Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 151:
📊 Kubernetes observability from day one – mixins on Grafana, mimir and alloy
🕵️ Troubleshooting packet drops in a Kubernetes-based observability platform
🌍 How We Migrated 30+ Kubernetes Clusters to Terraform
🚪 Gateway API v1.3.0: Advancements in Request Mirroring, CORS, Gateway Merging, and Retry Budgets
🧩 Introducing Gateway API Inference Extension
Read it now: https://kube.today/issues/151
⭐️ This newsletter is brought to you by @KubeToday — a daily feed of Kubernetes news, events, jobs, announcements, and more! https://kube.today
📊 Kubernetes observability from day one – mixins on Grafana, mimir and alloy
🕵️ Troubleshooting packet drops in a Kubernetes-based observability platform
🌍 How We Migrated 30+ Kubernetes Clusters to Terraform
🚪 Gateway API v1.3.0: Advancements in Request Mirroring, CORS, Gateway Merging, and Retry Budgets
🧩 Introducing Gateway API Inference Extension
Read it now: https://kube.today/issues/151
⭐️ This newsletter is brought to you by @KubeToday — a daily feed of Kubernetes news, events, jobs, announcements, and more! https://kube.today
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Vitalii Horbachov explains how Agoda built macOS VZ Kubelet, a custom solution that registers macOS hosts as Kubernetes nodes handles 20,000 iOS tests at scale.
You will learn:
- How to build hybrid runtime pods that combine macOS VMs with Docker sidecar containers for complex CI/CD workflows
- Custom OCI image format implementation for managing 55-60GB macOS VM images with layered copy-on-write disks
- Networking and security challenges, including Apple ennoscriptments, direct NIC access, and implementing kubectl exec over SSH
Watch (or listen to) it here: https://ku.bz/q_JS76SvM
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Rugby referee" Farrell
You will learn:
- How to build hybrid runtime pods that combine macOS VMs with Docker sidecar containers for complex CI/CD workflows
- Custom OCI image format implementation for managing 55-60GB macOS VM images with layered copy-on-write disks
- Networking and security challenges, including Apple ennoscriptments, direct NIC access, and implementing kubectl exec over SSH
Watch (or listen to) it here: https://ku.bz/q_JS76SvM
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Rugby referee" Farrell
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 152:
🌀 A Journey Through Kafkian SplitDNS in a Multitenant Kubernetes Offering
⚙️ Under the hood: Amazon EKS Auto Mode
👩💻 Most Cloud-Native Roles are Software Engineers
🚀 Start Sidecar First: How To Avoid Snags
📈 Enhancing Kubernetes Event Management with Custom Aggregation
⚡ Non-HA Kubernetes Gotchas: Downtime and Autoscaling Pitfalls with Single Replica Workloads
Read it now: https://kube.today/issues/152
⭐️ This newsletter is brought to you by AWS — Fully automate your Kubernetes clusters with Amazon EKS Auto Mode https://ku.bz/xZWD-2-Rk
🌀 A Journey Through Kafkian SplitDNS in a Multitenant Kubernetes Offering
⚙️ Under the hood: Amazon EKS Auto Mode
👩💻 Most Cloud-Native Roles are Software Engineers
🚀 Start Sidecar First: How To Avoid Snags
📈 Enhancing Kubernetes Event Management with Custom Aggregation
⚡ Non-HA Kubernetes Gotchas: Downtime and Autoscaling Pitfalls with Single Replica Workloads
Read it now: https://kube.today/issues/152
⭐️ This newsletter is brought to you by AWS — Fully automate your Kubernetes clusters with Amazon EKS Auto Mode https://ku.bz/xZWD-2-Rk
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Andrei Kvapil, CEO and Founder of Aenix, explains how GitOps tools handle access control and restrict deployments. He highlights that GitOps provides:
- Real-time inspection of changes before deployment
- Visibility of exact differences between desired and existing cluster states
- Control at both deployment and review phases
Andrei outlines a strategy using a pull request model to manage access:
1. Configure the GitOps operator to watch the main branch
2. Restrict direct pushes to the main branch
3. Implement a pull/merge request workflow
4. Review all changes before they reach the main branch
This approach allows companies to predict and control what will be deployed, leveraging GitOps principles while maintaining strict access control.
