The kube-rbac-proxy is an HTTP proxy for a single upstream, that can perform RBAC authorization against the Kubernetes API using
More: https://ku.bz/pQqpkgLM7
SubjectAccessReview.More: https://ku.bz/pQqpkgLM7
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 154:
🧩 Kubernetes Observability: Troubleshooting Packet Drops
⚙️ We Broke Our EKS Cluster Autoscaler and Fixed It
🌐 Managing Kubernetes Resources Across Multiple Clusters
🐝 From kube-proxy to eBPF (Cilium)
🚧 Diagnosing API Server Communication Issues
Read it now: https://kube.today/issues/154
⭐️ This newsletter is brought to you by Heroku — Discover the thriving ecosystem of contributors, companies, and career paths in the Kubernetes World book. Reserve your copy now https://ku.bz/B0nqF7jBW
🧩 Kubernetes Observability: Troubleshooting Packet Drops
⚙️ We Broke Our EKS Cluster Autoscaler and Fixed It
🌐 Managing Kubernetes Resources Across Multiple Clusters
🐝 From kube-proxy to eBPF (Cilium)
🚧 Diagnosing API Server Communication Issues
Read it now: https://kube.today/issues/154
⭐️ This newsletter is brought to you by Heroku — Discover the thriving ecosystem of contributors, companies, and career paths in the Kubernetes World book. Reserve your copy now https://ku.bz/B0nqF7jBW
This article explains how Kubernetes v1.33 enables hybrid post-quantum key exchange (X25519MLKEM768) by default via Go 1.24 and discusses implementation challenges.
More: https://ku.bz/DzzV1cR4z
More: https://ku.bz/DzzV1cR4z
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way.
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/4ZQR0-Nf9
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/4ZQR0-Nf9
This project builds a low-code honeypot using LLMs behind the scenes to mimic realistic interactions while staying safe.
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config.
More: https://ku.bz/5665x_NRr
It supports SSH, HTTP, TCP, Prometheus metrics, Kubernetes deployment, and YAML config.
More: https://ku.bz/5665x_NRr
This article shows why setting
More: https://ku.bz/Cy4YDVjJ4
hostUsers: false in PodSecurityPolicies or PodSecurity admission helps prevent pods from sharing host user IDs, reducing privilege risks.More: https://ku.bz/Cy4YDVjJ4
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Andrew Jeffree from SafetyCulture walks through their complete migration of 250+ microservices from a fragile Helm-based setup to GitOps with ArgoCD, all without any downtime.
You will learn:
- Zero-downtime migration techniques using temporary deployments with prune-last sync options to ensure healthy services before removing legacy ones
- How CUE lang improves on YAML by providing schema validation, early error detection, and a cleaner interface for developers
- Human-centric platform engineering approaches that prioritize developer experience and reduce on-call burden through empathy-driven design decisions
Watch (or listen to) it here: https://ku.bz/Xvyp1_Qcv
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Grafic Design Skills" Farrell
You will learn:
- Zero-downtime migration techniques using temporary deployments with prune-last sync options to ensure healthy services before removing legacy ones
- How CUE lang improves on YAML by providing schema validation, early error detection, and a cleaner interface for developers
- Human-centric platform engineering approaches that prioritize developer experience and reduce on-call burden through empathy-driven design decisions
Watch (or listen to) it here: https://ku.bz/Xvyp1_Qcv
🌟 This episode is brought to you by Testkube—the ultimate Continuous Testing Platform for Cloud Native applications. Scale fast, test continuously, and ship confidently https://ku.bz/lnxYK3s0L
With @Birthmarkb "Grafic Design Skills" Farrell
SOPS: Secrets OPerationS is an operator for managing Kubernetes Secret Resources created from user-defined SopsSecrets CRDs, inspired by Bitnami SealedSecrets and sops.
More: https://ku.bz/Hmfb28_s_
More: https://ku.bz/Hmfb28_s_
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 155:
✅ Scaling Real-Time Video on AWS
⚠️ 7 K8s Anti-Patterns That Hurt Us in Production
🧠 Deep Dive into Kubernetes Leases
⚖️ Kubernetes Pod Scheduling
🚦 How Kubernetes Pod Priority and Preemption Work
Read it now: https://kube.today/issues/155
⭐️ Heading to KubeCon?
Check out the @YAMLGames — the only quiz series where knowing Kubernetes might actually work against you. https://yaml.games
Join the Platform Engineering Challenge. Teams of 4 race to build a production Kubernetes IDP in 90 minutes https://ku.bz/s2RsPDpgH
✅ Scaling Real-Time Video on AWS
⚠️ 7 K8s Anti-Patterns That Hurt Us in Production
🧠 Deep Dive into Kubernetes Leases
⚖️ Kubernetes Pod Scheduling
🚦 How Kubernetes Pod Priority and Preemption Work
Read it now: https://kube.today/issues/155
⭐️ Heading to KubeCon?
