Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 144:
✅ Modern Kubernetes: can we replace Helm?
💰 How We Saved 80% on Our Observability Bill!
🥷 Offensive Container Security: Techniques, Misconfigurations, and Attack Paths
💡 Scaling Kubernetes Smarter with Karpenter
✈️ ECR to OCIR: Event-driven Docker Image Updates
Read it now: https://learnkube.com/issues/144
⭐️ This newsletter is brought to you by Testkube — because if your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/JqgJVcfRh
✅ Modern Kubernetes: can we replace Helm?
💰 How We Saved 80% on Our Observability Bill!
🥷 Offensive Container Security: Techniques, Misconfigurations, and Attack Paths
💡 Scaling Kubernetes Smarter with Karpenter
✈️ ECR to OCIR: Event-driven Docker Image Updates
Read it now: https://learnkube.com/issues/144
⭐️ This newsletter is brought to you by Testkube — because if your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/JqgJVcfRh
This tutorial teaches how to implement SPIFFE/SPIRE for cloud-native workload identity management and integrate with Istio for mutual TLS and authorization policies.
More: https://ku.bz/HYVTDDcVz
More: https://ku.bz/HYVTDDcVz
kubelet-csr-approver is a hardened Kubernetes controller that auto-approves kubelet-serving CSRs only after verifying strict node identity rules—regex-matched hostnames, IP prefix constraints, username matching, DNS resolution, and X.509 CN checks.
More: https://ku.bz/-HVF5sB0h
More: https://ku.bz/-HVF5sB0h
Forwarded from LearnKube news
Master Kubernetes with LearnKube's Advanced Kubernetes workshop!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts in September: https://learnkube.com/training
We also run in-person courses and private training: https://learnkube.com/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts in September: https://learnkube.com/training
We also run in-person courses and private training: https://learnkube.com/corporate-training
This article explains how to use Transaction Tokens (TraTs) and the Tokenetes framework to securely propagate user identity and request context across microservices in Kubernetes.
More: https://ku.bz/YJ8vdTDvX
More: https://ku.bz/YJ8vdTDvX
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Harsha Koushik, a Security Researcher and Technical Product Manager at Palo Alto Networks, discusses the evolution and challenges of Alpine Linux.
He points out issues such as DNS resolution problems and inefficient memory allocation using a best-fit model, which compromises system stability.
He suggests that the goal should be to maintain a stable system with a reduced attack surface, citing Chainguard's Wolfi as a potential alternative that balances minimalism and stability effectively.
Watch the full episode: https://ku.bz/n_sJ04xMY
He points out issues such as DNS resolution problems and inefficient memory allocation using a best-fit model, which compromises system stability.
He suggests that the goal should be to maintain a stable system with a reduced attack surface, citing Chainguard's Wolfi as a potential alternative that balances minimalism and stability effectively.
Watch the full episode: https://ku.bz/n_sJ04xMY
net-debug is a toolbox container with tcpdump, socat, iperf, dig, and more, built for Kubernetes debugging.More: https://ku.bz/mC-nblk2l
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Data centers consume over 4% of global electricity, and due to AI workloads, this number is projected to triple in the next few years.
Dave discusses how he built a Kubernetes scheduler that makes scheduling decisions based on real-time carbon intensity data from power grids.
You will learn:
- How carbon-aware scheduling works
- Building custom Kubernetes schedulers using the scheduler plugin framework
- Energy measurement strategies - Approaches for tracking power consumption across CPUs, memory, and GPUs
Watch (or listen to) it here: https://ku.bz/zk2xM1lfW
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Trello Expert" Farrell
Dave discusses how he built a Kubernetes scheduler that makes scheduling decisions based on real-time carbon intensity data from power grids.
You will learn:
- How carbon-aware scheduling works
- Building custom Kubernetes schedulers using the scheduler plugin framework
- Energy measurement strategies - Approaches for tracking power consumption across CPUs, memory, and GPUs
Watch (or listen to) it here: https://ku.bz/zk2xM1lfW
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Trello Expert" Farrell
KubeBuddy audits your Kubernetes clusters from PowerShell.
It checks node health, pods, events, RBAC, and AKS best practices, then outputs clean HTML or text reports.
More: https://ku.bz/85lvgDJpD
It checks node health, pods, events, RBAC, and AKS best practices, then outputs clean HTML or text reports.
More: https://ku.bz/85lvgDJpD
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Saptarshi Banerjee, Senior Solutions Architect at AWS, explains how to approach security when designing platform solutions without being a security expert.
He outlines AWS's "security as job zero" philosophy and provides a practical framework for building secure systems by leveraging built-in cloud controls rather than trying to become a security specialist.
