cnquery is a command-line tool that lets you inspect and query your cloud, Kubernetes, and servers from one place.

More: https://ku.bz/Jml2KcQ-N

🎥 The Making of Flux finale: From GitOps tool to platform backbone

Episode 4 brings together the platform builders—GitLab, Microsoft, and Mirantis—who are embedding Flux at the heart of their enterprise offerings.
Bryan Ross (GitLab), Jane Yan (Microsoft), Sean O'Meara, and William Rizzo (Mirantis) reveal how GitOps has evolved from experiment to essential infrastructure.

Key insights:

- Why Microsoft chose Flux for Azure Arc's managed GitOps service
- How GitLab bridges the CI/CD to infrastructure gap with Flux
- Mirantis's vision for multi-cluster platform engineering with Cordant

Plus: Bryan's take on how AI will transform GitOps workflows (spoiler: less YAML, more architecture thinking).

Watch the series finale: https://ku.bz/tVqKwNYQH

🌟 Join the Flux maintainers and community at FluxCon, November 11th in Atlanta—register here

With @Birthmarkb

This case study describes how the author’s EKS cluster autoscaler broke after migrating to Amazon’s AL2023 image and how they resolved it by switching to IRSA (IAM Roles for Service Accounts) and adjusting permissions.

More: https://ku.bz/PzHb6bP62

Mai Nishitani, Director of Enterprise Architecture at NTT Data and AWS Community Builder, demonstrates how Model Context Protocol (MCP) enables Claude to directly interact with Kubernetes clusters through natural language commands.

You will learn:

- How MCP servers work and why they're significant for standardizing AI integration with DevOps tools, moving beyond custom integrations to a universal protocol
- The practical capabilities and critical limitations of AI in Kubernetes operations
- Why fundamental troubleshooting skills matter more than ever as AI abstractions can fail in unexpected ways

Watch (or listen to) it here: https://ku.bz/3hWvQjXxp

🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L

With @Birthmarkb "Hip hop back up dancer" Farrell

The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using SubjectAccessReview.

More: https://ku.bz/pQqpkgLM7

This week on Learn Kubernetes Weekly 154:

🧩 Kubernetes Observability: Troubleshooting Packet Drops
⚙️ We Broke Our EKS Cluster Autoscaler and Fixed It
🌐 Managing Kubernetes Resources Across Multiple Clusters
🐝 From kube-proxy to eBPF (Cilium)
🚧 Diagnosing API Server Communication Issues

Read it now: https://kube.today/issues/154

⭐️ This newsletter is brought to you by Heroku — Discover the thriving ecosystem of contributors, companies, and career paths in the Kubernetes World book. Reserve your copy now https://ku.bz/B0nqF7jBW

This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges.

More: https://ku.bz/DzzV1cR4z

Sealed Secrets provides declarative Kubernetes Secret Management in a secure way.

Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.

More: https://ku.bz/4ZQR0-Nf9

This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe.

It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config.

More: https://ku.bz/5665x_NRr

This article shows why setting hostUsers: false in PodSecurityPolicies or PodSecurity admission helps prevent pods from sharing host user IDs, reducing privilege risks.

More: https://ku.bz/Cy4YDVjJ4

Andrew Jeffree from SafetyCulture walks through their complete migration of 250+ microservices from a fragile Helm-based setup to GitOps with ArgoCD, all without any downtime.

You will learn:

- Zero-downtime migration techniques using temporary deployments with prune-last sync options to ensure healthy services before removing legacy ones
- How CUE lang improves on YAML by providing schema validation, early error detection, and a cleaner interface for developers
- Human-centric platform engineering approaches that prioritize developer experience and reduce on-call burden through empathy-driven design decisions

Watch (or listen to) it here: https://ku.bz/Xvyp1_Qcv

🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L

With @Birthmarkb "Grafic Design Skills" Farrell

SOPS: Secrets OPerationS is an operator for managing Kubernetes Secret Resources created from user-defined SopsSecrets CRDs, inspired by Bitnami SealedSecrets and sops.

More: https://ku.bz/Hmfb28_s_

This week on Learn Kubernetes Weekly 155:

✅ Scaling Real-Time Video on AWS
⚠️ 7 K8s Anti-Patterns That Hurt Us in Production
🧠 Deep Dive into Kubernetes Leases
⚖️ Kubernetes Pod Scheduling
🚦 How Kubernetes Pod Priority and Preemption Work

Read it now: https://kube.today/issues/155

⭐️ Heading to KubeCon?

