry-g

Learn how to use Open Policy Agent (OPA) to write policies for Kubernetes clusters, including defining namespace policies, allocating resource quotas, and creating a custom validation webhook.

More: https://medium.com/permify-tech-blog/opa-gatekeeper-how-to-write-policies-for-kubernetes-clusters-bb660666eb19