This tool automates the issuance and renewal of TLS certificates inside Kubernetes by introducing custom resources like
More: https://ku.bz/dcDQCrkPn
Certificate and Issuer.More: https://ku.bz/dcDQCrkPn
This article explains how FQDN-Controller lets Kubernetes handle egress rules using domain names instead of fixed IPs.
It shows how this makes DNS-based network policies simple, flexible, and automatic.
More: https://ku.bz/zy6XXtmd1
It shows how this makes DNS-based network policies simple, flexible, and automatic.
More: https://ku.bz/zy6XXtmd1
Forwarded from LearnKube news
🤝 What does it take to become part of the Kubernetes community?
After 12 in-depth interviews and months of research, we're releasing "Kubernetes World: Finding Your Path"—a book that explores the real journey into cloud native, beyond certifications and code contributions.
The book features conversations with:
- Bob Killen, Jorge Castro, and Taylor Dolezal on contributor experience
- Lin Sun and Kaslin Fields on navigating multiple paths
- Cortney Nickerson, Phil Estes, and Prasanth Baskar on building credibility
- Emily Long and Yasmin on networks and growth
- Whitney Lee on sustaining long-term involvement
What emerged from these conversations is a map of the invisible work, the mentorship moments, and the community values that actually matter when building a career in cloud native.
Special thanks to Heroku for sponsoring this project, to Yadin Porter de León for bringing these stories together, and to all our guests who shared their journeys.
Read it now: ku.bz/k8s-world
After 12 in-depth interviews and months of research, we're releasing "Kubernetes World: Finding Your Path"—a book that explores the real journey into cloud native, beyond certifications and code contributions.
The book features conversations with:
- Bob Killen, Jorge Castro, and Taylor Dolezal on contributor experience
- Lin Sun and Kaslin Fields on navigating multiple paths
- Cortney Nickerson, Phil Estes, and Prasanth Baskar on building credibility
- Emily Long and Yasmin on networks and growth
- Whitney Lee on sustaining long-term involvement
What emerged from these conversations is a map of the invisible work, the mentorship moments, and the community values that actually matter when building a career in cloud native.
Special thanks to Heroku for sponsoring this project, to Yadin Porter de León for bringing these stories together, and to all our guests who shared their journeys.
Read it now: ku.bz/k8s-world
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Oleksii Kolodiazhnyi, Senior Architect at Mirantis, shares his structured approach to Kubernetes workload assessment
You will learn:
- A top-down assessment methodology that starts with business cases and use cases before diving into technical details
- Practical visualization techniques using tools like KubeView, K9s, and Helm dashboard to quickly understand resource interactions
- Systematic resource discovery approaches for different scenarios, from well-documented Helm-based deployments to legacy applications with hard-coded configurations buried in containers
Watch (or listen to) it here: https://ku.bz/zDThxGQsP
🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7
With @Birthmarkb "Saiyam" Farrell
You will learn:
- A top-down assessment methodology that starts with business cases and use cases before diving into technical details
- Practical visualization techniques using tools like KubeView, K9s, and Helm dashboard to quickly understand resource interactions
- Systematic resource discovery approaches for different scenarios, from well-documented Helm-based deployments to legacy applications with hard-coded configurations buried in containers
Watch (or listen to) it here: https://ku.bz/zDThxGQsP
🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7
With @Birthmarkb "Saiyam" Farrell
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 156:
🔥 AI Infrastructure on Kubernetes
🏠 Achieving High Availability with Distributed Databases on Kubernetes at Airbnb
⚡ Optimizing Node and Pod Startup Performance
🎯 How Kubernetes Pod Priority and Preemption Work
⚖️ Kubernetes Pod Scheduling: Balancing Cost and Resilience
Read it now: https://kube.today/issues/156
⭐️ This newsletter is brought to you by StormForge by CloudBolt — ML-powered Kubernetes rightsizing that keeps clusters fast, efficient, and under control https://ku.bz/2CSC8dH38
🔥 AI Infrastructure on Kubernetes
🏠 Achieving High Availability with Distributed Databases on Kubernetes at Airbnb
⚡ Optimizing Node and Pod Startup Performance
🎯 How Kubernetes Pod Priority and Preemption Work
⚖️ Kubernetes Pod Scheduling: Balancing Cost and Resilience
Read it now: https://kube.today/issues/156
⭐️ This newsletter is brought to you by StormForge by CloudBolt — ML-powered Kubernetes rightsizing that keeps clusters fast, efficient, and under control https://ku.bz/2CSC8dH38
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
🤖 Nirmata at KubeCon: Policy as Code, AI Agents, and the First-Ever KyvernoCon
Nirmata is bringing policy-as-code solutions to Booth 1340 at KubeCon Atlanta, where Head of Community Cortney Nickerson and the team will demonstrate how Kyverno helps platform engineers automate security, compliance, and governance across Kubernetes environments.
The company is launching a new AI platform engineering agent designed to reduce the toil of repetitive tasks, while its open-source Kyverno project is moving to CEL for more flexible policy management.
