Spotlight

Kubernetes security fundamentals: networking

Rory McCune

This article covers network security fundamentals in Kubernetes, explaining how clusters default to a flat pod network, how network policies enforce segmentation, and best practices like “default deny” and restricting host networking.

More articles →

Tools and utilities

  • K8s Diagram Generator

    k8s-ingress-gen is a visual diagram builder for Kubernetes resources with bidirectional YAML workflow.

  • Zot: OCI registry

    zot is a production-ready vendor-neutral OCI image registry - images stored in OCI image format, distribution specification on-the-wire

  • Hortator

    Hortator lets AI agents spawn sub-agents at runtime, with each agent running in its own pod with budget caps, network policies, PII redaction, and capability inheritance so children can never escalate beyond their parent's permissions.

  • KubeVPN: Kubernetes VPN

    KubeVPN is a tool that seamlessly connects to your Kubernetes cluster network, allowing you to access cluster resources from your local machine.

  • Awesome Kubernetes Architecture Diagrams

    This repo contains 20+ tools that auto-generate Kubernetes architecture diagrams from manifests, Helm charts, or cluster state.

More projects →

Events starting soon

Discover more events onn Kube Events →

The Hidden Cost of Slow Autoscaling
The Hidden Cost of Slow Autoscaling

Forced platform migrations are usually treated as something to survive. At Scout24, a mandatory OS migration became an opportunity to rethink Kubernetes autoscaling, node provisioning, and infrastructure efficiency.

John Ford explains how Scout24 moved its EKS-based Infinity platform from a polling autoscaler and over-provisioned capacity to Karpenter and Bottlerocket. The result was faster node startup, a safer migration path, and about a 30% infrastructure reduction without major downtime.

In this interview:

  • Why two-minute node provisioning forced a 25% capacity buffer
  • How Karpenter made the Bottlerocket migration safer
  • What broke around EC2 metadata, AWS SDKs, and cgroups
  • How the new foundation enables Spot, ARM, and GPU workloads

Learn from production

More case studies →

Matching jobs

    • Software Engineer with Commvault

    • Salary: $47.97K to $2.64L a year

    • Location: based in the office in Bangalore, IN

    • Tech stack: Kubernetes, Docker, C++, C#, Java, Javascript

    • Data Engineer with TELUS Digital

    • Salary: $18K to $264K a year

    • Location: remote from

    • Tech stack: Kubernetes, AWS, GCP, Helm, Python, SQL, Kafka, Airflow, GitHub Actions

    • DevOps Engineer with Alchemy

    • Salary: $90 to $539K a year

    • Location: based in the office in San Francisco, CA, USA

    • Tech stack: Kubernetes, AWS, GCP, Helm, ArgoCD, Terraform, Grafana, Prometheus, Istio

    • DevOps Engineer with Alchemy

    • Salary: $36K to $225.5K a year

    • Location: based in the office in Bucharest, RO

    • Tech stack: Kubernetes, AWS, Azure, Bare-metal, GCP, Helm, ArgoCD, Cloudformation, Pulumi, Terraform

    • DevOps Engineer with Derex Technologies Inc

    • Salary: $90 to $484K a year

    • Location: based in the office in IL, USA

    • Tech stack: Kubernetes, AWS, Python, Cloudformation, Terraform

Discover more Kubernetes jobs on Kube Careers →

Subscribe to Learn Kubernetes Weekly

Trusted by 77K engineers. Delivered 188 issues and counting.

or subscribe via

Build something

More tutorials →

Call for Papers closing soon

  1. 1

    days

    EuroBSDCon

    The Call For Paper is open until 20 June 2026 at GMT-4. More info →

    • Location: Brussels, BE

    • In-person conference organized by EuroBSDCon Foundation.

    • The conference starts on the 13 September 2026.

    • Apply here

  2. 3

    days

    Dutch Cloud Native Day

    The Call For Paper is open until 22 June 2026 at GMT-4. More info →

    • Location: Utrecht, NL

    • In-person conference organized by Dutch CND.

    • The conference starts on the 29 October 2026.

    • Apply here

  3. 6

    days

    Open Source Summit Europe 2026

    The Call For Paper is open until 25 June 2026 at GMT-4. More info →

    • Location: Prague, CZ

    • In-person conference organized by Linux Foundation.

    • The conference starts on the 9 October 2026.

    • Apply here

  4. 7

    days

    Kubernetes Community Days Korea 2026

    The Call For Paper is open until 26 June 2026 at GMT-4. More info →

    • Location: Seoul, KR

    • In-person conference organized by KCD South Korea.

    • The conference starts on the 1 September 2026.

    • Apply here

  5. 8

    days

    Kubernetes Community Days Washington DC 2026

    The Call For Paper is open until 27 June 2026 at GMT-4. More info →

    • Location: Washington, DC, USA

    • In-person conference organized by KCD Washington DC.

    • The conference starts on the 15 September 2026.

    • Apply here

  6. 10

    days

    Kubernetes Community Days Nigeria 2026

    The Call For Paper is open until 29 June 2026 at GMT-4. More info →

    • Location: Lagos, NG

    • In-person conference organized by KCD Nigeria.

    • The conference starts on the 24 October 2026.

    • Apply here

  7. 11

    days

    Nerdearla México 2026

    The Call For Paper is open until 30 June 2026 at GMT-4. More info →

    • Location: Mexico City, MX

    • In-person conference organized by Nerdearla.

    • The conference starts on the 20 November 2026.

    • Apply here

Thanks to our sponsors who make Kube Today possible

Find out more about being a sponsor →

More articles

Even more articles →