Kubesploit

🗣️ Santosh Vallurupalli, Senior Solution Architect @ AWS, discusses solving the tension between rapid container deployments and regulatory compliance using policy-as-code tools like OPA and Kyverno Watch: ku.bz/pklYlRr80

This week on the Learn Kubernetes Weekly: 💰 Cost-Aware Scheduling 📐 Scaling Workloads with VPA 🕸️ Service Mesh Patterns 🐛 ZFS ARC Container Initialization Slowness 🍓 Developing on Raspberry Pi ⭐️ vCluster Read it now: kube.today/issues/175

🗣️ Ron Matsliah from Next Insurance built an AI assistant that cut build debugging time by 75% — combining deterministic rules with AI, delivered straight into Slack ku.bz/PDdYfC00w 🌟 LearnKube 🎙 🎙Bart

🗣️ Mike Stefaniak, Head of Product, Kubernetes and Registries @ AWS, shares three key trends he's observing at KubeCon that are shaping the future of Kubernetes deployments Watch the full interview: ku.bz/PzjrglcZJ

"All images must come from our private registry." Sounds simple enough. One ValidatingAdmissionPolicy with a CEL expression, and you're done. Then the second tenant shows up. 🧵

You started with a clean Linux image and installed Kubernetes. Then security needed their agent, the GPU team needed drivers, and someone added sysctl tweaks that "fixed networking". Now your node setup script is 200 lines long and nobody remembers why half of it is there. How much do you customize the OS on your Kubernetes nodes?

This article shows how to scan Helm charts for insecure RBAC, secret leaks, and malicious templates using tools like Trivy, GitHub Search, and OPA ➤ ku.bz/k4MpGVLyZ

This week on the Learn Kubernetes Weekly: 🤖 75% Faster Debugging with AI 🔥 60% Less Pods, Doubled Traffic Capacity 📈 Scaling Django to 1M Users ⚠️ Kubernetes Bad Practices 🥷 PKI Credential Abuse ⭐️ LearnKube Read it now: kube.today/issues/174

Guardon is a Kubernetes admission controller that enforces security and compliance policies in real-time before resources are created in your cluster ➤ ku.bz/d4hT8s9Sw

This article shows how to use tofu-controller to manage Terraform resources with GitOps for external systems like Grafana dashboards and HashiCorp Vault policies with continuous reconciliation and automatic drift detection ➜ ku.bz/B3y_Zflr7

🗣️ Fernando from SadServers on how he cut his Kubernetes bill from $1,000/month on GKE to $30/month on Hetzner with Edka — a 500% cost reduction for the same capacity ku.bz/6nSDbz9m4 🌟 LearnKube 🎙 🎙Bart

This article explains the risks of using unmaintained Docker images and how to detect vulnerabilities with tools like Trivy, SBOM operator, and Dependency Track ➤ ku.bz/WJ75qXRbV

Linnix is an eBPF + PSI-powered Kubernetes observability agent written in Rust that identifies which pod is actually stalling your services, not just consuming CPU ➜ ku.bz/x-VQLHwSW

"Zero trust flips the script: only allow the traffic you explicitly want, deny everything else." Abhishek Rao on implementing zero trust in Kubernetes 📺: ku.bz/_q9XBgY2c

💡 50% of Kubernetes teams would pick 7 small GPUs over 1 powerful one, but K8s still treats every GPU as indivisible 797 responses across 3 polls: kube.today/kubernetes-gpu…

Synapse is a high-performance reverse proxy and firewall built with Rust, using XDP-based packet filtering for ultra-low latency protection at kernel level ➤ ku.bz/w2PFxxfN8

This article solves automated certificate distribution for EAP-TLS WiFi authentication using nginx-proxy on Kubernetes with step-ca, avoiding traditional MDM by hosting mobileconfig files at an HTTPS endpoint with mTLS authentication ➜ ku.bz/spclMhjDz

"We are very excited to announce the launch of Hadron Linux — a Linux distribution engineered from scratch by the Kairos team." Ettore Di Giacinto on the new minimal OS for edge Kubernetes 📺: ku.bz/wMhKpZ5bQ 📣: ku.bz/_9RmXnjDJ