Stop by for Kyverno and Nirmata t-shirts, tumblers, and creative barbecue-themed stickers, plus enter raffles for Ray-Ban and Google Band sunglasses. Don't miss the first in-person KyvernoCon on November 10th, featuring talks on AI policies, visual learning sessions, and real-world use cases from IBM and Cisco—followed by a joint celebration party with the FluxCon community.
Stop by the Nirmata Booth: https://ku.bz/NcwTKq1jh
Nirmata is bringing policy-as-code solutions to Booth 1340 at KubeCon Atlanta, where Head of Community Cortney Nickerson and the team will demonstrate how Kyverno helps platform engineers automate security, compliance, and governance across Kubernetes environments.
The company is launching a new AI platform engineering agent designed to reduce the toil of repetitive tasks, while its open-source Kyverno project is moving to CEL for more flexible policy management.
Stop by for Kyverno and Nirmata t-shirts, tumblers, and creative barbecue-themed stickers, plus enter raffles for Ray-Ban and Google Band sunglasses. Don't miss the first in-person KyvernoCon on November 10th, featuring talks on AI policies, visual learning sessions, and real-world use cases from IBM and Cisco—followed by a joint celebration party with the FluxCon community.
Stop by the Nirmata Booth: https://ku.bz/NcwTKq1jh
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Festus walks through his project of building a lightweight version of Kubernetes from scratch in Go.
You will learn:
- How the reconciliation loop works - The core concept of desired state vs current state that drives all Kubernetes operations
- What the scheduler actually does - Beyond simple round-robin assignment, understanding node affinity, resource requirements, and the complex scoring algorithms that determine pod placement
- The complete pod lifecycle - Step-by-step walkthrough from kubectl command to running pod, showing how independent components work together like an orchestra
Watch (or listen to) it here: https://ku.bz/pf5kK9lQF
🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7
With @Birthmarkb "protein bars diet" Farrell
You will learn:
- How the reconciliation loop works - The core concept of desired state vs current state that drives all Kubernetes operations
- What the scheduler actually does - Beyond simple round-robin assignment, understanding node affinity, resource requirements, and the complex scoring algorithms that determine pod placement
- The complete pod lifecycle - Step-by-step walkthrough from kubectl command to running pod, showing how independent components work together like an orchestra
Watch (or listen to) it here: https://ku.bz/pf5kK9lQF
🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7
With @Birthmarkb "protein bars diet" Farrell
This open-source tool lets you analyze connectivity, inspect applied NetworkPolicies, and generate policy YAMLs, all with an interactive fuzzy-finder UI and JSON/table outputs.
More: https://ku.bz/HJpY-dbmG
More: https://ku.bz/HJpY-dbmG
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 157:
⚙️ gRPC with ALB and Traefik: Building Reliable End-to-End Connectivity
🧭 How to Prevent Failures with Kubernetes Topology Spread Constraints
📜 Demystifying Kubernetes YAML: Structure, Patterns, and Best Practices
🔗 Shared Socket: Enhancing Kubernetes Pod Communication with eBPF
🌐 Kubernetes Networking Tutorial: A Complete Guide for Developers
Read it now: https://kube.today/issues/157
⭐️ This newsletter is brought to you by Testkube — your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/Zfrty_fcC
⚙️ gRPC with ALB and Traefik: Building Reliable End-to-End Connectivity
🧭 How to Prevent Failures with Kubernetes Topology Spread Constraints
📜 Demystifying Kubernetes YAML: Structure, Patterns, and Best Practices
🔗 Shared Socket: Enhancing Kubernetes Pod Communication with eBPF
🌐 Kubernetes Networking Tutorial: A Complete Guide for Developers
Read it now: https://kube.today/issues/157
⭐️ This newsletter is brought to you by Testkube — your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/Zfrty_fcC
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes.
More: https://ku.bz/zPwwpmMyV
More: https://ku.bz/zPwwpmMyV
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews.
More: https://ku.bz/blQ6ybFXN
More: https://ku.bz/blQ6ybFXN
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Tim Miller CEO and Co-founder at Kusari challenges the common belief that minimal container images automatically mean better security.
He explains that while removing unnecessary binaries and shells is a good practice, the real focus should be on validating each component's purpose in the container. Tim emphasizes two key aspects of container security: ensuring transparency (knowing what's inside) and verification (confirming the image is truly minimal).
Watch the full interview: https://ku.bz/-2Sqn9Jb9
This interview is a reaction to Harsha Koushik's episode https://ku.bz/n_sJ04xMY
He explains that while removing unnecessary binaries and shells is a good practice, the real focus should be on validating each component's purpose in the container. Tim emphasizes two key aspects of container security: ensuring transparency (knowing what's inside) and verification (confirming the image is truly minimal).
Watch the full interview: https://ku.bz/-2Sqn9Jb9
This interview is a reaction to Harsha Koushik's episode https://ku.bz/n_sJ04xMY
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way.
