While GitOps has brought consistency and innovation to Kubernetes deployments, its reliance on git-based workflows and tools like ArgoCD and Flux still leaves important challenges unsolved. This article explores both the real-world progress and the limitations of GitOps, from deployment strategies and multi-cluster rollouts to issues around permissions, secrets management, and the need for solutions that go beyond git as the sole source of truth.

https://itnext.io/realizing-the-potential-of-gitops-263051baff04

Meeting customers’ rising expectations for security, speed, and personalization demands a new approach to computing infrastructure, which is exactly where distributed cloud comes in. This feature explains why developers must look beyond traditional centralized cloud models—adopting distributed cloud computing to optimize performance, comply with data regulations, and deliver truly customized services at scale.

https://thenewstack.io/why-developers-need-to-care-about-distributed-cloud-computing/

A CLI utility to sort Terraform variables and outputs

https://github.com/AlexNabokikh/tfsort

kubectl-modify-secrets allows user to directly modify the secret without worrying about base64 encoding/decoding

https://github.com/rajatjindal/kubectl-modify-secret

Upgrading from Node.js 18 to 20 brought unexpected performance impacts to a Kubernetes-deployed service, as detailed in this technical recap. The experience-driven story reveals how changing memory reservations on Kubernetes pods can shrink Node.js heap spaces—specifically the "new space"—triggering heavier garbage collection and higher CPU load, and how adjusting the --max-semi-space-size parameter restored both speed and stability.

https://deezer.io/node-js-20-upgrade-a-journey-through-unexpected-heap-issues-with-kubernetes-27ae3d325646

Understanding how to secure Linux containers requires a deep dive into tools like seccomp, which can restrict the system calls available to containerized processes. In this technical guide, the fourth installment of the Container Internals Series breaks down how seccomp filters work, their real-world impact on container security, and practical steps to implement custom seccomp profiles for hardened deployments.

https://levelup.gitconnected.com/container-internals-series-part-4-seccomp-d88543988709

A more powerful alternative to kubectx and kubens

https://github.com/sbstp/kubie

Homogeneous Kubernetes clusters at scale on any infrastructure using hosted control planes.

https://github.com/gardener/gardener

This informative piece by bm54cloud explores the intricacies of deploying and updating Zarf packages in air-gapped environments. The author provides valuable insights into overcoming the unique challenges faced when working with systems disconnected from external networks.

https://medium.com/@bm54cloud/deploy-and-update-zarf-packages-in-an-air-gap-b2e3ec43abf7

In this captivating tutorial, Noah H explores the powerful capabilities of eBPF technology and Tetragon for enhancing Kubernetes security through runtime monitoring and policy enforcement. The author provides valuable insights into how these tools can detect suspicious activities, prevent container escapes, and enforce security policies directly at the kernel level without significant performance overhead.

https://medium.com/@noah_h/kubernetes-security-ebpf-tetragon-for-runtime-monitoring-policy-enforcement-819b6ed97953

A web interface for Sealed Secrets by Bitnami.

https://github.com/bakito/sealed-secrets-web

AWS & GCP FinOps Tools

https://github.com/cloudon-one/FinOps-Guardian/tree/main

This guide by Marcin Cuber provides a comprehensive walkthrough for implementing AWS ECR pull-through cache for an EKS cluster using Terraform. The tutorial details how to configure cache rules for multiple upstream registries-such as Docker Hub, GitHub, Quay, Kubernetes, and ECR Public-covering both authentication requirements and IAM permissions for seamless integration with your Kubernetes workloads.

https://marcincuber.medium.com/implementing-aws-ecr-pull-through-cache-for-eks-cluster-most-in-depth-implementation-details-e51395568034

This blogpost by Rodrigo Fior Kuntzer delves into how Miro’s Compute team leverages Kyverno’s mutating webhooks to automate and streamline complex Kubernetes workflows. With practical examples, it demonstrates how Kyverno policies can dynamically modify resources, enforce best practices, and enhance both security and operational efficiency across Kubernetes environments.

https://medium.com/@rodrigofk/automating-kubernetes-workflows-with-kyvernos-mutating-webhooks-ae3f0a81d4d7

Manages Envoy Proxy as a Standalone or Kubernetes-based Application Gateway

https://github.com/envoyproxy/gateway

Self serve cloud resources with Terraform & Kubernetes

https://github.com/appvia/terranetes

This post details Amazon’s ambitious migration from Apache Spark to Ray on Amazon EC2 for exabyte-scale data processing, revealing how Ray’s flexibility and efficiency enabled massive cost savings and performance improvements. Readers will discover the technical strategies and real-world results that made this transformation a success for Amazon’s Business Data Technologies team.

https://aws.amazon.com/blogs/opensource/amazons-exabyte-scale-migration-from-apache-spark-to-ray-on-amazon-ec2/

This article by Ahmet Alp Balkan highlights common pitfalls in generating Kubernetes CustomResourceDefinitions (CRDs) with controller-gen, emphasizing the importance of explicit validation, careful use of required and optional markers, and understanding how Go’s zero values interact with CRD schemas. Through practical examples, it warns developers about issues like unvalidated nested fields, marker typos, and the challenges of defaulting and validation, offering actionable advice to avoid subtle bugs in custom Kubernetes APIs.

https://ahmet.im/blog/crd-generation-pitfalls/index.html

Timoni is a package manager for Kubernetes, powered by CUE and inspired by Helm.

https://github.com/stefanprodan/timoni

GitHub Action to automate versioning, releases, and documentation for Terraform modules in monorepos.

https://github.com/techpivot/terraform-module-releaser

This retrospective by Marc Olson offers a detailed look at the evolution of AWS Elastic Block Store (EBS), tracing its journey from a simple network-attached block storage service launched in 2008 to a massive, distributed SSD-based system now handling over 140 trillion operations daily. The post highlights key lessons learned in performance engineering, organizational structure, and continuous incremental improvement, illustrating how EBS overcame challenges like noisy neighbors, hardware transitions from HDDs to SSDs, and the need for robust measurement and instrumentation to deliver ever-lower latency and higher reliability for AWS customers.

https://www.allthingsdistributed.com/2024/08/continuous-reinvention-a-brief-history-of-block-storage-at-aws.html