Learn Kubernetes Weekly issue 166 · 14 Jan 2026
Moving WebSocket Service to EKS, Attacker Persistence in Kubernetes, CRD Condition Metrics, Scaling Dagster for 50+ Locations, Envoy Gateway
This issue is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way.
Articles
How We Moved a 2M RPM WebSocket Service to EKS and Fixed a Critical Bottleneck
medium.com
This case study shows how the Freshworks engineering team moved a WebSocket service handling more than two million requests per minute to EKS, uncovering a load-balancing bottleneck and fixing it with ALB cookie-based stickiness.
Beyond the Surface – Exploring attacker persistence strategies in Kubernetes
raesene.github.io
This article walks through how an attacker might gain and maintain access in a Kubernetes cluster, showing techniques like node shell access, hidden namespaces and CSR abuse.
Standardizing CRD Condition Metrics in Kubernetes Operators
sourcehawk.medium.com
This article explains the lack of standard Prometheus metrics for CRD status conditions in Kubernetes operators and introduces a small Go library that turns CRD
status.conditionsinto Prometheus metrics.Scaling Dagster on Kubernetes: Best Practices for 50+ Code Locations
u11d.com
This article discusses scaling Dagster to 50+ code locations on Kubernetes and covers architectural considerations for resource isolation, deployment strategies, and managing large-scale data pipeline orchestration.
An introduction to Envoy AI Gateway
realz.medium.com
This article introduces Envoy AI Gateway, explaining how it manages and routes LLM API traffic with:
- rate limiting,
- authentication,
- and load balancing for AI workloads.
Investigating and fixing "stoppodsandbox from runtime service failed" kubelet errors
marcusnoble.co.uk
In this blog post, the author tracks down persistent sandbox-cleanup errors in a Kubernetes cluster, finds that zero-length CNI cache files cause the problem, and shows how manually deleting those files cleared the error.
Advanced Kubernetes training is coming to San Francisco this January. Join experts for hands-on sessions covering architecture, security, networking, and production best practices.
Tutorials
Transforming Kubernetes Secret Management Best Practices
medium.com
This tutorial teaches how to securely manage and dynamically update Kubernetes secrets using AWS Secrets Manager, External-Secrets Operator, and Config-Reloader.
pixelrobots.co.uk
This tutorial teaches how to set up distributed tracing with Grafana Tempo on AKS using Azure Blob Storage and Private Link for secure, cost-effective observability with workload identity and automated Private Link Service provisioning.
How to Use SimKube for Cost Forecasting
blog.appliedcomputing.io
This tutorial shows you how to run your workloads through SimKube to predict how much your Kubernetes setup will cost before you make changes like switching to ARM or resizing nodes.
Kubernetes jobs
Platform Engineer with AMERICAN SYSTEMS
Salary: $155.7K to $260K a year
Location: remote from the United States of America
Tech stack: Kubernetes, Ansible, Shell, Python, Gitlab, Helm, Rancher
Systems Performance Engineer with Datadog
Salary: $187K to $240K a year
Location: based in the office (and remote from home) in Boston, MA / New York, NY, USA
Tech stack: Kubernetes, Datadog, containerd, AWS, Go, Javascript, Rust, C
Platform Engineer with Peraton
Salary: $112K to $179K a year
Location: based in the office in Washington, D.C, USA
Tech stack: Kubernetes, Grafana, AWS, Terraform, Shell, Python, Prometheus, Helm, ArgoCD
DevSecOps Engineer with Corelight
Salary: $221K to $268K a year
Location: remote from North America
Tech stack: Kubernetes, Go, Splunk
DevOps Engineer with Corelight
Salary: $158K to $198K a year
Location: remote from North America
Tech stack: Kubernetes, Grafana, AWS, Azure, GCP, Docker, Terraform, Pulumi, Ansible, Puppet
Discover more Kubernetes jobs on Kube Careers →
Code & tools
github.com/akuity
Kargo is a continuous delivery and application lifecycle orchestration platform for Kubernetes.