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/M_ZTLCWtB
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/M_ZTLCWtB
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Tanat shares the complete journey of replacing EKS Managed Node Groups and Cluster Autoscaler with Karpenter.
You will learn:
- How to decouple control plane and data plane upgrades using Karpenter's asynchronous node rollout capabilities
- Cost optimization strategies including flexible instance selection, automated AMD migration, and performance considerations
- Policy automation and operational practices using Kyverno for user experience simplification, implementing proper Pod Disruption Budgets
Watch (or listen to) it here: https://ku.bz/T6hDSWYhb
🌟 Speaking of Pod Disruption Budgets — we're running a deep dive webinar with StormForge next week on Kubernetes Scheduling: Priority, Preemption & Resource Requests.
Learn why high-priority pods evict workloads and how the scheduler decides which pods to kill under pressure: https://ku.bz/chJZ7bb-l
With @Birthmarkb "60+ interviews" Farrell
You will learn:
- How to decouple control plane and data plane upgrades using Karpenter's asynchronous node rollout capabilities
- Cost optimization strategies including flexible instance selection, automated AMD migration, and performance considerations
- Policy automation and operational practices using Kyverno for user experience simplification, implementing proper Pod Disruption Budgets
Watch (or listen to) it here: https://ku.bz/T6hDSWYhb
🌟 Speaking of Pod Disruption Budgets — we're running a deep dive webinar with StormForge next week on Kubernetes Scheduling: Priority, Preemption & Resource Requests.
Learn why high-priority pods evict workloads and how the scheduler decides which pods to kill under pressure: https://ku.bz/chJZ7bb-l
With @Birthmarkb "60+ interviews" Farrell
This open-source platform lets you run a self-hosted zero-trust secure access solution supporting VPN-like WireGuard/QUIC, ZTNA, API/AI gateways, homelab access and Kubernetes ingress on your own infrastructure.
More: https://ku.bz/JWMdMH_J8
More: https://ku.bz/JWMdMH_J8
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 158:
🔥 From Linux Primitives to Kubernetes Security Contexts
🚀 Migrating OpenShift Stateful Workloads to Azure Kubernetes Service (AKS)
🧠 Tuning Linux Swap for Kubernetes: A Deep Dive
💻 Remote Development Environment Supercharged with MCP Servers
🔍 Tracing Strategies for LLMs Running on Google Cloud Run
Read it now: https://kube.today/issues/158
⭐️ This issue is brought to you by StormForge by CloudBolt and LearnKube. Join "Kubernetes Scheduling Deep Dive: Priority, Preemption, and Resource Requests" and learn how to protect critical workloads under resource pressure https://ku.bz/jTvQKH2sn
🔥 From Linux Primitives to Kubernetes Security Contexts
🚀 Migrating OpenShift Stateful Workloads to Azure Kubernetes Service (AKS)
🧠 Tuning Linux Swap for Kubernetes: A Deep Dive
💻 Remote Development Environment Supercharged with MCP Servers
🔍 Tracing Strategies for LLMs Running on Google Cloud Run
Read it now: https://kube.today/issues/158
⭐️ This issue is brought to you by StormForge by CloudBolt and LearnKube. Join "Kubernetes Scheduling Deep Dive: Priority, Preemption, and Resource Requests" and learn how to protect critical workloads under resource pressure https://ku.bz/jTvQKH2sn
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation.
More: https://ku.bz/qg3j1t67t
More: https://ku.bz/qg3j1t67t
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Alex Chircop, Chief Architect @ Akamai, discusses three emerging Kubernetes tools he's tracking that address sophisticated workload challenges.
He explores KCP for scaling Kubernetes as a control plane to handle massive orchestration numbers, the ongoing challenges with OpenTelemetry for observability and, finally, and advanced access control systems beyond traditional CEL and OPA.
Watch the full interview: https://ku.bz/jHLJL8H6t
He explores KCP for scaling Kubernetes as a control plane to handle massive orchestration numbers, the ongoing challenges with OpenTelemetry for observability and, finally, and advanced access control systems beyond traditional CEL and OPA.
Watch the full interview: https://ku.bz/jHLJL8H6t
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication.
More: https://ku.bz/HsWb7TCYL
More: https://ku.bz/HsWb7TCYL
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Ratan Tipirneni, President & CEO @ Tigera, announces Calico AI, a new AI-powered initiative designed to unlock the value of Tigera's existing Calico platform.
He explains how Calico serves as a unified platform for Kubernetes networking, network security, and observability, and describes their strategy to leverage AI as an umbrella term for innovation over the next couple of years
Watch the interview: https://ku.bz/fwFG0jZNk
Read the announcement: https://ku.bz/1nljhB1vQ
He explains how Calico serves as a unified platform for Kubernetes networking, network security, and observability, and describes their strategy to leverage AI as an umbrella term for innovation over the next couple of years
Watch the interview: https://ku.bz/fwFG0jZNk
Read the announcement: https://ku.bz/1nljhB1vQ