Daily Kubernetes news, events, jobs, podcast and more

Spotlight

Michael Galkov

This tutorial shows how to build integration tests for Kubernetes using Rust, kind clusters, and Terraform with automatic cleanup via Kyverno TTL policies and namespace isolation for concurrent test execution.

Aetòs: From Chaos to Engineering Excellence — A 3-Year Transformation
Charudath Gopal
This case study shows how Portworx built Aetòs, an Internal Developer Platform processing 50M daily API calls, managing 14,000 VMs, achieving 70% cloud cost reduction, and saving 10,000 engineering hours quarterly.
Azure Kubernetes Service Deep Dive Into Azure CNI Pod Subnet
Tobias Massoth
This article explains the trade-offs of Azure CNI Pod Subnet in AKS with two IP allocation modes:
- Dynamic IP Allocation, where blocks of 16 IPs are assigned dynamically
- Static Block Allocation, where all IPs are reserved upfront.
Structured Matching, Patching, and Diffing Done Right
Scott Cotton
This article introduces Tony format, a tool that unifies matching, patching, and diffing operations on YAML and JSON using a single typed tree representation with tag-based extensions like !dive, !key, and !if for structural transformations.

Tools and utilities

ctx: Context switcher
ctx is a CLI tool that simplifies working across multiple cloud environments by switching between AWS profiles, Kubernetes clusters, VPN connections, and SSH tunnels with a single command.
Sveltos: add-ons
Sveltos is a Kubernetes add-on controller that simplifies the deployment and management of Kubernetes add-ons and applications across multiple clusters, whether on-prem, in the cloud or a multitenant environment.
Endpoint-Monitoring Operator: Kubernetes monitoring operator
Endpoint-Monitoring Operator probes HTTP/JSON, TCP, DNS, ICMP, Trino, and OpenSearch endpoints via a simple CRD, with built-in Slack and email alerting.
Kubernetes Orphaned Resources Finder
Kor is a tool to discover unused Kubernetes resources.
Argo CD Diff Preview
Argo CD Diff Preview is a tool that renders the diff between two branches in a Git repository, providing a clear and concise view of the changes between two branches, similar to Atlantis for Terraform.

More projects →

Events starting soon

Beyond EKS/AKS/GKE: Building a Multi-Cloud Kubernetes Cluster with Kubeadm
April 4, 2026
- Location: Bengaluru, IN
- This is a free event.
Container Internals: CGroups, Namespaces & Chroot
April 4, 2026
- Location: Ibadan, NG
- This is a free event.
Cloud Native is for Everyone: Why Community Changes Everything
April 4, 2026
- This is a virtual event
- This is a free event.
Building an Internal Developer Platform from Scratch
April 4, 2026
- This is a virtual event
- This event requires an entrance fee
One Interface, Any Infrastructure: Architecting a Consistent Hybrid Private Cloud
April 6, 2026
- Location: Chicago, IL, USA
- This is a free event.
How to Survive and Thrive in a Multicluster World
April 7, 2026
- Location: Kuala Lumpur, MY
- This is a free event.

Discover more events onn Kube Events →

That Time I Found a Service Account Token in my Log Files

You're integrating HashiCorp Vault into your Kubernetes cluster and adding a temporary debug log line to check whether the ServiceAccount token is being passed correctly. Three months later, that log line is still in production — and the token it prints has a 1-year expiry with no audience restrictions.

Vincent von Büren, a platform engineer at ipt in Switzerland, lived through exactly this incident. In this episode, he breaks down why default Kubernetes ServiceAccount tokens are a quiet security risk hiding in plain sight.

You will learn:

What's actually inside a Kubernetes ServiceAccount JWT (issuer, subject, audience, and expiry)
Why tokens with no audience scoping enable replay attacks across internal and external systems
How Vault's Kubernetes auth method and JWT auth method compare, and when to choose each
What projected tokens are, why they dramatically reduce blast radius, and what's holding teams back from using them
Practical steps for auditing which pods actually need API access and disabling auto-mounting everywhere else

Learn from production

From Push to Production: Our Deployment Pipeline with Argo CD
Borwornpob
This article describes OpenMirai's deployment pipeline using GitHub Actions for CI, Argo CD for GitOps, and a separate deployment repository, with staging-first testing and scheduled production releases during off-peak hours.
A tale of expired IAM credentials
Fabián Sellés Rosa
This case study shows how upgrading to Kubernetes 1.34 caused KIAM pods to fail due to service account token expiration changes, revealing that legacy clients using long-lived tokens now expire after 24 hours instead of 90 days.
We built awesome internal CI/CD with ArgoCD and Workflows.
Rob Sherling
This case study shows how EMC Healthcare built an on-premise CI/CD pipeline using K3s, ArgoCD, and Argo Workflows to automate testing and deployments with preview environments.
GPU Starvation in Kubernetes: How Dynamic MIG Partitioning Saved Our GPU Budget
Sphoorthi Charan Nayakudugari
This case study explains how the authors used dynamic MIG partitioning to split large GPUs like NVIDIA A100/H100 into multiple isolated slices, letting many small jobs share GPU efficiently.

More case studies →

Matching jobs

- DevOps Engineer with Vattenfall
- Salary: US$99.9K to US$368.5K a year
- Location: based in the office in Hamburg, DE
- Tech stack: Kubernetes, Azure, Docker, Powershell, Python, SQL, Snowflake, Airflow, Terraform, Azure DevOps
- Ingénieur Voip / Volte – télécom & cloud - Paris - H/F with Iliad - Free
- Salary: $90K to $412.61K a year
- Location: based in the office (and remote from home) in Paris, FR
- Tech stack: Kubernetes
- Machine Learning Engineer with Bree
- Salary: $99K to $264K a year
- Location: remote from
- Tech stack: Kubernetes, AWS, Azure, GCP, Docker, SQL, Python
- Machine Learning Engineer with Iambic Therapeutics, Inc
- Salary: $57.6K to $462K a year
- Location: remote from
- Tech stack: Kubernetes, AWS, Docker, Python
- Machine Learning Engineer with Provectus
- Salary: $112.5K to $308K a year
- Location: remote from
- Tech stack: Kubernetes, AWS, Docker, Python, SQL, Redis, DynamoDB, Cloudformation, Terraform, OpenSearch

Discover more Kubernetes jobs on Kube Careers →

Build something

Data Streaming in Practice (Kafka + Flink): Building a Flight Baggage Tracking System
Tobby Kuo
This tutorial teaches how to build an end-to-end real-time baggage tracking system using Kafka for event streaming, Flink for state processing, ClickHouse for analytics, and Grafana for visualization on Kubernetes.
Kubernetes Gateway API on AKS Exposed via Azure Application Gateway
Shanaka Jayasundera
This tutorial shows how to expose Kubernetes Gateway API from AKS through Azure Application Gateway by fixing health probe failures with a dedicated HTTPRoute and connection timeouts using externalTrafficPolicy Local for Azure DSR.
Automating Pod Disruption Budgets with Kyverno
Ahmad Asmar
This tutorial shows how to use Kyverno policy engine to generate Pod Disruption Budgets for Kubernetes deployments with multiple replicas, preventing downtime during Karpenter node consolidation through intelligent API lookups and label matching.
Next-Gen Datacenter Networking: Unifying Arista Fabric with Cilium CNI
Jean Baptiste Lapeyre
This article explains how to integrate Arista datacenter fabric with Cilium CNI by building a spine-leaf architecture with an ISIS underlay and a BGP EVPN overlay.