Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 156:
🔥 AI Infrastructure on Kubernetes
🏠 Achieving High Availability with Distributed Databases on Kubernetes at Airbnb
⚡ Optimizing Node and Pod Startup Performance
🎯 How Kubernetes Pod Priority and Preemption Work
⚖️ Kubernetes Pod Scheduling: Balancing Cost and Resilience
Read it now: https://kube.today/issues/156
⭐️ This newsletter is brought to you by StormForge by CloudBolt — ML-powered Kubernetes rightsizing that keeps clusters fast, efficient, and under control https://ku.bz/2CSC8dH38
🔥 AI Infrastructure on Kubernetes
🏠 Achieving High Availability with Distributed Databases on Kubernetes at Airbnb
⚡ Optimizing Node and Pod Startup Performance
🎯 How Kubernetes Pod Priority and Preemption Work
⚖️ Kubernetes Pod Scheduling: Balancing Cost and Resilience
Read it now: https://kube.today/issues/156
⭐️ This newsletter is brought to you by StormForge by CloudBolt — ML-powered Kubernetes rightsizing that keeps clusters fast, efficient, and under control https://ku.bz/2CSC8dH38
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
🤖 Nirmata at KubeCon: Policy as Code, AI Agents, and the First-Ever KyvernoCon
Nirmata is bringing policy-as-code solutions to Booth 1340 at KubeCon Atlanta, where Head of Community Cortney Nickerson and the team will demonstrate how Kyverno helps platform engineers automate security, compliance, and governance across Kubernetes environments.
The company is launching a new AI platform engineering agent designed to reduce the toil of repetitive tasks, while its open-source Kyverno project is moving to CEL for more flexible policy management.
Stop by for Kyverno and Nirmata t-shirts, tumblers, and creative barbecue-themed stickers, plus enter raffles for Ray-Ban and Google Band sunglasses. Don't miss the first in-person KyvernoCon on November 10th, featuring talks on AI policies, visual learning sessions, and real-world use cases from IBM and Cisco—followed by a joint celebration party with the FluxCon community.
Stop by the Nirmata Booth: https://ku.bz/NcwTKq1jh
Nirmata is bringing policy-as-code solutions to Booth 1340 at KubeCon Atlanta, where Head of Community Cortney Nickerson and the team will demonstrate how Kyverno helps platform engineers automate security, compliance, and governance across Kubernetes environments.
The company is launching a new AI platform engineering agent designed to reduce the toil of repetitive tasks, while its open-source Kyverno project is moving to CEL for more flexible policy management.
Stop by for Kyverno and Nirmata t-shirts, tumblers, and creative barbecue-themed stickers, plus enter raffles for Ray-Ban and Google Band sunglasses. Don't miss the first in-person KyvernoCon on November 10th, featuring talks on AI policies, visual learning sessions, and real-world use cases from IBM and Cisco—followed by a joint celebration party with the FluxCon community.
Stop by the Nirmata Booth: https://ku.bz/NcwTKq1jh
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Festus walks through his project of building a lightweight version of Kubernetes from scratch in Go.
You will learn:
- How the reconciliation loop works - The core concept of desired state vs current state that drives all Kubernetes operations
- What the scheduler actually does - Beyond simple round-robin assignment, understanding node affinity, resource requirements, and the complex scoring algorithms that determine pod placement
- The complete pod lifecycle - Step-by-step walkthrough from kubectl command to running pod, showing how independent components work together like an orchestra
Watch (or listen to) it here: https://ku.bz/pf5kK9lQF
🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7
With @Birthmarkb "protein bars diet" Farrell
You will learn:
- How the reconciliation loop works - The core concept of desired state vs current state that drives all Kubernetes operations
- What the scheduler actually does - Beyond simple round-robin assignment, understanding node affinity, resource requirements, and the complex scoring algorithms that determine pod placement
- The complete pod lifecycle - Step-by-step walkthrough from kubectl command to running pod, showing how independent components work together like an orchestra
Watch (or listen to) it here: https://ku.bz/pf5kK9lQF
🌟 This episode is sponsored by StormForge by CloudBolt — automatically rightsize your Kubernetes workloads with ML-powered optimization https://ku.bz/Br1jCHcL7
With @Birthmarkb "protein bars diet" Farrell
This open-source tool lets you analyze connectivity, inspect applied NetworkPolicies, and generate policy YAMLs, all with an interactive fuzzy-finder UI and JSON/table outputs.