Watch the full interview: https://ku.bz/mLfMNxY9k
This interview is a reaction to Mac's episode https://ku.bz/9nFPmG85f
He outlines AWS's "security as job zero" philosophy and provides a practical framework for building secure systems by leveraging built-in cloud controls rather than trying to become a security specialist.
Watch the full interview: https://ku.bz/mLfMNxY9k
This interview is a reaction to Mac's episode https://ku.bz/9nFPmG85f
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 145:
📕 The Data Engineer’s Guide to Optimizing Kubernetes
🤔 Why Scale to Zero?
🔮 Great Scott! The AI went ‘Back to the Backend’ without a ‘Transaction Token with Assured Context’!
⚒️ Building a Kubernetes Controller with Kubebuilder
🫸 The dissection of pushing an OCI image to AWS ECR
Read it now: https://learnkube.com/issues/145
⭐️ This issue is brought to you by Akamai — get Kubernetes clusters that just work with a free managed control plane, simple autoscaling, and global scale https://ku.bz/G08dxqrM6
📕 The Data Engineer’s Guide to Optimizing Kubernetes
🤔 Why Scale to Zero?
🔮 Great Scott! The AI went ‘Back to the Backend’ without a ‘Transaction Token with Assured Context’!
⚒️ Building a Kubernetes Controller with Kubebuilder
🫸 The dissection of pushing an OCI image to AWS ECR
Read it now: https://learnkube.com/issues/145
⭐️ This issue is brought to you by Akamai — get Kubernetes clusters that just work with a free managed control plane, simple autoscaling, and global scale https://ku.bz/G08dxqrM6
This tutorial teaches how to install and configure Falco on GKE for runtime security, test default rules, create alerts in Google Cloud Monitoring, and add custom rules.
More: https://ku.bz/zFRVy94dl
More: https://ku.bz/zFRVy94dl
External Secrets Operator syncs secrets from AWS, Vault, GCP, Azure, and others via their APIs and injects them as native Kubernetes Secrets using CRDs.
More: https://ku.bz/PCSkhjRtN
More: https://ku.bz/PCSkhjRtN
Forwarded from LearnKube news
This media is not supported in your browser
VIEW IN TELEGRAM
🚀 Kubernetes Instance Calculator V3 is here!
Three major updates to help you optimize your cluster costs:
✅ Cost Sensitivity Widget - Visualize how estimation errors impact your actual costs. See why the "cheapest" instance can become the most expensive.
✅ Akamai Support - Full integration with Akamai's compute platform alongside AWS, GCP, and Azure.
✅ Updated Instance Database - Fresh pricing and instance types pulled directly from all cloud providers.
The Cost Sensitivity Widget shows what others don't: a 20% error in resource requests can lead to 2x higher costs as pod density drops. Now you can choose instances based on cost stability, not just sticker price.
Check it out: https://learnkube.com/kubernetes-instance-calculator
Thank you to Akamai Technologies for sponsoring these improvements. They're offering free consultations to review your results: https://ku.bz/yL1tSYYwq
Three major updates to help you optimize your cluster costs:
✅ Cost Sensitivity Widget - Visualize how estimation errors impact your actual costs. See why the "cheapest" instance can become the most expensive.
✅ Akamai Support - Full integration with Akamai's compute platform alongside AWS, GCP, and Azure.
✅ Updated Instance Database - Fresh pricing and instance types pulled directly from all cloud providers.
The Cost Sensitivity Widget shows what others don't: a 20% error in resource requests can lead to 2x higher costs as pod density drops. Now you can choose instances based on cost stability, not just sticker price.
Check it out: https://learnkube.com/kubernetes-instance-calculator
Thank you to Akamai Technologies for sponsoring these improvements. They're offering free consultations to review your results: https://ku.bz/yL1tSYYwq
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Tim Miller, CEO and Co-founder at Kusari, discusses three categories of tools that are transforming the Kubernetes ecosystem.
He highlights Ko, which helps developers deploy applications with minimal friction**, Falco by Sysdig, which provides deep system visibility, and SBOM generation tools like Excalibur and Guac, which make container dependencies more transparent. These tools focus on developer experience and system observability.
Watch the full interview: https://ku.bz/-2Sqn9Jb9
He highlights Ko, which helps developers deploy applications with minimal friction**, Falco by Sysdig, which provides deep system visibility, and SBOM generation tools like Excalibur and Guac, which make container dependencies more transparent. These tools focus on developer experience and system observability.
Watch the full interview: https://ku.bz/-2Sqn9Jb9
This tutorial teaches how to manage Kubernetes secrets by syncing from external secret managers like AWS Secrets Manager using External Secrets Operator (ESO).