Watch the full episode: https://ku.bz/0mvh5s4Ld
- Real-time inspection of changes before deployment
- Visibility of exact differences between desired and existing cluster states
- Control at both deployment and review phases
Andrei outlines a strategy using a pull request model to manage access:
1. Configure the GitOps operator to watch the main branch
2. Restrict direct pushes to the main branch
3. Implement a pull/merge request workflow
4. Review all changes before they reach the main branch
This approach allows companies to predict and control what will be deployed, leveraging GitOps principles while maintaining strict access control.
Watch the full episode: https://ku.bz/0mvh5s4Ld
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
From hitting the "scaling wall" to achieving operational excellence—this is how two global enterprises transformed their Kubernetes operations.
In Episode 3 of The Making of Flux, our KubeFM original series, Philippe Ensarguet from Orange and Arnab Chatterjee from Nomura share their GitOps journey with Flux, from initial challenges to production victories at massive scale.
You will learn:
- How Orange uses Flux to manage bare-metal Kubernetes through its SYLVR project.
- Why Nomura relies on GitOps to balance agility with governance in financial services.
- How Flux helps enterprises achieve resilience, compliance, and repeatability at scale.
Watch (or listen to) it here: https://ku.bz/tWcHlJm7M
🌟 Join the Flux maintainers and community at FluxCon, November 11th in Salt Lake City— https://ku.bz/L843kg0CK
With @Birthmarkb
In Episode 3 of The Making of Flux, our KubeFM original series, Philippe Ensarguet from Orange and Arnab Chatterjee from Nomura share their GitOps journey with Flux, from initial challenges to production victories at massive scale.
You will learn:
- How Orange uses Flux to manage bare-metal Kubernetes through its SYLVR project.
- Why Nomura relies on GitOps to balance agility with governance in financial services.
- How Flux helps enterprises achieve resilience, compliance, and repeatability at scale.
Watch (or listen to) it here: https://ku.bz/tWcHlJm7M
🌟 Join the Flux maintainers and community at FluxCon, November 11th in Salt Lake City— https://ku.bz/L843kg0CK
With @Birthmarkb
Forwarded from Kube Careers
How much does a Kubernetes engineer earn in Q3 2025?
Is Platform Engineering really eating DevOps' lunch?
We analyzed 509 Kubernetes job denoscriptions and discovered:
💰 North American salaries average $177,983 (€92,113 in Europe)
🚀 Platform Engineer roles jumped to 9% of positions (vs 4-7% last year)
👨💻 43% of jobs are for Software Engineers, but DevOps roles offer the best remote flexibility (56%)
🏠 Remote work paradox: 67% allow remote, but only 0.29% are truly location-independent
Dive into the complete State of Kubernetes Job Market Q3 2025 report: https://kube.careers/state-of-kubernetes-jobs-2025-q3
⭐️ This report is brought to you by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person, or remote training. https://learnkube.com/training
Is Platform Engineering really eating DevOps' lunch?
We analyzed 509 Kubernetes job denoscriptions and discovered:
💰 North American salaries average $177,983 (€92,113 in Europe)
🚀 Platform Engineer roles jumped to 9% of positions (vs 4-7% last year)
👨💻 43% of jobs are for Software Engineers, but DevOps roles offer the best remote flexibility (56%)
🏠 Remote work paradox: 67% allow remote, but only 0.29% are truly location-independent
Dive into the complete State of Kubernetes Job Market Q3 2025 report: https://kube.careers/state-of-kubernetes-jobs-2025-q3
⭐️ This report is brought to you by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person, or remote training. https://learnkube.com/training
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Niels Claeys shares how his team built a data platform processing up to 1.5 million core hours monthly. He explains the specific optimizations they discovered through production experience, from scheduler changes to achieving 97% spot instance usage without reliability issues.