More: https://ku.bz/HJpY-dbmG
More: https://ku.bz/HJpY-dbmG
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 157:
⚙️ gRPC with ALB and Traefik: Building Reliable End-to-End Connectivity
🧭 How to Prevent Failures with Kubernetes Topology Spread Constraints
📜 Demystifying Kubernetes YAML: Structure, Patterns, and Best Practices
🔗 Shared Socket: Enhancing Kubernetes Pod Communication with eBPF
🌐 Kubernetes Networking Tutorial: A Complete Guide for Developers
Read it now: https://kube.today/issues/157
⭐️ This newsletter is brought to you by Testkube — your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/Zfrty_fcC
⚙️ gRPC with ALB and Traefik: Building Reliable End-to-End Connectivity
🧭 How to Prevent Failures with Kubernetes Topology Spread Constraints
📜 Demystifying Kubernetes YAML: Structure, Patterns, and Best Practices
🔗 Shared Socket: Enhancing Kubernetes Pod Communication with eBPF
🌐 Kubernetes Networking Tutorial: A Complete Guide for Developers
Read it now: https://kube.today/issues/157
⭐️ This newsletter is brought to you by Testkube — your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it https://ku.bz/Zfrty_fcC
This case study explains how BioCatch migrated their Vault environment from costly external storage to Raft, enabling high availability, easy disaster recovery, and lower operational costs in Kubernetes.
More: https://ku.bz/zPwwpmMyV
More: https://ku.bz/zPwwpmMyV
Kviklet provides a secure, self-hosted tool for engineering teams to request, review, and approve production database queries with a workflow inspired by code reviews.
More: https://ku.bz/blQ6ybFXN
More: https://ku.bz/blQ6ybFXN
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Tim Miller CEO and Co-founder at Kusari challenges the common belief that minimal container images automatically mean better security.
He explains that while removing unnecessary binaries and shells is a good practice, the real focus should be on validating each component's purpose in the container. Tim emphasizes two key aspects of container security: ensuring transparency (knowing what's inside) and verification (confirming the image is truly minimal).
Watch the full interview: https://ku.bz/-2Sqn9Jb9
This interview is a reaction to Harsha Koushik's episode https://ku.bz/n_sJ04xMY
He explains that while removing unnecessary binaries and shells is a good practice, the real focus should be on validating each component's purpose in the container. Tim emphasizes two key aspects of container security: ensuring transparency (knowing what's inside) and verification (confirming the image is truly minimal).
Watch the full interview: https://ku.bz/-2Sqn9Jb9
This interview is a reaction to Harsha Koushik's episode https://ku.bz/n_sJ04xMY
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way.
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/M_ZTLCWtB
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
More: https://ku.bz/M_ZTLCWtB
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Tanat shares the complete journey of replacing EKS Managed Node Groups and Cluster Autoscaler with Karpenter.
You will learn:
- How to decouple control plane and data plane upgrades using Karpenter's asynchronous node rollout capabilities
- Cost optimization strategies including flexible instance selection, automated AMD migration, and performance considerations
- Policy automation and operational practices using Kyverno for user experience simplification, implementing proper Pod Disruption Budgets
Watch (or listen to) it here: https://ku.bz/T6hDSWYhb
🌟 Speaking of Pod Disruption Budgets — we're running a deep dive webinar with StormForge next week on Kubernetes Scheduling: Priority, Preemption & Resource Requests.
Learn why high-priority pods evict workloads and how the scheduler decides which pods to kill under pressure: https://ku.bz/chJZ7bb-l
With @Birthmarkb "60+ interviews" Farrell
You will learn:
- How to decouple control plane and data plane upgrades using Karpenter's asynchronous node rollout capabilities
- Cost optimization strategies including flexible instance selection, automated AMD migration, and performance considerations
- Policy automation and operational practices using Kyverno for user experience simplification, implementing proper Pod Disruption Budgets
Watch (or listen to) it here: https://ku.bz/T6hDSWYhb
🌟 Speaking of Pod Disruption Budgets — we're running a deep dive webinar with StormForge next week on Kubernetes Scheduling: Priority, Preemption & Resource Requests.
