Learn Kubernetes Weekly issue 136 · 18 Jun 2025
Native macOS Workloads with Kubernetes, Pods breaking bad, FacetController: Infrastructure Changes at Lyft, Managing Stateful Workloads
This issue is brought to you by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training.
This Thursday, I'm going live with Andrew to discuss one of the most persistent challenges in Kubernetes: resource management.
We will explore how algorithms can make more effective resource decisions than manual configuration!
Articles
How We Integrated Native macOS Workloads with Kubernetes
medium.com
Agoda built
macOS-vz-Kubelet, a virtual kubelet running directly on macOS, to manage Apple Silicon VMs via Apple’s Virtualization Framework.It turns Mac Minis into schedulable Kubernetes nodes with OCI-backed VM images and hybrid Pod support.
Why our pods were breaking bad (and how we fixed them)
kshitij-nawandar.medium.com
Razorpay's UPI service pods were silently degrading over time.
They used Go's pprof profiling to find that a global variable kept growing.
The code fix reduced CPU usage from 5 cores to ~150m, memory from 700 MiB to 50 MiB, and API latency by half.
FacetController: How We Made Infrastructure Changes at Lyft Simple
eng.lyft.com
Learn how Lyft developed FacetController, a CRD that simplifies infrastructure changes by creating a unified abstraction for microservice deployments.
This enables rapid, safe updates across thousands of services without manual intervention.
Operational Considerations for Managing Stateful Workloads
dev.to
This article provides a playbook for managing database workloads in Kubernetes, focusing on strategies for isolation, dynamic credential management, high availability, disaster recovery, and observability.
Can configuration languages (Config DSLs) solve configuration complexity?
itnext.io
Can config DSLs solve config complexity?
This article reviews various config languages (HCL, Jsonnet, etc.). It concludes that they offer some benefits but are ultimately micro-optimizations that don't solve the core IaC challenges.
GKE Cost Cutting — Three Key Lookout Points to View Your Potential Savings
medium.com
Optimize GKE expenses by analyzing cluster costs, identifying at-risk workloads, and rightsizing resources using Google's built-in tools to reduce infrastructure spending by up to 50%.
Articles worth checking out:
Join the next Advanced Kubernetes course
Join Learnk8s' 4-day Advanced Kubernetes workshop next week!
Get your hands dirty with Kubernetes and learn what makes Kubernetes tick in a session packed with hands-on labs!
Tutorials
Track privilege escalations with eBPF
parseable.com
This guide shows how to detect Kubernetes runtime threats (e.g. sudo misuse, suspicious file access) using Falco + eBPF, forward logs with Fluent Bit, and route them to Parseable log streams like
falcowarnorfalconotice.\Why every platform engineer should care about Kubernetes operators
pulumi.com
This tutorial explains how kubernetes operators extend controllers with CRDs to automate complex app lifecycles.
They manage deployments, upgrades, backups, and recovery, embedding domain-specific logic for self-managing systems.
Optimizing Kubernetes Resource Allocation with Robusta-KRR
medium.com
This article demonstrates how Robusta KRR analyzes pod CPU and memory usage, then recommends optimized resource requests and limits.
Learn how to reduce overprovisioning and lower costs using automated metrics-based tuning in Kubernetes.
Demystifying Swap in Kubernetes: A Handbook for DevOps Engineers
medium.com
Kubernetes 1.28+ allows controlled swap via
LimitedSwapfor Burstable pods, avoiding OOMs during memory spikes.This guide shows how to set up swap files, enable Kubelet config flags, and test behavior.
Argo Rollouts — Canary Deployment with Istio
medium.chuklee.com
This article demonstrates how Argo Rollouts leverages Istio’s traffic routing—via VirtualService and DestinationRule—to enable advanced canary strategies: by percentage, HTTP header, and request mirroring.
Marc Campora, a systems consultant with experience in high-throughput platforms, shares his analysis of a real customer deployment with 500+ microservices. He breaks down the cost implications, technical constraints, and operational trade-offs between Kubernetes containers and AWS Lambda functions based on actual production data and migration assessments.
