Daily Kubernetes news, events, jobs, podcast and more

Spotlight

Enforcing Signed Container Images in Kubernetes Using Cosign & Kyverno

Hansaka Biyon

This tutorial teaches how to enforce signed container images in Kubernetes using Cosign for signing, Harbor for storage, and Kyverno admission controller for verification, including custom CA trust configuration and CI/CD integration patterns.

Migrating legacy PHP monolith apps on Drupal 8 to Kubernetes
Alexey Demyanov
This case study shows how Palark migrated high-traffic Drupal 8 monoliths to Kubernetes to improve resilience, autoscaling, deployment automation, and DDoS handling while reducing infrastructure waste.
AWS EKS + Fargate Debugging Story: The Missing DHCP Option Set
Sergey Goncharov
This case study walks through a real debugging story on EKS Fargate where missing a DHCP option set caused silent DNS failures and pods stuck in pending — and how to find and fix it.
Secure APIs by Default: My Real-World Blueprint with Zero Trust, mTLS & Istio Policies
Siva Bankapalli
This article shows a Zero Trust blueprint using mutual TLS (mTLS) and Istio security policies to make internal and external APIs secure by default, with step-by-step configs and lessons from real systems.

Tools and utilities

Kubeinvaders
With k-inv, you can stress a Kubernetes cluster in a fun way and check its resilience by playing space invaders.
Kelos
Kelos runs Claude Code, Codex, Gemini, and OpenCode as ephemeral Kubernetes pods, with CRDs for Tasks, Workspaces, AgentConfigs, and TaskSpawners that can auto-create PRs from GitHub issues, and chain tasks with dependsOn pipelines.
Prepackaged K3s Platform for Single-Node Kubernetes on VPS
Kubee automates the setup of a K3s cluster on a single VPS and installs tightly integrated Helm charts (ArgoCD, Vault, Prometheus, etc.) with zero manual configuration.
Sealed Secrets Web
Sealed Secrets Web is a tool that provides a web interface for managing and encrypting sensitive data in Kubernetes using the Sealed Secrets service by Bitnami.
ESP Kubernetes Reference Implementation
ESP Kubernetes Reference Implementation runs compliance scanning in Kubernetes using ESP policies with pull-based agents that execute NIST, CIS, and STIG controls and produce CUI-free attestations forwarded to SIEM or cloud functions.

More projects →

Events starting soon

From Detection to Defense in Cloud Workload Security
June 10, 2026
- This is a virtual event
- This is a free event.
How to deploy and scale an AI model in production on Kubernetes with KServe and KEDA to control GPU costs
June 10, 2026
- Location: Québec, CA and virtual
- This is a free event.
Advanced Kubernetes course
June 11, 2026
- This is a virtual event
- This event requires an entrance fee
Protecting AI and Kubernetes Workloads
June 11, 2026
- This is a virtual event
- This is a free event.
Are Your Containers Secure, or Just Scanned?
June 11, 2026
- This is a virtual event
- This is a free event.
Precise Argo CD diffs on every Pull Request & GitOps Multi-Tenancy with Flux, GitLab, and Friends
June 11, 2026
- Location: Vienna, AT
- This is a free event.

Discover more events onn Kube Events →

Learn from production

How we found 7 TiB of memory just sitting around
This blog post tells how the Render team:
- tracked down Kubernetes memory waste caused by many daemonset namespace watches,
- fixed config issues,
- and freed over 7 TiB of memory across clusters by reducing unnecessary listwatch overhead.
Tracing large job failures to serial console bottlenecks from oom events
Jack Lindamood
This case study shows how OOM Killer terminated a critical network daemon on Kubernetes nodes, causing a network outage.
It covers debugging via serial console and implementing memory reservations to prevent system-critical process termination.
Three Weeks in the Trenches: Hunting a 4GB Native Memory Leak That .NET Couldn’t See
Kalyan Josyula
This case study shows how a team traced repeated pod OOM kills in ASP.NET Core to native memory growth from zombie SignalR connections, glibc fragmentation, and kernel socket buffers.
Autoscaling Hid Our LLM Cost Regression (85% → 4% Cache Hit Rate)
Nick Roan
This case study shows how a single RAG chunk size change collapsed vLLM prefix-cache hit rate from 85% to 4%, triggering an 80% GPU replica increase while latency stayed flat.
It also includes the fix: adding a two-phase cache replay gate in CI.

More case studies →

Matching jobs

- Data Engineer with System
- Salary: $18K to $266.2K a year
- Location: based in the office in New York, NY, USA
- Tech stack: Kubernetes, AWS, Azure, GCP, Docker, Python, SQL, Airflow, Spark
- DevOps Engineer with Absorb
- Salary: $90 to $484K a year
- Location: remote from
- Tech stack: Kubernetes, AWS, Docker, C#, Powershell, Cloudformation, Bamboo, Prometheus, Sumo Logic
- DevSecOps Engineer with David AI
- Salary: $12.6K to $415.14K a year
- Location: based in the office (and remote from home) in San Francisco, CA, USA
- Tech stack: Kubernetes, AWS, Typescript, PostgreSQL, Terraform, Datadog, Grafana, Prometheus
- Platform Engineer with David AI
- Salary: $108K to $385K a year
- Location: based in the office in San Francisco, CA, USA
- Tech stack: Kubernetes, AWS, Typescript, PostgreSQL, Terraform, Datadog, Grafana, Prometheus
- Platform Engineer with Normal Computing Corporation
- Salary: $83.25K to $401.5K a year
- Location: based in the office (and remote from home) in New York City, NY, USA
- Tech stack: Kubernetes, Docker, Redis, Terraform

Discover more Kubernetes jobs on Kube Careers →

Build something

Sharded multi-cluster cert-manager with multicluster-runtime
Zach Smith
This tutorial shows how to build a hub-style multi-cluster cert-manager control plane where a central hub cluster manages certificate issuance and distribution across multiple spoke clusters using cert-manager and trust-manager.
Kubernetes for Pentesters: Breaking Orchestrated Infrastructure from Zero
Ruben Santos
This tutorial teaches Kubernetes security testing from an offensive perspective, covering:
- pod compromise detection,
- service account token exploitation,
- RBAC privilege escalation,
- and tools like kubeletctl and peirates.
Beyond Ingress: GKE Multi-cluster Gateway and Multi-Cluster Services
Blake Gillman
This article explains how to build a highly available GKE architecture using Multi-Cluster Services and Multi-Cluster Gateway.
It covers subnet naming requirement for cross-regional internal ALBs, cluster setup via Fleet, demo app with request routing.
Zero-port setup: cloudflare tunnels on Kubernetes
Ștefan Muraru
This tutorial shows how to run Cloudflare Tunnels as a DaemonSet to expose services with zero open inbound ports, using liveness probes, Kubernetes Secrets, and GitOps with ArgoCD.