More: https://ku.bz/z4S56kDPQ
More: https://ku.bz/z4S56kDPQ
Forwarded from LearnKube news
📕 Free ebook: GPU-Enabled Platforms on Kubernetes — Available September 8th
As AI workloads become standard in production environments, understanding GPU orchestration on Kubernetes has shifted from a nice-to-have to an essential skill.
What's inside:
- The complete GPU abstraction stack—from physical hardware through kernel drivers to the Kubernetes API
- Why traditional container isolation fails for GPU workloads and what actually works
- Production-tested approaches: time-slicing, Multi-Instance GPU (MIG), Multi-Process Service (MPS), and vGPU solutions
- Architectural patterns for multi-tenant GPU platforms based on trust levels and performance requirements
The book launches September 8th in collaboration with vCluster Reserve your free copy: https://ku.bz/gpu-k8s
💡 Live Discussion: September 10th
Join author Daniele for a live session covering the book's structure: https://ku.bz/g8gXCKW12
As AI workloads become standard in production environments, understanding GPU orchestration on Kubernetes has shifted from a nice-to-have to an essential skill.
What's inside:
- The complete GPU abstraction stack—from physical hardware through kernel drivers to the Kubernetes API
- Why traditional container isolation fails for GPU workloads and what actually works
- Production-tested approaches: time-slicing, Multi-Instance GPU (MIG), Multi-Process Service (MPS), and vGPU solutions
- Architectural patterns for multi-tenant GPU platforms based on trust levels and performance requirements
The book launches September 8th in collaboration with vCluster Reserve your free copy: https://ku.bz/gpu-k8s
💡 Live Discussion: September 10th
Join author Daniele for a live session covering the book's structure: https://ku.bz/g8gXCKW12
Kube-Sec is a CLI that connects to your Kubernetes cluster and runs static security checks on core resources.
It detects privileged containers, root pods, risky RBAC policies, open ports, hostPath usage, and public service exposure.
More: https://ku.bz/x6JpQm94_
It detects privileged containers, root pods, risky RBAC policies, open ports, hostPath usage, and public service exposure.
More: https://ku.bz/x6JpQm94_
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Brian, VP Cloud Platform Engineering at JPMorgan Chase, shares his ingenious side project that automatically scales Kubernetes workloads based on whether his MacBook is open or closed.
You will learn:
- How KEDA differs from traditional Kubernetes HPA
- The technical architecture connecting macOS notifications through CloudWatch
- Cost optimization strategies
- Creative approaches to autoscaling signals beyond CPU and memory
Watch (or listen to) it here: https://ku.bz/sFd8TL1cS
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "New Soundproof Studio" Farrell
You will learn:
- How KEDA differs from traditional Kubernetes HPA
- The technical architecture connecting macOS notifications through CloudWatch
- Cost optimization strategies
- Creative approaches to autoscaling signals beyond CPU and memory
Watch (or listen to) it here: https://ku.bz/sFd8TL1cS
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "New Soundproof Studio" Farrell
This article explains how Kubernetes v1.33 fixes a security flaw by requiring authorization checks for pods using cached private container images already present on a node.
More: https://ku.bz/yPgnR0XRm
More: https://ku.bz/yPgnR0XRm
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 146:
😱 When “Anti-Patterns” Become Best Practice: Lessons from Migrating a Global Pub/Sub Empire to Kubernetes
🥷 Trying to break out of the Python REPL sandbox in a Kubernetes environment: a practical journey
🕳️ Digging Deeper: How Pause containers skew your Kubernetes CPU/Memory Metrics
📕 Kubernetes Services: A Deep Dive with Examples
💰 How We Cut Our Azure Cloud Costs by 3×
Read it now: https://learnkube.com/issues/146
⭐️ This newsletter is brought to you by Tigera, the Creators of Project Calico — Learn how Calico uses eBPF for high performance, low latency, & enhanced networking https://ku.bz/d6d07C20F
😱 When “Anti-Patterns” Become Best Practice: Lessons from Migrating a Global Pub/Sub Empire to Kubernetes
🥷 Trying to break out of the Python REPL sandbox in a Kubernetes environment: a practical journey
🕳️ Digging Deeper: How Pause containers skew your Kubernetes CPU/Memory Metrics
📕 Kubernetes Services: A Deep Dive with Examples
💰 How We Cut Our Azure Cloud Costs by 3×
Read it now: https://learnkube.com/issues/146
⭐️ This newsletter is brought to you by Tigera, the Creators of Project Calico — Learn how Calico uses eBPF for high performance, low latency, & enhanced networking https://ku.bz/d6d07C20F