Learn Kubernetes Weekly issue 158 · 19 Nov 2025
Kubernetes Security Contexts, Migrating OpenShift Stateful Workloads to AKS, Tuning Swap, Remote Dev with MCP, Tracing LLMs on Cloud Run
This issue is brought to you by StormForge by CloudBolt and LearnKube. Join webinar "Kubernetes Scheduling Deep Dive: Priority, Preemption, and Resource Requests" and learn how to protect critical workloads under resource pressure
Hey, Daniele here!
Next week, I will be running a webinar on Kubernetes pod eviction and scheduling. We'll tackle a critical question: Does Kubernetes preempt pods based on QoS class or Priority?
The answer has significant implications:
- If it uses QoS, proper resource requests are your protection.
- If it uses Priority, a high-priority BestEffort pod could preempt your carefully configured workloads and destabilize your node.
Articles
From Linux primitives to Kubernetes security contexts
learnkube.com
This article explains how a Security Context in Kubernetes works.
Migrating Openshift Stateful workloads to Azure Kubernetes Service (AKS)
melvin-marshal-pereira.medium.com
This case study shows how a global bank automated the migration of stateful OpenShift workloads to AKS, overcoming cross-cloud storage incompatibilities using custom Bash scripts alongside Velero for application data.
Tuning Linux Swap for Kubernetes: A Deep Dive
kubernetes.io
This article takes you through advanced strategies and configuration options to safely enable and tune Linux swap for Kubernetes workloads, optimizing performance and resource utilization for memory-intensive apps.
Remote Development Environment Supercharged with MCP servers
medium.com
This case study details how Tailor Tech’s platform team transformed developer experience by shifting from docker-compose to remote AWS EKS namespaces and automating workflows using MCP servers and Argo CD.
Tracing Strategies For LLMs Running On Google Cloud Run
blog.gopenai.com
The article explores an advanced 5-strategy tracing approach using OpenTelemetry to instrument, monitor, and secure large language models deployed on Google Cloud Run.
Istio Traffic Management: From Ingress Gateways to Resilient Routing
medium.com
This article shows how to deploy and operate Istio traffic management in Kubernetes, with clear examples for Gateways, VirtualServices, DestinationRules, traffic shifting, canary deployments, circuit breaking, and advanced routing.
Articles worth checking out:
Kubernetes Scheduling Deep Dive: Priority, Preemption, & Resource Requests
Stop guessing how the Kubernetes scheduler thinks.
Learn how priority, preemption, and resource requests determine which pods run and which get evicted.
Tutorials
Migrating from Bitnami PostgreSQL to CloudNative-PG on Kubernetes
k8scockpit.tech
This tutorial shows how to switch from Bitnami’s PostgreSQL Helm charts to the CloudNative-PG operator, with step-by-step manifests for install, data import from the old cluster, PgBouncer setup, and Prometheus scraping via PodMonitor.
How to Create Loki Alerts Via PrometheusRule Resource
hackernoon.com
This article shows how to configure alerting rules for Loki using the
PrometheusRuleCRD so you can fire alerts based on log queries and metrics.
Tanat Lokejaroenlarb shares the complete journey of replacing EKS Managed Node Groups and Cluster Autoscaler with AWS Karpenter. He explains how this migration transformed their Kubernetes operations, from eliminating brittle upgrade processes to achieving significant cost savings of €30,000 per month through automated instance selection and AMD adoption.
You will learn:
- How to decouple control plane and data plane upgrades using Karpenter's asynchronous node rollout capabilities
- Cost optimization strategies including flexible instance selection, automated AMD migration, and the trade-offs between cheapest-first selection versus performance considerations
- Scaling and performance tuning techniques such as implementing over-provisioning with low-priority placeholder pods
- Policy automation and operational practices using Kyverno for user experience simplification, implementing proper Pod Disruption Budgets
Kubernetes jobs
DevOps Engineer with Weekday AI
Salary: ₹1.2M to ₹1.8M a year
Location: remote from India
Tech stack: Kubernetes, On-premise, Helm, Docker, Terraform, Gitlab, Ansible
Site Reliability Engineer with Jobgether
Salary: $130K to $145K a year
Location: remote from the United States of America
Tech stack: Kubernetes, On-premise, Shell, Python, Terraform, Ansible, Grafana, Prometheus, ELK
Software Engineer with SurveyMonkey
Salary: $124K to $186K a year
Location: remote from the United States of America
Tech stack: Kubernetes, AWS, Docker, Python, Javascript, Typescript
DevOps Engineer with Shopmonkey
Salary: $165K to $185K a year
Location: based in the office (and remote from home) in Morgan Hill, CA, USA
Tech stack: Kubernetes, AWS, GCP, ArgoCD, Go, Shell, Typescript, Terraform, GitHub Actions, Gitlab
Data Engineer with NBC Universal
Salary: $100K to $130K a year
Location: based in the office (and remote from home) in New York, NY, USA
Tech stack: Kubernetes, AWS, GCP, Docker, SQL, Java, C++, Flink, Spark, Airflow
Discover more Kubernetes jobs on Kube Careers →
Code & tools
buildpacks.io
Cloud Native Buildpacks transform your application source code into container images running on any cloud.
