This guide by Marcin Cuber provides a comprehensive walkthrough for implementing AWS ECR pull-through cache for an EKS cluster using Terraform. The tutorial details how to configure cache rules for multiple upstream registries-such as Docker Hub, GitHub, Quay, Kubernetes, and ECR Public-covering both authentication requirements and IAM permissions for seamless integration with your Kubernetes workloads.

https://marcincuber.medium.com/implementing-aws-ecr-pull-through-cache-for-eks-cluster-most-in-depth-implementation-details-e51395568034

This blogpost by Rodrigo Fior Kuntzer delves into how Miro’s Compute team leverages Kyverno’s mutating webhooks to automate and streamline complex Kubernetes workflows. With practical examples, it demonstrates how Kyverno policies can dynamically modify resources, enforce best practices, and enhance both security and operational efficiency across Kubernetes environments.

https://medium.com/@rodrigofk/automating-kubernetes-workflows-with-kyvernos-mutating-webhooks-ae3f0a81d4d7

Manages Envoy Proxy as a Standalone or Kubernetes-based Application Gateway

https://github.com/envoyproxy/gateway

Self serve cloud resources with Terraform & Kubernetes

https://github.com/appvia/terranetes

This post details Amazon’s ambitious migration from Apache Spark to Ray on Amazon EC2 for exabyte-scale data processing, revealing how Ray’s flexibility and efficiency enabled massive cost savings and performance improvements. Readers will discover the technical strategies and real-world results that made this transformation a success for Amazon’s Business Data Technologies team.

https://aws.amazon.com/blogs/opensource/amazons-exabyte-scale-migration-from-apache-spark-to-ray-on-amazon-ec2/

This article by Ahmet Alp Balkan highlights common pitfalls in generating Kubernetes CustomResourceDefinitions (CRDs) with controller-gen, emphasizing the importance of explicit validation, careful use of required and optional markers, and understanding how Go’s zero values interact with CRD schemas. Through practical examples, it warns developers about issues like unvalidated nested fields, marker typos, and the challenges of defaulting and validation, offering actionable advice to avoid subtle bugs in custom Kubernetes APIs.

https://ahmet.im/blog/crd-generation-pitfalls/index.html

Timoni is a package manager for Kubernetes, powered by CUE and inspired by Helm.

https://github.com/stefanprodan/timoni

GitHub Action to automate versioning, releases, and documentation for Terraform modules in monorepos.

https://github.com/techpivot/terraform-module-releaser

This retrospective by Marc Olson offers a detailed look at the evolution of AWS Elastic Block Store (EBS), tracing its journey from a simple network-attached block storage service launched in 2008 to a massive, distributed SSD-based system now handling over 140 trillion operations daily. The post highlights key lessons learned in performance engineering, organizational structure, and continuous incremental improvement, illustrating how EBS overcame challenges like noisy neighbors, hardware transitions from HDDs to SSDs, and the need for robust measurement and instrumentation to deliver ever-lower latency and higher reliability for AWS customers.

https://www.allthingsdistributed.com/2024/08/continuous-reinvention-a-brief-history-of-block-storage-at-aws.html

This blogpost by Zach Loeber introduces Atmos, an opinionated infrastructure deployment tool from CloudPosse designed to simplify and scale Terraform state management for multi-state projects. Loeber walks through adopting Atmos, its stack-based structure, YAML-driven configuration, and highlights both the flexibility and initial learning curve that come with integrating Atmos into existing workflows.

https://dev.to/zloeber/atmos-wield-terraform-like-a-boss-3bfc

Descheduler for Kubernetes

https://github.com/kubernetes-sigs/descheduler

PoC of a tool to manage a Terralith root module

https://github.com/terrateamio/terralith

This blog post introduces KWOK (Kubernetes WithOut Kubelet), a lightweight tool designed to simulate large-scale Kubernetes clusters by emulating nodes and pods without running real workloads. ZaradarTR explains how KWOK, with its core components kwok and kwokctl, allows developers to quickly create and manage thousands of simulated nodes and pods on local machines-making it ideal for scalability testing, API interaction, and stress-testing Kubernetes environments with minimal resource consumption.

https://medium.com/@ZaradarTR/hello-kwok-af2cafec35b4

This piece examines the limitations of AWS native security tooling, particularly focusing on AWS IAM Access Analyzer and its effectiveness in detecting publicly exposed resources across various AWS services. The article highlights critical observability gaps that can leave organizations vulnerable, emphasizing the need for enhanced security measures and proactive monitoring to address blind spots and reduce the risk of cloud security incidents.

https://www.securityrunners.io/post/exposing-security-observability-gaps-in-aws

kubectl plugin to duplicate resources in a Kubernetes cluster.

https://github.com/Telemaco019/duplik8s

Adevinta's Runtime team shares their journey of transitioning from Gatekeeper to Kyverno for Kubernetes policy management, driven by the need for enhanced mutation capabilities and resource efficiency. This article discusses the limitations of Gatekeeper and how Kyverno's YAML-based policies and feature completeness provide a more streamlined solution.

https://medium.com/adevinta-tech-blog/why-did-we-transition-from-gatekeeper-to-kyverno-for-kubernetes-policy-management-42bc2c4523d0

KubeDNS Shepherd is a Kubernetes controller that manages the DNS configuration of workloads, ensuring efficient and reliable way to configure DNS within your Kubernetes cluster.

https://github.com/eminaktas/kubedns-shepherd

Capacity-aware CSI plugin for Kubernetes

https://github.com/topolvm/topolvm

Discover how the ingenious design of UNIX spell allowed it to operate efficiently within just 64KB of RAM in this insightful blogpost. Explore the technical challenges and clever solutions that made this feat possible.

https://blog.codingconfessions.com/p/how-unix-spell-ran-in-64kb-ram

Kubernetes network policies are essential for controlling how traffic flows between pods, namespaces, and external endpoints in your cluster, helping you enforce security and compliance requirements. This guide by Scott Rigby explains the differences between Layer 4 (L4) and Layer 7 (L7) policies, their pros and cons, and how combining both approaches—using tools like Linkerd—can help you achieve a robust, zero-trust security model tailored to modern cloud-native environments.

https://www.buoyant.io/blog/a-guide-to-modern-kubernetes-network-policies

Provides a general service to support image acceleration based on kinds of accelerator like Nydus and eStargz etc.

https://github.com/goharbor/acceleration-service