Learn Kubernetes Weekly issue 144 · 13 Aug 2025
Can we replace Helm?, Smarter with Karpenter, Saved 80% on Observability Bill, Hot-Patching Pods in Kubernetes 1.33, ECR to OCIR
Sponsored by Testkube, because if your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it. Learn more
Articles
Modern Kubernetes: can we replace Helm?
yokecd.github.io
This post explores how Yoke is trying to do the impossible: introducing a complete alternative to Helm Charts, while bringing Helm along for the ride.
When to Adopt Kubernetes: The "Pay Now or Pay Later" Dilemma
testkube.io
Should you adopt Kubernetes now or later?
This guide breaks down the hidden costs, strategic tradeoffs, and timing considerations for startups, scaleups, and enterprises, plus a decision framework to help your team adopt Kubernetes wisely.
sponsored
How We Saved 80% on Our Observability Bill!
bmiguel-teixeira.medium.com
This post reverse-engineers an 80% cost reduction across a Kubernetes observability stack by replacing Prometheus/Thanos with VictoriaMetrics, enforcing OTEL standards, right-sizing workloads via VPA and bin-packing via MostAllocated.
Offensive Container Security: Techniques, Misconfigurations, and Attack Paths
offensivebytes.com
This article explains how to use offensive container security techniques for Docker and Kubernetes, covering misconfigurations, attack paths, and defenses.
Scaling Kubernetes Smarter with Karpenter
medium.com
This case study shows how Freshworks optimized Kubernetes scaling using Karpenter with real workload scenarios for cost and performance improvements.
It covers testing Karpenter response to EC2 spot interruptions and high pod/node counts.
What to do when Pods are partying too hard for a node
medium.com
Prevent Kubernetes evictions by setting resource requests/limits and understanding QoS.
Learn how to isolate critical workloads, monitor resource usage, and use quotas to avoid memory overcommitment and ensure stability.
Articles worth checking out:
Empowering teams to scale Test Automation
Don't let testing slow down your launch velocity.
Break free from CI/CD.
Testkube scales any type of automated testing for Developers, Testers, DevOps, and Platform teams.
Tutorials
Cost-optimized ML on production: autoscaling GPU nodes on Kubernetes to zero using KEDA
dev.to
This tutorial teaches how to reduce ML deployment costs using Kubernetes and KEDA to autoscale GPU nodes from zero based on message queue length.
Unify testing across Dev, QA, and SRE with a Kubernetes-native orchestration platform
testkube.io
The Aspen Group unified QA, Dev, and SRE teams, replacing manual workflows with a scalable, Kubernetes-native testing platform.
Now, testing is automated, versioned, and shared, powering faster releases and stronger cross-team collaboration.
sponsored
Service Mesh Explained: Building a Proxy Injector in Rust
dev.to
This tutorial demonstrates how to build a Kubernetes mutating webhook in Rust using Axum and Rustls.
It creates an HTTP server that processes AdmissionReview requests and injects a sidecar proxy via JSONPatch.
Using Kubernetes Secrets Store CSI Driver with HashiCorp Vault
medium.com
This guide will teach you how to integrate HashiCorp Vault with Kubernetes Secrets CSI Driver, configure Kubernetes authentication, and create SecretProviderClass resources for secure secret management.
Alessandro Pomponio from IBM Research explains how his team transformed their chaotic bare-metal clusters into a well-governed, self-service platform for AI and scientific workloads. He walks through their journey from manual cluster interventions to a fully automated GitOps-first architecture using ArgoCD, Kyverno, and Kueue to handle everything from policy enforcement to GPU scheduling.
You will learn:
- How to implement GitOps workflows that reduce administrative burden while maintaining governance and visibility across multi-tenant research environments
- Practical policy enforcement strategies using Kyverno to prevent GPU monopolization, block interactive pod usage, and automatically inject scheduling constraints
- Fair resource sharing techniques with Kueue to manage scarce GPU resources across different hardware types while supporting both specific and flexible allocation requests
- Organizational change management approaches for gaining stakeholder buy-in, upskilling admin teams, and communicating policy changes to research users
Kubernetes jobs
Site Reliability Engineer with xAI
Salary: $180K to $440K a year
Location: based in the office in Palo Alto, CA, USA
Tech stack: Kubernetes, On-premise, ArgoCD, Terraform, Pulumi, Grafana, Prometheus
Engineering Manager with Robinhood
Salary: $179K to $210K a year
Location: based in the office in Toronto, ON, CA
Tech stack: Kubernetes, AWS, Terraform, Istio
Infrastructure Architect with GitLab
Salary: $157.9K to $236.9K a year
Location: remote from the United States
Tech stack: Kubernetes, On-premise, ArgoCD, Docker, Go, Python, Ruby, PostgreSQL, Airflow, Gitlab
Data Engineer with MediaRadar
Salary: $130K to $160K a year
Location: remote from the United States
Tech stack: Kubernetes, Azure, Docker, Python, SQL, Spark, Azure DevOps
DevOps Engineer with CrowdStrike, Inc.
