Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 166:
🚀 How We Moved a 2 Million RPM WebSocket Service to EKS and Fixed a Critical Bottleneck
🔒 Beyond the Surface: Exploring Attacker Persistence Strategies in Kubernetes
📊 Standardizing CRD Condition Metrics in Kubernetes Operators
⚡ Scaling Dagster on Kubernetes: Best Practices for 50+ Code Locations
🌐 An Introduction to Envoy AI Gateway
Read it now: https://kube.today/issues/166
⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
🚀 How We Moved a 2 Million RPM WebSocket Service to EKS and Fixed a Critical Bottleneck
🔒 Beyond the Surface: Exploring Attacker Persistence Strategies in Kubernetes
📊 Standardizing CRD Condition Metrics in Kubernetes Operators
⚡ Scaling Dagster on Kubernetes: Best Practices for 50+ Code Locations
🌐 An Introduction to Envoy AI Gateway
Read it now: https://kube.today/issues/166
⭐️ This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Postman
💰 $250K to $275K a year
🏠🏃🏻♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA
→ https://ku.bz/gWd2ppTCm
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1228 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Postman
💰 $250K to $275K a year
🏠🏃🏻♂️🌎 San Francisco, CA; Boston, MA; New York, NY, USA
→ https://ku.bz/gWd2ppTCm
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1228 jobs on Kube Careers https://kube.careers
Forwarded from Kube Architect
Sveltos installs as a controller in a management cluster, deploying add-ons and policies (Helm charts, Kustomize, raw YAML) to target clusters by label selectors and sync rules, automating multi-cluster resource management and compliance.
More: https://ku.bz/j_ZZTyYqy
More: https://ku.bz/j_ZZTyYqy
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
John Howard, Senior Software Engineer at Solo.io, explains what Mutual TLS (mTLS) is and its importance in Kubernetes environments.
This two-way authentication is valuable in Kubernetes infrastructure, allowing workload-to-workload traffic to be properly authenticated. John illustrates how in a front-end to back-end scenario, the front-end service would present its own certificate to the back-end, enabling verification of identity and origin - a fundamental component for implementing zero-trust security in Kubernetes clusters.
Watch the full episode: https://kube.fmhttps://ku.bz/sk-ZF1PG9
This two-way authentication is valuable in Kubernetes infrastructure, allowing workload-to-workload traffic to be properly authenticated. John illustrates how in a front-end to back-end scenario, the front-end service would present its own certificate to the back-end, enabling verification of identity and origin - a fundamental component for implementing zero-trust security in Kubernetes clusters.
Watch the full episode: https://kube.fmhttps://ku.bz/sk-ZF1PG9
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 167:
⚖️ Kubernetes & KEDA: Avoiding System Failures from Imbalanced Scaling
🔐 Why DevOps should Sec: making a case for DevOps Engineers to transition to DevSecOps
🌐 Optimizing Pod IP Allocation in AWS EKS with Amazon VPC CNI Prefix Delegation
🎮 GPU Starvation in Kubernetes: How Dynamic MIG Partitioning Saved Our GPU Budget
🔄 Migrating from F5 NGINX ingress controller to the F5 NGINX gateway fabric
Read it now: https://kube.today/issues/167
⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
⚖️ Kubernetes & KEDA: Avoiding System Failures from Imbalanced Scaling
🔐 Why DevOps should Sec: making a case for DevOps Engineers to transition to DevSecOps
🌐 Optimizing Pod IP Allocation in AWS EKS with Amazon VPC CNI Prefix Delegation
🎮 GPU Starvation in Kubernetes: How Dynamic MIG Partitioning Saved Our GPU Budget
🔄 Migrating from F5 NGINX ingress controller to the F5 NGINX gateway fabric
Read it now: https://kube.today/issues/167
⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Tailscale
💰 $15.8M to $19.77M a year
🌎 Fully remote
→ https://ku.bz/J9Cs7QBBp
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Scale AI
💰 $264K to $330K a year
👨💻 Remote from
→ https://ku.bz/BdXCcJX58
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1282 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Tailscale
💰 $15.8M to $19.77M a year
🌎 Fully remote
→ https://ku.bz/J9Cs7QBBp
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Scale AI
💰 $264K to $330K a year
👨💻 Remote from
→ https://ku.bz/BdXCcJX58
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1282 jobs on Kube Careers https://kube.careers
Pinniped provides identity services to Kubernetes by integrating external identity providers (OIDC, LDAP, Active Directory) with clusters for secure, unified login across on-premises and cloud environments.