Check out the @YAMLGames — the only quiz series where knowing Kubernetes might actually work against you. https://yaml.games
Join the Platform Engineering Challenge. Teams of 4 race to build a production Kubernetes IDP in 90 minutes https://ku.bz/s2RsPDpgH
This tutorial walks you through running kube-bench for CIS compliance on Kubernetes, how to scan clusters using Jobs or CronJobs and understand which configurations pass or fail.
More: https://ku.bz/ZjVpsVqNR
More: https://ku.bz/ZjVpsVqNR
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Harsha Koushik, a Security Researcher and Technical Product Manager at Palo Alto Networks, explores the complexities of securing containers within a multi-layered infrastructure.
He outlines essential practices, including choosing secure base images, managing dependencies, conducting Software Composition Analysis (SCA), creating Software Bill of Materials (SBOMs), and validating the supply chain.
Watch the full episode: https://ku.bz/n_sJ04xMY
He outlines essential practices, including choosing secure base images, managing dependencies, conducting Software Composition Analysis (SCA), creating Software Bill of Materials (SBOMs), and validating the supply chain.
Watch the full episode: https://ku.bz/n_sJ04xMY
This tool automates the issuance and renewal of TLS certificates inside Kubernetes by introducing custom resources like
More: https://ku.bz/dcDQCrkPn
Certificate and Issuer.More: https://ku.bz/dcDQCrkPn
This article explains how FQDN-Controller lets Kubernetes handle egress rules using domain names instead of fixed IPs.
It shows how this makes DNS-based network policies simple, flexible, and automatic.
More: https://ku.bz/zy6XXtmd1
It shows how this makes DNS-based network policies simple, flexible, and automatic.
More: https://ku.bz/zy6XXtmd1
Forwarded from LearnKube news
🤝 What does it take to become part of the Kubernetes community?
After 12 in-depth interviews and months of research, we're releasing "Kubernetes World: Finding Your Path"—a book that explores the real journey into cloud native, beyond certifications and code contributions.
The book features conversations with:
- Bob Killen, Jorge Castro, and Taylor Dolezal on contributor experience
- Lin Sun and Kaslin Fields on navigating multiple paths
- Cortney Nickerson, Phil Estes, and Prasanth Baskar on building credibility
- Emily Long and Yasmin on networks and growth
- Whitney Lee on sustaining long-term involvement
What emerged from these conversations is a map of the invisible work, the mentorship moments, and the community values that actually matter when building a career in cloud native.
Special thanks to Heroku for sponsoring this project, to Yadin Porter de León for bringing these stories together, and to all our guests who shared their journeys.
Read it now: ku.bz/k8s-world
After 12 in-depth interviews and months of research, we're releasing "Kubernetes World: Finding Your Path"—a book that explores the real journey into cloud native, beyond certifications and code contributions.
The book features conversations with:
- Bob Killen, Jorge Castro, and Taylor Dolezal on contributor experience
- Lin Sun and Kaslin Fields on navigating multiple paths
- Cortney Nickerson, Phil Estes, and Prasanth Baskar on building credibility
- Emily Long and Yasmin on networks and growth
- Whitney Lee on sustaining long-term involvement
What emerged from these conversations is a map of the invisible work, the mentorship moments, and the community values that actually matter when building a career in cloud native.
Special thanks to Heroku for sponsoring this project, to Yadin Porter de León for bringing these stories together, and to all our guests who shared their journeys.
Read it now: ku.bz/k8s-world
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Oleksii Kolodiazhnyi, Senior Architect at Mirantis, shares his structured approach to Kubernetes workload assessment
You will learn:
- A top-down assessment methodology that starts with business cases and use cases before diving into technical details
- Practical visualization techniques using tools like KubeView, K9s, and Helm dashboard to quickly understand resource interactions
- Systematic resource discovery approaches for different scenarios, from well-documented Helm-based deployments to legacy applications with hard-coded configurations buried in containers
Watch (or listen to) it here: https://ku.bz/zDThxGQsP
🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7
With @Birthmarkb "Saiyam" Farrell
You will learn:
- A top-down assessment methodology that starts with business cases and use cases before diving into technical details
- Practical visualization techniques using tools like KubeView, K9s, and Helm dashboard to quickly understand resource interactions
- Systematic resource discovery approaches for different scenarios, from well-documented Helm-based deployments to legacy applications with hard-coded configurations buried in containers
Watch (or listen to) it here: https://ku.bz/zDThxGQsP
🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7
With @Birthmarkb "Saiyam" Farrell
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 156:
🔥 AI Infrastructure on Kubernetes
🏠 Achieving High Availability with Distributed Databases on Kubernetes at Airbnb
⚡ Optimizing Node and Pod Startup Performance
🎯 How Kubernetes Pod Priority and Preemption Work
⚖️ Kubernetes Pod Scheduling: Balancing Cost and Resilience
Read it now: https://kube.today/issues/156
⭐️ This newsletter is brought to you by StormForge by CloudBolt — ML-powered Kubernetes rightsizing that keeps clusters fast, efficient, and under control https://ku.bz/2CSC8dH38
🔥 AI Infrastructure on Kubernetes
🏠 Achieving High Availability with Distributed Databases on Kubernetes at Airbnb
⚡ Optimizing Node and Pod Startup Performance
🎯 How Kubernetes Pod Priority and Preemption Work
⚖️ Kubernetes Pod Scheduling: Balancing Cost and Resilience
Read it now: https://kube.today/issues/156
⭐️ This newsletter is brought to you by StormForge by CloudBolt — ML-powered Kubernetes rightsizing that keeps clusters fast, efficient, and under control https://ku.bz/2CSC8dH38
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
🤖 Nirmata at KubeCon: Policy as Code, AI Agents, and the First-Ever KyvernoCon
Nirmata is bringing policy-as-code solutions to Booth 1340 at KubeCon Atlanta, where Head of Community Cortney Nickerson and the team will demonstrate how Kyverno helps platform engineers automate security, compliance, and governance across Kubernetes environments.