Learn why high-priority pods evict workloads and how the scheduler decides which pods to kill under pressure: https://ku.bz/chJZ7bb-l
With @Birthmarkb "60+ interviews" Farrell
This open-source platform lets you run a self-hosted zero-trust secure access solution supporting VPN-like WireGuard/QUIC, ZTNA, API/AI gateways, homelab access and Kubernetes ingress on your own infrastructure.
More: https://ku.bz/JWMdMH_J8
More: https://ku.bz/JWMdMH_J8
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 158:
🔥 From Linux Primitives to Kubernetes Security Contexts
🚀 Migrating OpenShift Stateful Workloads to Azure Kubernetes Service (AKS)
🧠 Tuning Linux Swap for Kubernetes: A Deep Dive
💻 Remote Development Environment Supercharged with MCP Servers
🔍 Tracing Strategies for LLMs Running on Google Cloud Run
Read it now: https://kube.today/issues/158
⭐️ This issue is brought to you by StormForge by CloudBolt and LearnKube. Join "Kubernetes Scheduling Deep Dive: Priority, Preemption, and Resource Requests" and learn how to protect critical workloads under resource pressure https://ku.bz/jTvQKH2sn
🔥 From Linux Primitives to Kubernetes Security Contexts
🚀 Migrating OpenShift Stateful Workloads to Azure Kubernetes Service (AKS)
🧠 Tuning Linux Swap for Kubernetes: A Deep Dive
💻 Remote Development Environment Supercharged with MCP Servers
🔍 Tracing Strategies for LLMs Running on Google Cloud Run
Read it now: https://kube.today/issues/158
⭐️ This issue is brought to you by StormForge by CloudBolt and LearnKube. Join "Kubernetes Scheduling Deep Dive: Priority, Preemption, and Resource Requests" and learn how to protect critical workloads under resource pressure https://ku.bz/jTvQKH2sn
OpenBao provides an open-source solution to manage, store, and distribute secrets, certificates, and keys with secure encryption, dynamic secrets, automated leasing, and detailed revocation.
More: https://ku.bz/qg3j1t67t
More: https://ku.bz/qg3j1t67t
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Alex Chircop, Chief Architect @ Akamai, discusses three emerging Kubernetes tools he's tracking that address sophisticated workload challenges.
He explores KCP for scaling Kubernetes as a control plane to handle massive orchestration numbers, the ongoing challenges with OpenTelemetry for observability and, finally, and advanced access control systems beyond traditional CEL and OPA.
Watch the full interview: https://ku.bz/jHLJL8H6t
He explores KCP for scaling Kubernetes as a control plane to handle massive orchestration numbers, the ongoing challenges with OpenTelemetry for observability and, finally, and advanced access control systems beyond traditional CEL and OPA.
Watch the full interview: https://ku.bz/jHLJL8H6t
This tutorial walks you through deploying SPIFFE and SPIRE in Kubernetes to issue cryptographically secure, auto-rotating identities to workloads, enabling mTLS and zero-trust communication.
More: https://ku.bz/HsWb7TCYL
More: https://ku.bz/HsWb7TCYL
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
Ratan Tipirneni, President & CEO @ Tigera, announces Calico AI, a new AI-powered initiative designed to unlock the value of Tigera's existing Calico platform.
He explains how Calico serves as a unified platform for Kubernetes networking, network security, and observability, and describes their strategy to leverage AI as an umbrella term for innovation over the next couple of years
Watch the interview: https://ku.bz/fwFG0jZNk
Read the announcement: https://ku.bz/1nljhB1vQ
He explains how Calico serves as a unified platform for Kubernetes networking, network security, and observability, and describes their strategy to leverage AI as an umbrella term for innovation over the next couple of years
Watch the interview: https://ku.bz/fwFG0jZNk
Read the announcement: https://ku.bz/1nljhB1vQ
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Amos walks through his production incident where adding a home computer as a Kubernetes node caused TLS certificate renewals to fail.