Check out the @YAMLGames — the only quiz series where knowing Kubernetes might actually work against you. https://yaml.games

Join the Platform Engineering Challenge. Teams of 4 race to build a production Kubernetes IDP in 90 minutes https://ku.bz/s2RsPDpgH

This tutorial walks you through running kube-bench for CIS compliance on Kubernetes, how to scan clusters using Jobs or CronJobs and understand which configurations pass or fail.

More: https://ku.bz/ZjVpsVqNR

Harsha Koushik, a Security Researcher and Technical Product Manager at Palo Alto Networks, explores the complexities of securing containers within a multi-layered infrastructure.

He outlines essential practices, including choosing secure base images, managing dependencies, conducting Software Composition Analysis (SCA), creating Software Bill of Materials (SBOMs), and validating the supply chain.

Watch the full episode: https://ku.bz/n_sJ04xMY

This tool automates the issuance and renewal of TLS certificates inside Kubernetes by introducing custom resources like Certificate and Issuer.

More: https://ku.bz/dcDQCrkPn

This article explains how FQDN-Controller lets Kubernetes handle egress rules using domain names instead of fixed IPs.

It shows how this makes DNS-based network policies simple, flexible, and automatic.

More: https://ku.bz/zy6XXtmd1

🤝 What does it take to become part of the Kubernetes community?

After 12 in-depth interviews and months of research, we're releasing "Kubernetes World: Finding Your Path"—a book that explores the real journey into cloud native, beyond certifications and code contributions.
The book features conversations with:

- Bob Killen, Jorge Castro, and Taylor Dolezal on contributor experience
- Lin Sun and Kaslin Fields on navigating multiple paths
- Cortney Nickerson, Phil Estes, and Prasanth Baskar on building credibility
- Emily Long and Yasmin on networks and growth
- Whitney Lee on sustaining long-term involvement

What emerged from these conversations is a map of the invisible work, the mentorship moments, and the community values that actually matter when building a career in cloud native.

Special thanks to Heroku for sponsoring this project, to Yadin Porter de León for bringing these stories together, and to all our guests who shared their journeys.

Read it now: ku.bz/k8s-world

Oleksii Kolodiazhnyi, Senior Architect at Mirantis, shares his structured approach to Kubernetes workload assessment

You will learn:

- A top-down assessment methodology that starts with business cases and use cases before diving into technical details
- Practical visualization techniques using tools like KubeView, K9s, and Helm dashboard to quickly understand resource interactions
- Systematic resource discovery approaches for different scenarios, from well-documented Helm-based deployments to legacy applications with hard-coded configurations buried in containers

Watch (or listen to) it here: https://ku.bz/zDThxGQsP

🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7

With @Birthmarkb "Saiyam" Farrell

This week on Learn Kubernetes Weekly 156:

🔥 AI Infrastructure on Kubernetes
🏠 Achieving High Availability with Distributed Databases on Kubernetes at Airbnb
⚡ Optimizing Node and Pod Startup Performance
🎯 How Kubernetes Pod Priority and Preemption Work
⚖️ Kubernetes Pod Scheduling: Balancing Cost and Resilience

Read it now: https://kube.today/issues/156

⭐️ This newsletter is brought to you by StormForge by CloudBolt — ML-powered Kubernetes rightsizing that keeps clusters fast, efficient, and under control https://ku.bz/2CSC8dH38

🤖 Nirmata at KubeCon: Policy as Code, AI Agents, and the First-Ever KyvernoCon

Nirmata is bringing policy-as-code solutions to Booth 1340 at KubeCon Atlanta, where Head of Community Cortney Nickerson and the team will demonstrate how Kyverno helps platform engineers automate security, compliance, and governance across Kubernetes environments.

The company is launching a new AI platform engineering agent designed to reduce the toil of repetitive tasks, while its open-source Kyverno project is moving to CEL for more flexible policy management.

Stop by for Kyverno and Nirmata t-shirts, tumblers, and creative barbecue-themed stickers, plus enter raffles for Ray-Ban and Google Band sunglasses. Don't miss the first in-person KyvernoCon on November 10th, featuring talks on AI policies, visual learning sessions, and real-world use cases from IBM and Cisco—followed by a joint celebration party with the FluxCon community.

Stop by the Nirmata Booth: https://ku.bz/NcwTKq1jh