The company is launching a new AI platform engineering agent designed to reduce the toil of repetitive tasks, while its open-source Kyverno project is moving to CEL for more flexible policy management.
Stop by for Kyverno and Nirmata t-shirts, tumblers, and creative barbecue-themed stickers, plus enter raffles for Ray-Ban and Google Band sunglasses. Don't miss the first in-person KyvernoCon on November 10th, featuring talks on AI policies, visual learning sessions, and real-world use cases from IBM and Cisco—followed by a joint celebration party with the FluxCon community.
Stop by the Nirmata Booth: https://ku.bz/NcwTKq1jh
Nirmata is bringing policy-as-code solutions to Booth 1340 at KubeCon Atlanta, where Head of Community Cortney Nickerson and the team will demonstrate how Kyverno helps platform engineers automate security, compliance, and governance across Kubernetes environments.
The company is launching a new AI platform engineering agent designed to reduce the toil of repetitive tasks, while its open-source Kyverno project is moving to CEL for more flexible policy management.
Stop by for Kyverno and Nirmata t-shirts, tumblers, and creative barbecue-themed stickers, plus enter raffles for Ray-Ban and Google Band sunglasses. Don't miss the first in-person KyvernoCon on November 10th, featuring talks on AI policies, visual learning sessions, and real-world use cases from IBM and Cisco—followed by a joint celebration party with the FluxCon community.
Stop by the Nirmata Booth: https://ku.bz/NcwTKq1jh
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Festus walks through his project of building a lightweight version of Kubernetes from scratch in Go.
You will learn:
- How the reconciliation loop works - The core concept of desired state vs current state that drives all Kubernetes operations
- What the scheduler actually does - Beyond simple round-robin assignment, understanding node affinity, resource requirements, and the complex scoring algorithms that determine pod placement
- The complete pod lifecycle - Step-by-step walkthrough from kubectl command to running pod, showing how independent components work together like an orchestra
Watch (or listen to) it here: https://ku.bz/pf5kK9lQF
🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7
With @Birthmarkb "protein bars diet" Farrell
You will learn:
- How the reconciliation loop works - The core concept of desired state vs current state that drives all Kubernetes operations
- What the scheduler actually does - Beyond simple round-robin assignment, understanding node affinity, resource requirements, and the complex scoring algorithms that determine pod placement
- The complete pod lifecycle - Step-by-step walkthrough from kubectl command to running pod, showing how independent components work together like an orchestra
Watch (or listen to) it here: https://ku.bz/pf5kK9lQF
🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7
With @Birthmarkb "protein bars diet" Farrell
This open-source tool lets you analyze connectivity, inspect applied NetworkPolicies, and generate policy YAMLs, all with an interactive fuzzy-finder UI and JSON/table outputs.
More: https://ku.bz/HJpY-dbmG
More: https://ku.bz/HJpY-dbmG
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 157:
⚙️ gRPC with ALB and Traefik: Building Reliable End-to-End Connectivity
🧭 How to Prevent Failures with Kubernetes Topology Spread Constraints
📜 Demystifying Kubernetes YAML: Structure, Patterns, and Best Practices
🔗 Shared Socket: Enhancing Kubernetes Pod Communication with eBPF
🌐 Kubernetes Networking Tutorial: A Complete Guide for Developers
Read it now: https://kube.today/issues/157
⭐️ This newsletter is brought to you by Testkube — your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/Zfrty_fcC
⚙️ gRPC with ALB and Traefik: Building Reliable End-to-End Connectivity
🧭 How to Prevent Failures with Kubernetes Topology Spread Constraints
📜 Demystifying Kubernetes YAML: Structure, Patterns, and Best Practices
🔗 Shared Socket: Enhancing Kubernetes Pod Communication with eBPF
🌐 Kubernetes Networking Tutorial: A Complete Guide for Developers
Read it now: https://kube.today/issues/157
⭐️ This newsletter is brought to you by Testkube — your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/Zfrty_fcC
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes.
More: https://ku.bz/zPwwpmMyV
More: https://ku.bz/zPwwpmMyV