Learn Kubernetes Weekly issue 147 · 3 Sept 2025
Inside a Pod’s Birth, Cut Cross-AZ Traffic Costs, allowPrivilegeEscalation: false, Streaming List responses, HPA tolerance, Helm in prod
This issue is brought to you by vCluster Labs — get the free eBook "GPU-enabled Platforms on Kubernetes". Learn GPU isolation, security patterns, and production architectures for AI infrastructure.
📕 Six months ago, I couldn't explain how Kubernetes exposes GPUs. Now I'm writing a book about it.
I've spent the past months studying this topic deeply. Thanks to vCluster sponsoring my time and effort, and with Saiyam's help, I've compiled my findings into an ebook. Here's what I'm covering:
- 🤔 Why GPUs fundamentally resist Kubernetes' containerization model
- 🔝 A detailed explanation of how GPUs are exposed—tracing every layer from kernel drivers through kubelet to the scheduler
- 👏 Why GPU sharing isn't as simple as applying cgroups to containers (spoiler: GPUs weren't designed for this)
- 🔪 The million-dollar question: how you should actually share your GPUs across workloads
The book isn't quite ready, but I'm getting closer to the finish line. I'll publish it on September 8th—you can get notified when it's published here.
Articles
Inside a Pod’s Birth: Veth Pairs, IPAM, and Routing with Kindnet CNI
medium.com
This article explains how Kubernetes uses Kindnet CNI to set up pod networking with veth pairs, IPAM, and routing rules.
It details how veth pairs are created to link the pod network namespace to the host.
How We Cut Cross-AZ Traffic Costs Between Kubernetes Services in AWS Using Istio
medium.com
In this case study, you will learn how to reduce cross-AZ traffic costs in EKS by creating zone-specific deployments with HPA, using Istio DestinationRule for locality load balancing, and KEDA for predictive pod scaling across zones.
allowPrivilegeEscalation: false: The Kubernetes Security Flag With a Hidden Catch
medium.com
This article explains how to understand the limitations of Kubernetes'
allowPrivilegeEscalation: falseflag and its failure to prevent all privilege escalation methods.Kubernetes v1.33: Streaming List responses
kubernetes.io
This article explains how Kubernetes v1.33 introduces streaming list responses to reduce API server memory usage during large List requests.
It details how it processes and transmits each item in List responses individually to free memory incrementally.
Fine-grained control with configurable HPA tolerance
blog.abhimanyu-saharan.com
Kubernetes v1.33 introduces a long-awaited enhancement to Horizontal Pod Autoscaler (HPA): configurable tolerance values.
Previously, all HPAs across a cluster used a globally set tolerance of 10% to avoid flapping and limit unnecessary scaling.
Helm Charts in Production: Essential Plugins and Features for Reliable Kubernetes Deployments
awsmorocco.com
In this article, you will find a list of tools for your production-ready Helm charts:
- helm-diff
- helm-secrets
- helm-mapkubeapis
- Chart Testing (ct)
- helm-unittest
- helm-docs
- Trivy
- Infracost
- Helmfile
Articles worth checking out:
[EBOOK] GPU-Enabled Platforms on Kubernetes
Learn why GPU sharing fundamentally differs from CPU sharing, how to architect for security and performance, and which patterns work in real-world multi-tenant environments.
(free) eBook launches September 8: Reserve yours
![[EBOOK] GPU-Enabled Platforms on Kubernetes](https://assets.learnk8s.io/gpu-ad-1.v1.png)
Tutorials
KRO: A new generation tool to manage Kubernetes manifests and deployment
dev.to
This tutorial teaches installing and using KRO to manage Kubernetes applications through Resource Graph Definitions and Application instances.
Kubernetes Observability With Kube-State-Metrics
dev.to
This tutorial teaches installing, configuring, and using Kube-State-Metrics to monitor Kubernetes object states via Prometheus queries and Grafana dashboards.
If you're running Java applications in Kubernetes, you've likely experienced the pain of slow pod startups affecting user experience during deployments and scaling events.
Frédéric Gaudet, Senior SRE at BlaBlaCar, shares how his team solved the cold start problem for their 1,500 Java microservices using Istio's warm-up capabilities.