You will learn:
- How to achieve 97% spot instance adoption through strategic instance type diversification, region selection, and Spark-specific techniques
- Node pool design principles that balance Kubernetes overhead with workload efficiency
- Platform-specific gotchas like AWS cross-AZ data transfer costs that can spike bills unexpectedly
Watch (or listen to) it here: https://ku.bz/hGRfkzDJW
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Almost 40" Farrell
You will learn:
- How to achieve 97% spot instance adoption through strategic instance type diversification, region selection, and Spark-specific techniques
- Node pool design principles that balance Kubernetes overhead with workload efficiency
- Platform-specific gotchas like AWS cross-AZ data transfer costs that can spike bills unexpectedly
Watch (or listen to) it here: https://ku.bz/hGRfkzDJW
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Almost 40" Farrell
Forwarded from Kube Builders
Project Quay runs as a service inside or outside Kubernetes, storing images in S3 or local storage.
It scans images for vulnerabilities with Clair, supports image signing, and enforces repository access and security policies via webhooks and RBAC.
More: https://ku.bz/mXXL2JPl4
It scans images for vulnerabilities with Clair, supports image signing, and enforces repository access and security policies via webhooks and RBAC.
More: https://ku.bz/mXXL2JPl4
This project provides a RESTful API interface over the Bitwarden Rust SDK to enable the External Secrets Operator to fetch vault secrets securely.
More: https://ku.bz/t-WF03pc3
More: https://ku.bz/t-WF03pc3
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 153:
🌍 Why Environments Beat Clusters for Developer Experience
🧩 Image Compatibility in Cloud Native Environments
🔁 From Terraform to Crossplane: Real-World IaC in Kubernetes for AWS
📊 Why Kube-State-Metrics Matters for Kubernetes Observability
⚙️ Optimising Kubernetes Deployment with Local Continuous Development Tooling
Read it now: https://kube.today/issues/153
⭐️ This newsletter is brought to you by Testkube - your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/Zfrty_fcC
🌍 Why Environments Beat Clusters for Developer Experience
🧩 Image Compatibility in Cloud Native Environments
🔁 From Terraform to Crossplane: Real-World IaC in Kubernetes for AWS
📊 Why Kube-State-Metrics Matters for Kubernetes Observability
⚙️ Optimising Kubernetes Deployment with Local Continuous Development Tooling
Read it now: https://kube.today/issues/153
⭐️ This newsletter is brought to you by Testkube - your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/Zfrty_fcC
This article shows how to build enterprise-level secret management in an MLOps setup using tools like Sealed Secrets, Git encryption, and clear team boundaries for secure, scalable credential handling.
More: https://ku.bz/2Dlnrr0W7
More: https://ku.bz/2Dlnrr0W7
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Jim Bugwadia, Co-Founder & CEO @ Nirmata, explains how to transform security compliance from a boring obligation into an exciting part of engineering culture.
He emphasizes that security is often viewed as a "day two" concern that impedes productivity, but argues there's a balance between security, productivity, and agility. Jim suggests that treating "security as code" or "compliance as code" (similar to infrastructure as code) makes security more engaging for platform engineers, allowing teams to integrate security best practices directly into their GitOps platforms and automate them rather than treating them as separate processes.
Watch the full interview: https://ku.bz/hYZXTmPV9
He emphasizes that security is often viewed as a "day two" concern that impedes productivity, but argues there's a balance between security, productivity, and agility. Jim suggests that treating "security as code" or "compliance as code" (similar to infrastructure as code) makes security more engaging for platform engineers, allowing teams to integrate security best practices directly into their GitOps platforms and automate them rather than treating them as separate processes.
Watch the full interview: https://ku.bz/hYZXTmPV9
This media is not supported in your browser
VIEW IN TELEGRAM
cnquery is a command-line tool that lets you inspect and query your cloud, Kubernetes, and servers from one place.
More: https://ku.bz/Jml2KcQ-N
More: https://ku.bz/Jml2KcQ-N
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
🎥 The Making of Flux finale: From GitOps tool to platform backbone
Episode 4 brings together the platform builders—GitLab, Microsoft, and Mirantis—who are embedding Flux at the heart of their enterprise offerings.
Bryan Ross (GitLab), Jane Yan (Microsoft), Sean O'Meara, and William Rizzo (Mirantis) reveal how GitOps has evolved from experiment to essential infrastructure.
