This week on Learn Kubernetes Weekly 160:

🌐 Kubernetes Networking from Packets to Pods
⚙️ Seamless Istio Upgrades at Scale
🔍 How I find and fix Kubernetes Exit Codes and Misconfigurations for free
🔒 Kubernetes security fundamentals: networking
📊 A Step-by-Step Guide to Jaeger Tracing on Kubernetes

Read it now: https://kube.today/issues/160

⭐️ This issue is brought to you by vCluster Labs and Learnkube. To explore the architecture from hardware to runtime and understand why GPU scheduling is different, join the free webinar on GPU Sharing Mechanisms in Kubernetes https://ku.bz/8GzcKPzzF

This tool provides a Model Context Protocol (MCP) server for querying Kubernetes Audit Logs across cloud providers using AWS CloudWatch, GCP Logging, and Alibaba SLS.

More: https://ku.bz/Hm_CMFF66

This tutorial walks you through enabling, running, and monitoring IPv6 networking on Kubernetes clusters using Cilium

More: https://ku.bz/b6RFcGQjF

Kube No Trouble (kubent) is a tool to check whether you're using any deprecated APIs in your cluster and therefore should upgrade your workloads first, before upgrading your Kubernetes cluster.

More: https://ku.bz/zMyZdL3w6

This article explores why using Kubernetes namespaces alone is not a sufficient isolation or security boundary.

It shows common pitfalls and many attack paths that let a tenant escape isolation even if you only gave them access to a single namespace.

More: https://ku.bz/PCmRjmB57

Tetragon enables powerful real-time, eBPF-based security observability and runtime enforcement.

It is Kubernetes-aware and understands identities, allowing security event detection to be configured in relation to individual workloads.

More: https://ku.bz/WrhnVyd2p

This week on Learn Kubernetes Weekly 161:

🔥 Kubernetes Informers Are So Easy... To Misuse!
🎤 KubeCon 2025: Three Things This Year’s Conversations Told Me About Kubernetes Optimization
🛑 Importance of Graceful Shutdown in Kubernetes
🚪 Breaking Boundaries: Kubernetes Namespaces and Multi-tenancy
🎯 Centralizing Helm Charts: Moving Beyond Ingress with HTTPProxy

Read it now: https://kube.today/issues/161

⭐️ This newsletter is brought to you by StormForge by CloudBolt — ML-powered Kubernetes rightsizing that keeps clusters fast, efficient, and under control https://ku.bz/2CSC8dH38

kubelogin is a kubectl plugin for Kubernetes OpenID Connect (OIDC) authentication, also known as kubectl oidc-login.

More: https://ku.bz/tVhnrW9MG

This article explains how to remove permission checks from microservices and build a centralized authorization layer with Kong OSS and OpenFGA.

More: https://ku.bz/50Pf5hFcV

This open-source tool helps you manage authentication and access across servers, databases and Kubernetes clusters via API or CLI.

More: https://ku.bz/VYnDyMT1h

This article shows how to use the Kong OIDC plugin together with Keycloak to secure cluster services and HTTP routes at the API gateway level.

More: https://ku.bz/2Q103hfW1

This tool delivers real-time node/pod-level process, file and network visibility for Kubernetes and bare-metal environments, with rule-based alerts, dashboards and hybrid cloud support.

More: https://ku.bz/7lk94WvMv

This week on Learn Kubernetes Weekly 162:

🐍 Kubernetes Needs Its Python Moment
☁️ Migrating Kubernetes out of the Big Cloud Providers
📦 Kubernetes v1.34: DRA Consumable Capacity
🛠️ Managing APIs in Kubernetes with Kong Ingress Controller
🚑 Fixing Upstream Connect Errors (Docker, Kubernetes, Spring Boot & More)

Read it now: https://kube.today/issues/162

⭐️ This newsletter is brought to you by Depot — Speed up your Docker builds by up to 40x with Depot's cloud-based builders https://ku.bz/bnY9lr632

This article introduces ChaosRoom, a playful tool that helps engineers learn chaos engineering by running mini-games simulating faults and observing how systems respond.

More: https://ku.bz/2GlrYmTbT

This week's 6 best Kubernetes vacancies that focus on security are:

DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨‍💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV

DevSecOps Engineer with Airwallex
💰 $200K to $300K a year
🏠🏃🏻‍♂️🌎 San Francisco, CA, USA
→ https://ku.bz/9V59yN3h9

Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4

DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨‍💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk

👉 Browse 867 jobs on Kube Careers https://kube.careers

This code tool helps you gather logs, metrics and code changes, then uses AI-powered root-cause analysis to surface what broke in production and suggest immediate fixes.

More: https://ku.bz/srJCYmX4J

This article explains how to use Vault Agent Injector (a mutating webhook) to inject secrets into Kubernetes pods securely, without modifying application code.

More: https://ku.bz/DXC0qMd79

This tool enables you to scan and enforce compliance across multi-cloud infrastructure with customizable YAML rules, alerts and integrations.

More: https://ku.bz/JZJpNJqnz

This article explains how eBPF lets you run small, verified programs inside the Linux kernel to unlock powerful observability, security, and networking capabilities without custom kernel modules.

More: https://ku.bz/TYf7Jy6cs

This week on Learn Kubernetes Weekly 163:

🔥 What would a Kubernetes 2.0 Look Like
🐍 Trying to Break out of the Python REPL Sandbox in a Kubernetes Environment: A Practical Journey
🛠️ Karpenter at Beekeeper by LumApps: Fun Stories
💥 Extracting JVM Data from Crash-Looping Java Containers in Kubernetes
🎮 ChaosRoom: Hands-On Chaos Engineering Through Games

Read it now: https://kube.today/issues/163

⭐️ This newsletter is brought to you by Depot — Speed up your Docker builds by up to 40x with Depot's cloud-based builders https://ku.bz/mTfYrBkWZ

Crowdsec is a security engine that detects malicious behavior from logs and community-shared intelligence, allowing you to block bad IPs and share threat data across your fleet.

More: https://ku.bz/M6t4FjWLg