It builds upon GitOps principles and integrates with Argo CD to streamline and automate the progressive rollout of changes across an application's lifecycle.
Kanidm: Modern Identity & Access Management
github.com/kanidm
Kanidm is an all-in-one identity management platform with Webauthn, OAuth2/OIDC SSO, LDAP, RBAC/MFA, UNIX and RADIUS integration.
Kubernetes NMState: Declarative Network Configuration
github.com/nmstate
Kubernetes NMState provides declarative host networking configuration for Kubernetes nodes using NMState to manage interfaces, bonds, VLANs, and routes through custom resources.
github.com/openobserve
Kide is an observability platform that ingests and indexes logs and metrics in real time so you can search, analyze, and alert on cluster and application data without waiting.
github.com/project-zot
zot is a production-ready vendor-neutral OCI image registry - images stored in OCI image format, distribution specification on-the-wire
Other interesting projects:
Upcoming Kubernetes events
Jan
16
Using OpenLLMetry to turbocharge your AI Deployment
Online meetup organized by Artificial Intelligence Technical Community Group.
This is a virtual event
This is a free event.
Jan
15
Exploring AI Agents in Kubernetes
Online meetup organized by Kubernetes Virtual Book Club.
This is a virtual event
This is a free event.
Jan
14
Scaling AI in 2026: The Rise of the Open AI Factory on Kubernetes
Online webinar organized by Mirantis.
This is a virtual event
This is a free event.
Jan
16
In-person meetup organized by Cloud Native Dallas.
Location: Dallas, TX, USA
This is a free event.
Jan
14
Modernizing Applications in Azure without Kubernetes or Microservices
In-person meetup organized by Microsoft Azure User Group Poland.
Location: Gdańsk, PL
This is a free event.
Kubernetes call for papers
32
days
The Call For Paper is open until 15 February 2026 at UTC. More info →
Location: Ghent, BE
In-person conference organized by CfgMgmtCamp.
The conference starts on the 4 February 2026.
- Apply here
45
days
The Call For Paper is open until 28 February 2026 at UTC. More info →
Location: Hamburg, DE
In-person conference organized by Container Days.
The conference starts on the 4 September 2026.
- Apply here
51
days
The Call For Paper is open until 6 March 2026 at UTC. More info →
Location: Bologna, IT
In-person conference organized by CND Italy.
The conference starts on the 18 May 2026.
- Apply here
18
days
KubeCon + CloudNativeCon India 2026
The Call For Paper is open until 2 February 2026 at UTC. More info →
Location: Mumbai, IN
In-person conference organized by CNCF.
The conference starts on the 19 June 2026.
- Apply here
41
days
Kubernetes Community Days Beijing 2026
The Call For Paper is open until 24 February 2026 at UTC. More info →
Location: Beijing, CN
In-person conference organized by KCD Beijing.
The conference starts on the 30 December 2025.
- Apply here
34
days
Kubernetes Community Days Toronto Canada 2026
The Call For Paper is open until 17 February 2026 at UTC. More info →
Location: Toronto, CA
In-person conference organized by KCD Toronto.
The conference starts on the 13 May 2026.
- Apply here
23
days
Kubernetes Community Days Texas 2026
The Call For Paper is open until 6 February 2026 at UTC. More info →
Location: Austin, TX, USA
In-person conference organized by KCD Texas.
The conference starts on the 15 May 2026.
- Apply here
65
days
The Call For Paper is open until 20 March 2026 at UTC. More info →
Location: Amsterdam, NL
In-person conference organized by Cloud Native Amsterdam.
The conference starts on the 22 May 2026.
- Apply here
48
days
Kubernetes Community Days Panama 2026
The Call For Paper is open until 3 March 2026 at UTC. More info →
Location: Panama City, PA
In-person conference organized by KCD Panama.
The conference starts on the 20 April 2026.
- Apply here
Until next time!
— Gulcan