You will learn:
- How Kubernetes networking assumptions break when mixing cloud VMs with nodes behind consumer routers, and why cert-manager challenges fail in NAT environments
- The differences between CNI plugins like Flannel and Calico, particularly how they handle IPv6 translation
- Debugging techniques for network issues using tools like netshoot, K9s, and iproute2
- Best practices for mixed infrastructure including proper node labeling, taints, and scheduling controls
Watch (or listen to) it here: https://ku.bz/6Ll_7slr9
🌟 This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person or remote training https://learnkube.com/training
With @Birthmarkb "50 off grid YT shorts" Farrell
You will learn:
- How Kubernetes networking assumptions break when mixing cloud VMs with nodes behind consumer routers, and why cert-manager challenges fail in NAT environments
- The differences between CNI plugins like Flannel and Calico, particularly how they handle IPv6 translation
- Debugging techniques for network issues using tools like netshoot, K9s, and iproute2
- Best practices for mixed infrastructure including proper node labeling, taints, and scheduling controls
Watch (or listen to) it here: https://ku.bz/6Ll_7slr9
🌟 This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person or remote training https://learnkube.com/training
With @Birthmarkb "50 off grid YT shorts" Farrell
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 159:
🔥 Kubernetes CPU Limits: Scylla and Charybdis
🧭 Kubernetes v1.34: Finer-Grained Control Over Container Restarts
🗂️ Understanding Kubernetes Cached Clients: How They Work and Why They Matter
💸 Understanding the True Cost of a Kubernetes Workload
🪙 Cloud Cost Optimization: A Senior Engineer’s Guide
Read it now: https://kube.today/issues/159
⭐️ This newsletter is brought to you by Heroku. Discover the thriving ecosystem of contributors, companies, and career paths in the Kubernetes World book https://ku.bz/bhlMdNf61
🔥 Kubernetes CPU Limits: Scylla and Charybdis
🧭 Kubernetes v1.34: Finer-Grained Control Over Container Restarts
🗂️ Understanding Kubernetes Cached Clients: How They Work and Why They Matter
💸 Understanding the True Cost of a Kubernetes Workload
🪙 Cloud Cost Optimization: A Senior Engineer’s Guide
Read it now: https://kube.today/issues/159
⭐️ This newsletter is brought to you by Heroku. Discover the thriving ecosystem of contributors, companies, and career paths in the Kubernetes World book https://ku.bz/bhlMdNf61
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Gordon Myers explains why thorough testing is critical when implementing webhooks in Kubernetes.
He shares a real-world example of building a Mutating Webhook that injects secrets from HashiCorp Vault into running applications using pod annotations. The discussion covers:
- How a
- The implementation of a custom entry point noscript for injecting secrets as environment variables
- Why webhooks require extensive unit testing due to their cluster-wide impact
The example demonstrates how seemingly simple webhook implementations can have significant consequences for the entire Kubernetes cluster if not properly tested.
Watch the full episode: https://ku.bz/Dmn93dd7M
He shares a real-world example of building a Mutating Webhook that injects secrets from HashiCorp Vault into running applications using pod annotations. The discussion covers:
- How a
500 error in webhooks can prevent pods from launching entirely- The implementation of a custom entry point noscript for injecting secrets as environment variables
- Why webhooks require extensive unit testing due to their cluster-wide impact
The example demonstrates how seemingly simple webhook implementations can have significant consequences for the entire Kubernetes cluster if not properly tested.
Watch the full episode: https://ku.bz/Dmn93dd7M
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Alex Arnell, Principal Member of Technical Staff at Heroku, shares three Kubernetes tools he's actively monitoring from both production experience and personal interest.
He provides insights into the OpenTelemetry Operator, which Heroku uses extensively for managing collectors and auto-instrumentation, particularly highlighting the target allocator feature for dynamic collector configuration.
Alex also discusses SPIFFE and Spire for identity management, noting the quality of their Kubernetes implementation and certificate provisioning capabilities for workload identity verification. Finally, he covers KEDA (Kubernetes Event-Driven Autoscaler), explaining its appeal for platform-as-a-service providers due to its scale-to-zero capabilities and telemetry integrations, even though Heroku isn't currently using it in production.
Watch the full interview: https://ku.bz/Lsr8gltrH
He provides insights into the OpenTelemetry Operator, which Heroku uses extensively for managing collectors and auto-instrumentation, particularly highlighting the target allocator feature for dynamic collector configuration.
Alex also discusses SPIFFE and Spire for identity management, noting the quality of their Kubernetes implementation and certificate provisioning capabilities for workload identity verification. Finally, he covers KEDA (Kubernetes Event-Driven Autoscaler), explaining its appeal for platform-as-a-service providers due to its scale-to-zero capabilities and telemetry integrations, even though Heroku isn't currently using it in production.
Watch the full interview: https://ku.bz/Lsr8gltrH