Key insights:
- Why Microsoft chose Flux for Azure Arc's managed GitOps service
- How GitLab bridges the CI/CD to infrastructure gap with Flux
- Mirantis's vision for multi-cluster platform engineering with Cordant
Plus: Bryan's take on how AI will transform GitOps workflows (spoiler: less YAML, more architecture thinking).
Watch the series finale: https://ku.bz/tVqKwNYQH
🌟 Join the Flux maintainers and community at FluxCon, November 11th in Atlanta—register here
With @Birthmarkb
Episode 4 brings together the platform builders—GitLab, Microsoft, and Mirantis—who are embedding Flux at the heart of their enterprise offerings.
Bryan Ross (GitLab), Jane Yan (Microsoft), Sean O'Meara, and William Rizzo (Mirantis) reveal how GitOps has evolved from experiment to essential infrastructure.
Key insights:
- Why Microsoft chose Flux for Azure Arc's managed GitOps service
- How GitLab bridges the CI/CD to infrastructure gap with Flux
- Mirantis's vision for multi-cluster platform engineering with Cordant
Plus: Bryan's take on how AI will transform GitOps workflows (spoiler: less YAML, more architecture thinking).
Watch the series finale: https://ku.bz/tVqKwNYQH
🌟 Join the Flux maintainers and community at FluxCon, November 11th in Atlanta—register here
With @Birthmarkb
This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions.
More: https://ku.bz/PzHb6bP62
More: https://ku.bz/PzHb6bP62
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Mai Nishitani, Director of Enterprise Architecture at NTT Data and AWS Community Builder, demonstrates how Model Context Protocol (MCP) enables Claude to directly interact with Kubernetes clusters through natural language commands.
You will learn:
- How MCP servers work and why they're significant for standardizing AI integration with DevOps tools, moving beyond custom integrations to a universal protocol
- The practical capabilities and critical limitations of AI in Kubernetes operations
- Why fundamental troubleshooting skills matter more than ever as AI abstractions can fail in unexpected ways
Watch (or listen to) it here: https://ku.bz/3hWvQjXxp
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Hip hop back up dancer" Farrell
You will learn:
- How MCP servers work and why they're significant for standardizing AI integration with DevOps tools, moving beyond custom integrations to a universal protocol
- The practical capabilities and critical limitations of AI in Kubernetes operations
- Why fundamental troubleshooting skills matter more than ever as AI abstractions can fail in unexpected ways
Watch (or listen to) it here: https://ku.bz/3hWvQjXxp
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Hip hop back up dancer" Farrell
The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using
More: https://ku.bz/pQqpkgLM7
SubjectAccessReview.More: https://ku.bz/pQqpkgLM7
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 154:
🧩 Kubernetes Observability: Troubleshooting Packet Drops
⚙️ We Broke Our EKS Cluster Autoscaler and Fixed It
🌐 Managing Kubernetes Resources Across Multiple Clusters
🐝 From kube-proxy to eBPF (Cilium)
🚧 Diagnosing API Server Communication Issues
Read it now: https://kube.today/issues/154
⭐️ This newsletter is brought to you by Heroku — Discover the thriving ecosystem of contributors, companies, and career paths in the Kubernetes World book. Reserve your copy now https://ku.bz/B0nqF7jBW
🧩 Kubernetes Observability: Troubleshooting Packet Drops
⚙️ We Broke Our EKS Cluster Autoscaler and Fixed It
🌐 Managing Kubernetes Resources Across Multiple Clusters
🐝 From kube-proxy to eBPF (Cilium)
🚧 Diagnosing API Server Communication Issues
Read it now: https://kube.today/issues/154
⭐️ This newsletter is brought to you by Heroku — Discover the thriving ecosystem of contributors, companies, and career paths in the Kubernetes World book. Reserve your copy now https://ku.bz/B0nqF7jBW
This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges.
More: https://ku.bz/DzzV1cR4z
More: https://ku.bz/DzzV1cR4z
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way.
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/4ZQR0-Nf9
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/4ZQR0-Nf9
This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe.
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config.
More: https://ku.bz/5665x_NRr
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config.
More: https://ku.bz/5665x_NRr