You will learn:
- Why Java applications struggle with cold starts and how JIT compilation affects initial request latency in Kubernetes environments
- How Istio's warm-up feature works to gradually ramp up traffic to new pods
- Why other common solutions fail, including resource over-provisioning, init containers, and tools like GraalVM
- Real production impact from implementing this solution, including dramatic improvements in message moderation SLOs at BlaBlaCar's scale of 4,000 pods
Kubernetes jobs
Platform Engineer with Benchling
Salary: $186.62K to $252.49K a year
Location: based in the office (and remote from home) in San Francisco, CA, USA
Tech stack: Kubernetes, AWS, Go, Python, Java
DevOps Engineer with Selina Finance
Salary: $50K to $60K a year
Location: remote from the United Kingdom
Tech stack: Kubernetes, GCP, ArgoCD, Go, Shell, Python, Javascript, Java, Kotlin, Mongo
Software Engineer with Grafana Labs
Salary: £100K to £121K a year
Location: remote from the United Kingdom
Tech stack: Kubernetes, AWS, Azure, GCP, On-premise, Docker, Go, Python, Rust, C++
DevSecOps Engineer with Volkswagen Group of America
Salary: $125K to $145K a year
Location: based in the office (and remote from home) in East Coast, USA
Tech stack: Kubernetes, AWS, Azure, GCP, Terraform, Cloudformation, CDK, Sumo Logic, ELK, Splunk
Software Engineer with Ruvixx
Salary: $24K to $36K a year
Location: remote from Argentina, Brazil, Chile, Colombia
Tech stack: Kubernetes, AWS, Docker, Python, Redis, PostgreSQL, RabbitMQ, Terraform, Ansible, Sentry
Discover more Kubernetes jobs on Kube Careers →
Code & tools
github.com/ctrox
zeropod is a tool that automatically checkpoints containers to disk after a certain amount of time of the last TCP connection, allowing for fast and seamless scaling down to zero.
Kube-vip: virtual IP and load balancer
kube-vip.io
kube-vip provides Kubernetes clusters with a virtual IP and load balancer for both the control plane (for building a highly-available cluster) and Kubernetes Services of type LoadBalancer without relying on any external hardware or software.
kubectl-sql: Query Kubernetes with SQL Syntax
github.com/yashbhutwala
kubectl-sql is a kubectl plugin that lets you query Kubernetes resources using SQL-like syntax. You can filter, project, and sort Pods, PVCs, etc., without writing raw jq or JSONPath.
mcp-server-kubernetes – Kubernetes Management via MCP
github.com/Flux159
mcp-server-kubernetes exposes a complete Kubernetes management layer via Model Context Protocol (MCP), letting tools like Claude Desktop and mcp-chat run kubectl and Helm commands securely.
Kubernetes Prometheus Analyzer: CLI for Resource Optimization
github.com/rahulbansod519
k8s_prometheus_analyzer is CLI tool that connects to Prometheus, queries live CPU and memory usage metrics across Kubernetes workloads, and suggests right-sizing improvements.
Other interesting projects:
Upcoming Kubernetes events
Sept
4
How we used Crossplane for the things we should not have
In-person meetup organized by Cloud Native Computing Switzerland.
Location: Zürich, CH
This is a free event.
Sept
9
In-person conference organized by Looevent.
Location: Hamburg, DE
This event requires an entrance fee
Use CDS25_20%-LEARNK8S to get 20% off
Sept
9
Kubernetes Community Days San Francisco Bay Area
In-person conference organized by KCD SF Bay Area.
Location: San Francisco, CA, USA
This event requires an entrance fee
Sept
9
In-person conference organized by Cloud Native Sydney.
Location: Sydney, AU
This event requires an entrance fee
Sept
10
GPU Enabled Platforms Overview
Online webinar organized by vCluster Labs + LearnKube.
This is a virtual event
This is a free event.
Sept
18
Online workshop organized by Learnk8s.
This is a virtual event
This event requires an entrance fee
Oct
2
Teaching Claude to be Your Migration Engineer: A Stateful Kubernetes Story
Online webinar organized by AWS + LearnKube.
This is a virtual event
This is a free event.
Kubernetes call for papers
expired
The Call For Paper was open until 14 September 2025 at UTC. More info →
This is a virtual event
Online conference organized by CNCF.
The conference starts on the 4 December 2025.
- Apply here
11
days
KubeCon + CloudNativeCon Europe 2026
The Call For Paper is open until 12 October 2025 at UTC. More info →
Location: Amsterdam, NL
In-person conference organized by Linux Foundation.
The conference starts on the 23 March 2026.
- Apply here
expired
The Call For Paper was open until 14 September 2025 at UTC. More info →
This is a virtual event
Online conference organized by CNCF.
The conference starts on the 3 December 2025.
- Apply here
31
days
The Call For Paper is open until 2 November 2025 at UTC. More info →
Location: Los Angeles, CA, USA
In-person conference organized by Devopsdays.
The conference starts on the 7 March 2025.
- Apply here
expired
The Call For Paper was open until 16 September 2025 at UTC. More info →
Location: Bogotá, CO
In-person conference organized by Devopsdays.
The conference starts on the 14 October 2025.
- Apply here
expired
The Call For Paper was open until 1 October 2025 at UTC. More info →
Location: Wollongong, AU
In-person conference organized by Devopsdays.
The conference starts on the 26 November 2025.
- Apply here
expired
Women in Tech Summit Kenya 2025
The Call For Paper was open until 14 September 2025 at UTC. More info →
Location: Nairobi, KE
In-person conference organized by WIT.
The conference starts on the 22 November 2025.
- Apply here
29
days
The Call For Paper is open until 31 October 2025 at UTC. More info →
Location: Porto Alegre, BR
In-person conference organized by Devopsdays.
The conference starts on the 29 November 2025.
- Apply here
expired
The Call For Paper was open until 30 September 2025 at UTC. More info →
Location: Recife, BR
In-person conference organized by Devopsdays.
The conference starts on the 13 December 2025.
- Apply here
Until next time!
— Dan