Salary: $125K to $190K a year
Location: remote from the United States
Tech stack: Kubernetes, AWS, Azure, GCP, On-premise, Helm, Docker, Go, Shell, Python
Discover more Kubernetes jobs on Kube Careers →
Code & tools
Kubernetes Resource Recommender
github.com/robusta-dev
Kubernetes Resource Recommender is a CLI tool for optimizing resource allocation in Kubernetes clusters.
It gathers pod usage data from Prometheus and recommends requests and limits for CPU and memory.
This reduces costs and improves performance.
Kubernetes Controller Sharding
github.com/timebertt
Kubernetes Controller Sharding introduces a generic mechanism for distributing reconciliation tasks across multiple active controller instances, reducing watch-cache load through distinct sharding and labeling.
github.com/jingkaihe
Opsmate's SRE-powered LLM copilot helps users troubleshoot production issues using natural language commands.
Smesh: Lightweight Kubernetes-Integrated Sidecar Mesh Without Proxies
github.com/thebsdbox
smesh is a proof-of-concept service mesh for Kubernetes that utilizes eBPF to intercept and redirect pod traffic to a sidecar proxy.
Reloader: controller to watch changes and restart
github.com/stakater
Reloader is a Kubernetes controller that monitors changes in ConfigMap and Secrets and triggers rolling upgrades on Pods with their associated Deployment, StatefulSet or DaemonSet.
Other interesting projects:
Upcoming Kubernetes events
Aug
13
In-person conference organized by Devopsdays.
Location: Kansas City, MO, USA
This event requires an entrance fee
Aug
14
Kubernetes Community Days Nigeria 2025
In-person conference organized by KCD Nigeria.
Location: Lagos, NG
This is a free event.
Aug
16
In-person conference organized by Devopsdays.
Location: Rio de Janeiro, BR
This event requires an entrance fee
Aug
17
Kubernetes in Production: What They Don’t Tell You
Online meetup organized by CoderRange.
This is a virtual event
This is a free event.
Aug
20
In-person conference organized by Devopsdays.
Location: Lima, PE
This event requires an entrance fee
Sept
18
Online workshop organized by Learnk8s.
This is a virtual event
This event requires an entrance fee
Kubernetes call for papers
expired
Kubernetes Community Days Suisse Romande
The Call For Paper was open until 1 September 2025 at UTC. More info →
Location: Geneva, CH
In-person conference organized by KCD Suisse Romande.
The conference starts on the 4 December 2025.
- Apply here
31
days
The Call For Paper is open until 2 November 2025 at UTC. More info →
Location: Los Angeles, CA, USA
In-person conference organized by Devopsdays.
The conference starts on the 7 March 2025.
- Apply here
expired
The Call For Paper was open until 16 August 2025 at UTC. More info →
Location: Detroit, MI, USA
In-person conference organized by Devopsdays.
The conference starts on the 22 October 2025.
- Apply here
expired
The Call For Paper was open until 16 September 2025 at UTC. More info →
Location: Bogotá, CO
In-person conference organized by Devopsdays.
The conference starts on the 14 October 2025.
- Apply here
expired
The Call For Paper was open until 14 August 2025 at UTC. More info →
Location: Ljubljana, SI
In-person conference organized by Devopsdays.
The conference starts on the 13 September 2025.
- Apply here
expired
The Call For Paper was open until 1 October 2025 at UTC. More info →
Location: Wollongong, AU
In-person conference organized by Devopsdays.
The conference starts on the 26 November 2025.
- Apply here
expired
Open Source Observability Day 2025
The Call For Paper was open until 1 September 2025 at UTC. More info →
This is a virtual event
Online conference organized by Open Source Observability Day.
The conference starts on the 23 October 2025.
- Apply here
expired
Women in Tech Summit Kenya 2025
The Call For Paper was open until 14 September 2025 at UTC. More info →
Location: Nairobi, KE
In-person conference organized by WIT.
The conference starts on the 22 November 2025.
- Apply here
29
days
The Call For Paper is open until 31 October 2025 at UTC. More info →
Location: Porto Alegre, BR
In-person conference organized by Devopsdays.
The conference starts on the 29 November 2025.
- Apply here
Until next time!
— Dan