Daily Kubernetes news, events, jobs, podcast and more

Spotlight

Azure Kubernetes Service Deep Dive Into Azure CNI Pod Subnet

Tobias Massoth

This article explains the trade-offs of Azure CNI Pod Subnet in AKS with two IP allocation modes:

Dynamic IP Allocation, where blocks of 16 IPs are assigned dynamically
Static Block Allocation, where all IPs are reserved upfront.

Structured Matching, Patching, and Diffing Done Right
Scott Cotton
This article introduces Tony format, a tool that unifies matching, patching, and diffing operations on YAML and JSON using a single typed tree representation with tag-based extensions like !dive, !key, and !if for structural transformations.
Deploy LLM Models on OpenShift
Ahmed Draz
This tutorial shows how to deploy LLM models on OpenShift without operators by using llama.cpp with a quantized GGUF model, building a multi-stage container image, and exposing it via standard Kubernetes resources.
Building Production-Grade Micro services on Azure Kubernetes
Dilip Kola
This article explains how to build cost-efficient microservices on AKS by classifying state as irreplaceable or regenerable, using managed PostgreSQL for critical data while self-hosting Redis, RabbitMQ, and observability tools in Kubernetes.

Tools and utilities

Kubernetes Orphaned Resources Finder
Kor is a tool to discover unused Kubernetes resources.
Argo CD Diff Preview
Argo CD Diff Preview is a tool that renders the diff between two branches in a Git repository, providing a clear and concise view of the changes between two branches, similar to Atlantis for Terraform.
Flux Operator: simplified Flux
flux-operator simplifies the configuration of Flux multi-tenancy lockdown, sharding, horizontal and vertical scaling, persistent storage, and allows fine-tuning the Flux controllers with Kustomize patches.
IncidentFox: AI Incident Response
IncidentFox automates incident investigation with AI agents using 178+ tools for Kubernetes, AWS, and Grafana, featuring RAPTOR knowledge base for runbooks, alert correlation reducing noise by 85-95%, and Slack/GitHub/PagerDuty integrations.
KCL: constraint-based language
KCL allows developers to create modular, scalable, and stable configurations.

More projects →

Events starting soon

Introduction to Helm for Kubernetes
April 3, 2026
- This is a virtual event
- This is a free event.
Beyond EKS/AKS/GKE: Building a Multi-Cloud Kubernetes Cluster with Kubeadm
April 4, 2026
- Location: Bengaluru, IN
- This is a free event.
Container Internals: CGroups, Namespaces & Chroot
April 4, 2026
- Location: Ibadan, NG
- This is a free event.
Building an Internal Developer Platform from Scratch
April 4, 2026
- This is a virtual event
- This event requires an entrance fee
One Interface, Any Infrastructure: Architecting a Consistent Hybrid Private Cloud
April 6, 2026
- Location: Chicago, IL, USA
- This is a free event.
How to Survive and Thrive in a Multicluster World
April 7, 2026
- Location: Kuala Lumpur, MY
- This is a free event.

Discover more events onn Kube Events →

That Time I Found a Service Account Token in my Log Files

You're integrating HashiCorp Vault into your Kubernetes cluster and adding a temporary debug log line to check whether the ServiceAccount token is being passed correctly. Three months later, that log line is still in production — and the token it prints has a 1-year expiry with no audience restrictions.

Vincent von Büren, a platform engineer at ipt in Switzerland, lived through exactly this incident. In this episode, he breaks down why default Kubernetes ServiceAccount tokens are a quiet security risk hiding in plain sight.

You will learn:

What's actually inside a Kubernetes ServiceAccount JWT (issuer, subject, audience, and expiry)
Why tokens with no audience scoping enable replay attacks across internal and external systems
How Vault's Kubernetes auth method and JWT auth method compare, and when to choose each
What projected tokens are, why they dramatically reduce blast radius, and what's holding teams back from using them
Practical steps for auditing which pods actually need API access and disabling auto-mounting everywhere else

Learn from production

From Push to Production: Our Deployment Pipeline with Argo CD
Borwornpob
This article describes OpenMirai's deployment pipeline using GitHub Actions for CI, Argo CD for GitOps, and a separate deployment repository, with staging-first testing and scheduled production releases during off-peak hours.
A tale of expired IAM credentials
Fabián Sellés Rosa
This case study shows how upgrading to Kubernetes 1.34 caused KIAM pods to fail due to service account token expiration changes, revealing that legacy clients using long-lived tokens now expire after 24 hours instead of 90 days.
We built awesome internal CI/CD with ArgoCD and Workflows.
Rob Sherling
This case study shows how EMC Healthcare built an on-premise CI/CD pipeline using K3s, ArgoCD, and Argo Workflows to automate testing and deployments with preview environments.
GPU Starvation in Kubernetes: How Dynamic MIG Partitioning Saved Our GPU Budget
Sphoorthi Charan Nayakudugari
This case study explains how the authors used dynamic MIG partitioning to split large GPUs like NVIDIA A100/H100 into multiple isolated slices, letting many small jobs share GPU efficiently.

More case studies →

Matching jobs

- Data Engineer with Clarity Innovations
- Salary: $26 to $302.5K a year
- Location: based in the office in Columbia, MD, USA
- Tech stack: Kubernetes, Groovy, Java, Python
- Data Engineer with Clarity Innovations
- Salary: $54K to $286K a year
- Location: based in the office (and remote from home) in Herndon, VA, USA
- Tech stack: Kubernetes, Python, SQL
- DevOps Engineer with AMOL TECHNOLOGIES
- Salary: $1.08L to $2.75L a year
- Location: based in the office (and remote from home) in Bengaluru, IN
- Tech stack: Kubernetes, AWS, Azure, GCP, Helm, ArgoCD, Docker, Go, Powershell, Python
- DevOps Engineer with Clarity Innovations
- Salary: $117K to $297K a year
- Location: based in the office in Herndon, VA, USA
- Tech stack: Kubernetes, Azure, Helm, ArgoCD, Flux, Docker, Python, Terraform, Ansible, Istio
- DevOps Engineer with Endava
- Salary: $90K to $198K a year
- Location: remote from
- Tech stack: Kubernetes, AWS, Python, Terraform, Gitlab, Jenkins, Ansible, Puppet

Discover more Kubernetes jobs on Kube Careers →

Build something

Data Streaming in Practice (Kafka + Flink): Building a Flight Baggage Tracking System
Tobby Kuo
This tutorial teaches how to build an end-to-end real-time baggage tracking system using Kafka for event streaming, Flink for state processing, ClickHouse for analytics, and Grafana for visualization on Kubernetes.
Kubernetes Gateway API on AKS Exposed via Azure Application Gateway
Shanaka Jayasundera
This tutorial shows how to expose Kubernetes Gateway API from AKS through Azure Application Gateway by fixing health probe failures with a dedicated HTTPRoute and connection timeouts using externalTrafficPolicy Local for Azure DSR.
Automating Pod Disruption Budgets with Kyverno
Ahmad Asmar
This tutorial shows how to use Kyverno policy engine to generate Pod Disruption Budgets for Kubernetes deployments with multiple replicas, preventing downtime during Karpenter node consolidation through intelligent API lookups and label matching.
Next-Gen Datacenter Networking: Unifying Arista Fabric with Cilium CNI
Jean Baptiste Lapeyre
This article explains how to integrate Arista datacenter fabric with Cilium CNI by building a spine-leaf architecture with an ISIS underlay and a BGP EVPN overlay.