Spotlight

Kubernetes security fundamentals: networking

Rory McCune

This article covers network security fundamentals in Kubernetes, explaining how clusters default to a flat pod network, how network policies enforce segmentation, and best practices like “default deny” and restricting host networking.

More articles →

Tools and utilities

  • Netfence: eBPF Network Filter Daemon

    Netfence runs as a daemon, injecting eBPF filter programs into cgroups and network interfaces, with a built-in DNS server that resolves allowed domains and populates IP allowlists, and connecting to a central control plane to synchronize network rules.

  • K8s Diagram Generator

    k8s-ingress-gen is a visual diagram builder for Kubernetes resources with bidirectional YAML workflow.

  • Zot: OCI registry

    zot is a production-ready vendor-neutral OCI image registry - images stored in OCI image format, distribution specification on-the-wire

  • Hortator

    Hortator lets AI agents spawn sub-agents at runtime, with each agent running in its own pod with budget caps, network policies, PII redaction, and capability inheritance so children can never escalate beyond their parent's permissions.

  • KubeVPN: Kubernetes VPN

    KubeVPN is a tool that seamlessly connects to your Kubernetes cluster network, allowing you to access cluster resources from your local machine.

More projects →

Events starting soon

Discover more events onn Kube Events →

The Hidden Cost of Slow Autoscaling
The Hidden Cost of Slow Autoscaling

Forced platform migrations are usually treated as something to survive. At Scout24, a mandatory OS migration became an opportunity to rethink Kubernetes autoscaling, node provisioning, and infrastructure efficiency.

John Ford explains how Scout24 moved its EKS-based Infinity platform from a polling autoscaler and over-provisioned capacity to Karpenter and Bottlerocket. The result was faster node startup, a safer migration path, and about a 30% infrastructure reduction without major downtime.

In this interview:

  • Why two-minute node provisioning forced a 25% capacity buffer
  • How Karpenter made the Bottlerocket migration safer
  • What broke around EC2 metadata, AWS SDKs, and cgroups
  • How the new foundation enables Spot, ARM, and GPU workloads

Learn from production

More case studies →

Matching jobs

    • Data Engineer with Zensurance

    • Salary: $98.1K to $242K a year

    • Location: remote from

    • Tech stack: Kubernetes, Docker, Typescript, Javascript, Python, Snowflake, Terraform

    • DevOps Engineer with Applaudo Studios

    • Salary: $1 a day

    • Location: based in the office in Bogotá, CO

    • Tech stack: Kubernetes, GCP, Docker, Terraform

    • DevOps Engineer with Inferact

    • Salary: $200K to $400K a year

    • Location: based in the office in San Francisco, CA, USA

    • Tech stack: Kubernetes, AWS, Azure, GCP, On-premise, Helm, Go, Python, Rust, Terraform

    • DevOps Engineer with InnoCraft

    • Salary: $135K to $220K a year

    • Location: remote from

    • Tech stack: Kubernetes, AWS

    • DevOps Engineer with Octus

    • Salary: $160K to $215K a year

    • Location: based in the office in New York, NY, USA

    • Tech stack: Kubernetes, AWS, Docker, Shell, Terraform, GitHub Actions, Jenkins, Saltstack, Datadog

Discover more Kubernetes jobs on Kube Careers →

Subscribe to Learn Kubernetes Weekly

Trusted by 77K engineers. Delivered 188 issues and counting.

or subscribe via

Build something

More tutorials →

Call for Papers closing soon

  1. 2

    days

    Dutch Cloud Native Day

    The Call For Paper is open until 22 June 2026 at GMT-4. More info →

    • Location: Utrecht, NL

    • In-person conference organized by Dutch CND.

    • The conference starts on the 29 October 2026.

    • Apply here

  2. 5

    days

    Open Source Summit Europe 2026

    The Call For Paper is open until 25 June 2026 at GMT-4. More info →

    • Location: Prague, CZ

    • In-person conference organized by Linux Foundation.

    • The conference starts on the 9 October 2026.

    • Apply here

  3. 6

    days

    Kubernetes Community Days Korea 2026

    The Call For Paper is open until 26 June 2026 at GMT-4. More info →

    • Location: Seoul, KR

    • In-person conference organized by KCD South Korea.

    • The conference starts on the 1 September 2026.

    • Apply here

  4. 7

    days

    Kubernetes Community Days Washington DC 2026

    The Call For Paper is open until 27 June 2026 at GMT-4. More info →

    • Location: Washington, DC, USA

    • In-person conference organized by KCD Washington DC.

    • The conference starts on the 15 September 2026.

    • Apply here

  5. 9

    days

    Kubernetes Community Days Nigeria 2026

    The Call For Paper is open until 29 June 2026 at GMT-4. More info →

    • Location: Lagos, NG

    • In-person conference organized by KCD Nigeria.

    • The conference starts on the 24 October 2026.

    • Apply here

  6. 10

    days

    Nerdearla México 2026

    The Call For Paper is open until 30 June 2026 at GMT-4. More info →

    • Location: Mexico City, MX

    • In-person conference organized by Nerdearla.

    • The conference starts on the 20 November 2026.

    • Apply here

  7. 10

    days

    Containerkonferansen 2026

    The Call For Paper is open until 30 June 2026 at GMT-4. More info →

    • Location: Trondheim, NO

    • In-person conference organized by Containerkonferansen.

    • The conference starts on the 15 October 2026.

    • Apply here

Thanks to our sponsors who make Kube Today possible

Find out more about being a sponsor →

More articles

Even more articles →