More: https://ku.bz/Zb8ms9RlY
More: https://ku.bz/Zb8ms9RlY
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Most developers assume Kubernetes requires an enterprise budget. Varnit Goyal proves otherwise — he built a full three-node Kubernetes cluster for $2.16/month using Rackspace Spot Instances.
You will learn:
- How Spot Instance bidding works and which strategies keep costs and preemption low
- Using Tailscale Kubernetes operator as a free alternative to traditional load balancers
- Running real development dependencies (Kafka, Elasticsearch, Postgres) on a budget cluster
Watch (or listen to) it here: https://ku.bz/HpVyQMVv0
🌟 This episode is sponsored by LearnKube — join the 4-day Advanced Kubernetes workshop on Jan 29.(https://learnkube.com/training)
With @Birthmarkb "Vivacious voice" Farrell
You will learn:
- How Spot Instance bidding works and which strategies keep costs and preemption low
- Using Tailscale Kubernetes operator as a free alternative to traditional load balancers
- Running real development dependencies (Kafka, Elasticsearch, Postgres) on a budget cluster
Watch (or listen to) it here: https://ku.bz/HpVyQMVv0
🌟 This episode is sponsored by LearnKube — join the 4-day Advanced Kubernetes workshop on Jan 29.(https://learnkube.com/training)
With @Birthmarkb "Vivacious voice" Farrell
traefik-oidc-auth is a Traefik plugin that secures upstream services using OpenID Connect authentication acting as a relying party for identity providers like ZITADEL, Keycloak, Microsoft EntraID, and Authentik.
More: https://ku.bz/18rD29Nlh
More: https://ku.bz/18rD29Nlh
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 168:
🗑️ What Happens When You Delete a Kubernetes CustomResourceDefinition?
🌱 Making ML Training Carbon-Aware with Compute Gardener
⚡ 8 vLLM Serving Setups That Handle Spiky Traffic
🛡️ How I Prevent My Kubernetes Resources from Being Deleted When Argo Apps Are Removed
🔄 Reproducible Kubernetes Infrastructure with NixOS and OKD
Read it now: https://kube.today/issues/168
⭐️ This newsletter is brought to you by Kubex — Automated Resource Optimization for Kubernetes, GPUs and AI Workloads https://ku.bz/y98T8bWXP
🗑️ What Happens When You Delete a Kubernetes CustomResourceDefinition?
🌱 Making ML Training Carbon-Aware with Compute Gardener
⚡ 8 vLLM Serving Setups That Handle Spiky Traffic
🛡️ How I Prevent My Kubernetes Resources from Being Deleted When Argo Apps Are Removed
🔄 Reproducible Kubernetes Infrastructure with NixOS and OKD
Read it now: https://kube.today/issues/168
⭐️ This newsletter is brought to you by Kubex — Automated Resource Optimization for Kubernetes, GPUs and AI Workloads https://ku.bz/y98T8bWXP
This tutorial teaches how to deploy KubeArmor runtime security on Huawei Cloud Container Engine (CCE) using BPF-LSM for dynamic kernel-level policy enforcement without static profiles or reboots.
More: https://ku.bz/vnqpX_3yc
More: https://ku.bz/vnqpX_3yc
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Tailscale
💰 $16.04M to $20.08M a year
🌎 Fully remote
→ https://ku.bz/J9Cs7QBBp
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Scale AI
💰 $264K to $330K a year
👨💻 Remote from
→ https://ku.bz/BdXCcJX58
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1298 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Tailscale
💰 $16.04M to $20.08M a year
🌎 Fully remote
→ https://ku.bz/J9Cs7QBBp
DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
👨💻 Remote from the United States of America
→ https://ku.bz/NXd17JHfV
DevSecOps Engineer with Scale AI
💰 $264K to $330K a year
👨💻 Remote from
→ https://ku.bz/BdXCcJX58
Security Architect with Dexterity
💰 $200K to $300K a year
🏠 From the office in Redwood, CA, USA
→ https://ku.bz/-Tx02LFF4
DevSecOps Engineer with Corelight
💰 $221K to $268K a year
👨💻 Remote from North America.
→ https://ku.bz/_D5yTqnHk
👉 Browse 1298 jobs on Kube Careers https://kube.careers
Dockadvisor is a lightweight Dockerfile linter built in Go that validates your Dockerfiles with over 60 rules covering syntax, security, and best practices.