Features:
- Advanced caching.
- Auto-detection.
- Bill-of-Materials.
- Modular/Pluggable.
- Multi-language.
- Minimal app image.
Kubeshark: API traffic analyzer for Kubernetes
kubeshark.co
Kubeshark provides deep visibility and monitoring of all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster.
Sealed Secrets: encrypt secrets
github.com/bitnami-labs
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way.
Since the Sealed Secrets are encrypted, they can be safely stored in a code repository.
Coder: Self-hosted dev environments
github.com/coder
Coder lets engineering teams spin up secure, self-hosted development environments in their own cloud infrastructure on VMs, Kubernetes, or Docker—fully defined by Terraform and accessed over fast WireGuard tunnels.
github.com/kagenti
Kagenti is a cloud-native middleware platform for deploying and orchestrating multi-framework AI agents on Kubernetes with standardized REST APIs, dynamic SPIRE-managed identities, and support for A2A and MCP protocols.
Other interesting projects:
Upcoming Kubernetes events
Nov
25
Kubernetes Scheduling Deep Dive: Priority, Preemption, & Resource Requests
Online webinar organized by LearnKube + StormForge.
This is a virtual event
This is a free event.
Nov
20
Building Resilient Multi-Cluster DNS: Our Experience with K8gb
In-person meetup organized by Cloud Native Computing Switzerland.
Location: Zürich, CH
This is a free event.
Nov
25
Hacking the Cloud Bill: Building a Multi-Cloud Cost Pipeline & The Kubernetes and the Bazaar
In-person meetup organized by Cloud Native Linz.
Location: Linz, AT
This is a free event.
Nov
22
In-person conference organized by Devopsdays.
Location: São Paulo, BR
This event requires an entrance fee
Nov
26
In-person conference organized by Devopsdays.
Location: Wollongong, AU
This event requires an entrance fee
Kubernetes call for papers
87
days
The Call For Paper is open until 15 February 2026 at UTC. More info →
Location: Ghent, BE
In-person conference organized by CfgMgmtCamp.
The conference starts on the 4 February 2026.
- Apply here
11
days
The Call For Paper is open until 1 December 2025 at UTC. More info →
Location: Los Angeles, CA, USA
In-person conference organized by Devopsdays.
The conference starts on the 6 March 2026.
- Apply here
11
days
The Call For Paper is open until 1 December 2025 at UTC. More info →
Location: San Diego, CA, USA and virtual
Online & in-person conference organized by S&S Media.
The conference starts on the 1 June 2026.
- Apply here
74
days
The Call For Paper is open until 2 February 2026 at UTC. More info →
Location: Aix-en-Provence, FR
In-person conference organized by Web Days.
The conference starts on the 6 February 2026.
- Apply here
16
days
The Call For Paper is open until 6 December 2025 at UTC. More info →
Location: Sydney, AU
In-person conference organized by NDC.
The conference starts on the 23 April 2026.
- Apply here
25
days
The Call For Paper is open until 15 December 2025 at UTC. More info →
Location: Bangkok, TH
In-person conference organized by FOSSASIA.
The conference starts on the 10 March 2026.
- Apply here
60
days
The Call For Paper is open until 19 January 2026 at UTC. More info →
Location: Atlanta, GA, USA
In-person conference organized by Devopsdays.
The conference starts on the 21 April 2026.
- Apply here
3
days
The Call For Paper is open until 23 November 2025 at UTC. More info →
Location: Madrid, ES
In-person conference organized by T3CHFEST.
The conference starts on the 13 March 2026.
- Apply here
72
days
The Call For Paper is open until 31 January 2026 at UTC. More info →
Location: Copenhagen, DK
In-person conference organized by Devopsdays.
The conference starts on the 28 April 2026.
- Apply here
Until next time!
— Gulcan