You will learn:
- Cost analysis frameworks for comparing Lambda vs Kubernetes across different traffic patterns, including specific examples of 3x savings potential and the 80/20 rule for service utilization
- Migration complexity factors when moving existing microservices to Lambda, including cold start issues, runtime model changes, and why it's often a complete rewrite rather than a simple port
- Decision criteria for choosing between platforms based on traffic consistency, computational requirements, and operational overhead tolerance
Kubernetes jobs
Software Engineer with Hootsuite
Salary: CA$98.4K to CA$137.8K a year
Location: remote from Canada
Tech stack: Kubernetes, Docker, Go, Javascript, Scala, PHP, Typescript, Redis, MySQL, Kafka
Data Engineer with Chartbeat
Salary: $128K to $147K a year
Location: remote from the United States
Tech stack: Kubernetes, Python, PostgreSQL, Snowflake, Kafka
Software Engineer with NVIDIA
Salary: $148K to $276K a year
Location: remote from the United States
Tech stack: Kubernetes, Shell, Python, Ansible, Puppet
Solution Architect with NVIDIA
Salary: $148K to $235.75K a year
Location: based in the office (and remote from home) in Santa Clara, CA / NC / TX / CO / WA, USA
Tech stack: Kubernetes, Data center, Docker, C++, C
Platform Engineer with Handshake
Salary: $180K to $220K a year
Location: remote from the United States
Tech stack: Kubernetes, AWS, GCP, ArgoCD, Java, Elastic Search, Terraform, Datadog, OTEL, Istio
Discover more Kubernetes jobs on Kube Careers →
Code & tools
github.com/dynup
kpatch enables runtime kernel function patching by injecting precompiled replacement functions directly into the live kernel.
It's built on the
CONFIG_LIVEPATCHinfrastructure and usesftraceto reroute function calls at runtime.Kubernetes Security Cheatsheet Diagram: A Visual Map of On-Prem Cluster Security Controls
kubesec-diagram.github.io
This diagram maps core Kubernetes security concepts—from RBAC, PodSecurity, and audit logging to container isolation—helping teams visualize enforcement points.
Built by Telenor for on-prem clusters, it’s ideal for threat modelling or reviews.
github.com/kubernetes-sigs
KWOK (Kubernetes-WithOut-Kubelet) is a toolkit that enables setting up a cluster of thousands of nodes in seconds.
Under the scene, all Nodes are simulated to behave like real ones, so the overall approach employs a pretty low resource footprint.
github.com/kubernetes
git-sync is a simple command that pulls a git repository into a local directory.
It is a perfect "sidecar" container in Kubernetes - it can periodically pull files down from a repository so that an application can consume them.
talos.dev
Talos is a modern Linux distribution for running Kubernetes: secure, immutable, and minimal.
Talos is fully open-source & production-ready.
All system management is done via an API - no shell or interactive console exists.
Other interesting projects:
Upcoming Kubernetes events
Jun
26
Online workshop organized by Learnk8s.
This is a virtual event
This event requires an entrance fee
Jun
24
In-person conference organized by Cloud Native Days Italy.
Location: Bologna, IT
This event requires an entrance fee
Use community-kube-event-earlybird to get a discounted ticket
Jun
19
Let the Algorithms Decide: Smart Kubernetes Resource Management
Online webinar organized by Learnk8s.
This is a virtual event
This is a free event.
Jun
18
One year in production with CloudNativePG and ZFS on the cheapest Kubernetes cluster we could find
Online meetup organized by Data on Kubernetes Community.
This is a virtual event
This is a free event.
Jun
19
Yoke an Adventure into Code-First Kubernetes Resource Management
In-person meetup organized by Cloud Native Toronto.
Location: Toronerto, CA
This is a free event.
Kubernetes call for papers
expired
Kubernetes Community Days Porto 2025
The Call For Paper was open until 30 June 2025 at UTC. More info →
Location: Porto, PT
In-person conference organized by KCD Porto.
The conference starts on the 4 November 2025.
- Apply here
expired
Kubernetes Community Days Sri Lanka 2025
The Call For Paper was open until 4 August 2025 at UTC. More info →
Location: Colombo, LK
In-person conference organized by KCD Sri Lanka.
The conference starts on the 26 October 2025.
- Apply here
expired
The Call For Paper was open until 3 August 2025 at UTC. More info →
Location: Austin, TX, USA
In-person conference organized by TXLF.
The conference starts on the 4 October 2025.
- Apply here
expired
The Call For Paper was open until 4 August 2025 at UTC. More info →
Location: Tokyo, JP
In-person conference organized by Linux Foundation.
The conference starts on the 10 December 2025.
- Apply here
expired
The Call For Paper was open until 28 June 2025 at UTC. More info →
Location: Lima, PE
In-person conference organized by Devopsdays.
The conference starts on the 20 August 2025.
- Apply here
expired
The Call For Paper was open until 16 August 2025 at UTC. More info →
Location: Detroit, MI, USA
In-person conference organized by Devopsdays.
The conference starts on the 22 October 2025.
- Apply here
expired
The Call For Paper was open until 23 June 2025 at UTC. More info →
Location: Philadelphia, PA, USA
In-person conference organized by Devopsdays.
The conference starts on the 30 September 2025.
- Apply here
expired
The Call For Paper was open until 31 July 2025 at UTC. More info →
Location: San José, CR
In-person conference organized by DC11506.
The conference starts on the 19 October 2025.
- Apply here
expired
The Call For Paper was open until 16 September 2025 at UTC. More info →
Location: Bogotá, CO
In-person conference organized by Devopsdays.
The conference starts on the 14 October 2025.
- Apply here
Until next time!
— Dan