More: https://ku.bz/2DT4TqRRk
More: https://ku.bz/2DT4TqRRk
This article explains a critical security issue where AWS CSI drivers gave DaemonSet service accounts the ability to patch nodes, completely breaking node isolation in multi-tenant clusters.
More: https://ku.bz/xGP7ymMvW
More: https://ku.bz/xGP7ymMvW
Kaniop is a Kubernetes operator written in Rust for managing Kanidm identity management clusters, providing declarative identity management through GitOps workflows.
More: https://ku.bz/D1JBBy0B3
More: https://ku.bz/D1JBBy0B3
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Ziv Yatzik manages 600+ Postgres clusters in a closed network environment with no public cloud. After existing backup solutions proved unreliable — causing downtime when disks filled up — his team built a new architecture using pgBackRest, Argo CD, and Kubernetes CronJobs.
You will learn:
- Why storing WAL files on shared NAS storage prevents backup failures from cascading into database outages
- How GitOps with Argo CD lets them manage backups for hundreds of clusters by adding a single YAML file
Watch (or listen to) it here: https://ku.bz/Rg_sQYSmw
🌟 This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person, or remote training https://learnkube.com/training
With @Birthmarkb
You will learn:
- Why storing WAL files on shared NAS storage prevents backup failures from cascading into database outages
- How GitOps with Argo CD lets them manage backups for hundreds of clusters by adding a single YAML file
Watch (or listen to) it here: https://ku.bz/Rg_sQYSmw
🌟 This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person, or remote training https://learnkube.com/training
With @Birthmarkb
This tutorial teaches how to deploy HashiCorp Vault Secrets Operator on Google Kubernetes Engine to synchronize Vault secrets into Kubernetes Secret resources automatically.
More: https://ku.bz/QnvFmQp8h
More: https://ku.bz/QnvFmQp8h
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 169:
🔥 When High Availability Brings Downtime
🔄 Upgrade AWS CSI Drivers in Your Multi-Tenant Kubernetes Cluster
🤖 How We Serve AI/ML Models at Scale in SAP AI Core
✅ Container Readiness Checks for Spring Boot Deployments
🌐 CoreDNS in OpenShift
Read it now: https://kube.today/issues/169
⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
🔥 When High Availability Brings Downtime
🔄 Upgrade AWS CSI Drivers in Your Multi-Tenant Kubernetes Cluster
🤖 How We Serve AI/ML Models at Scale in SAP AI Core
✅ Container Readiness Checks for Spring Boot Deployments
🌐 CoreDNS in OpenShift
Read it now: https://kube.today/issues/169
⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Nicholaos Mouzourakis, Staff Product Security Engineer at Gusto, explains how Open Policy Agent (OPA) integrates with Kubernetes for authorization. He highlights OPA's versatility and performance characteristics, noting that a single node can handle numerous requests with proper optimization.
He describes multiple deployment options, including:
- Standing up multiple OPA instances
- Setting up auto-scaling groups
- Co-locating OPA with server pods
- Running OPA as a WASM module for lower latency
Watch the full episode: https://kube.fmhttps://ku.bz/S-2vQ_j-4
He describes multiple deployment options, including:
- Standing up multiple OPA instances
- Setting up auto-scaling groups
- Co-locating OPA with server pods
- Running OPA as a WASM module for lower latency
Watch the full episode: https://kube.fmhttps://ku.bz/S-2vQ_j-4
Forwarded from KubeFM
This media is not supported in your browser
VIEW IN TELEGRAM
"Self-service capabilities without governance is how you get outages at 3 AM."
Zain Malik from ExoStellar tackles the tension between developer empowerment and platform governance. A mature platform provides standardized interfaces that give users access to what they need—kernel layers, node layers, DOS systems—without compromising reliability.
The key insight: centralization isn't about restriction, it's about creating reliable building blocks that scale.
Watch the full interview: https://ku.bz/rwttMCncv
Zain Malik from ExoStellar tackles the tension between developer empowerment and platform governance. A mature platform provides standardized interfaces that give users access to what they need—kernel layers, node layers, DOS systems—without compromising reliability.
The key insight: centralization isn't about restriction, it's about creating reliable building blocks that scale.
Watch the full interview: https://ku.bz/rwttMCncv
kubectl-rexec is a kubectl plugin that provides full audit logging for kubectl exec sessions, addressing the security gap where standard exec commands leave no trace of what happens inside containers.
More: https://ku.bz/yRQZ9Jrml
More: https://ku.bz/yRQZ9Jrml