Learn Kubernetes Weekly issue 170 · 11 Feb 2026
Could Lockfiles Be SBOMs, Istio Ingress with Kyverno, Why Not Factorio in Kubernetes, Running DeepSeek Models, Short-Lived Is a Good Thing
This issue is brought to you by vCluster and LearnKube — join "Multi-Tenancy March" starting Feb 24: a free 3-part hands-on series on namespace isolation, virtual clusters, GPU sharing, and AI agent sandboxing on Kubernetes.
Hi, Dan here!
We’re running a 3-part free series with vCluster on Kubernetes multitenancy. Last year I covered the multitenancy spectrum — namespaces, virtual clusters, dedicated control planes, and how to choose between them.
This year I’m doubling down and adding AI agent sandboxing to the mix: what happens when the tenant isn’t a team but a machine acting on its own?
Articles
Could lockfiles just be SBOMs?
nesbitt.io
This article explores whether package manager lockfiles could use standardized SBOM formats like CycloneDX instead of their current ecosystem-specific formats.
Dynamic Istio Ingress Gateway Management with Kyverno
medium.com
This case study shows how Mindbody used Kyverno policy-as-code to dynamically manage Istio ingress gateways across hundreds of applications without updating individual Helm charts.
Factorio in Kubernetes? Well, why not?
igorweb.hashnode.dev
This article shows how to migrate a Factorio game server from a basic VPS to Kubernetes with Longhorn storage, addressing lag issues and improving reliability.
Running DeepSeek Models on Kubernetes: A Backend Engineer’s Experiment
medium.com
This article shares a backend engineer's journey deploying DeepSeek Coder for an on-premise security code review tool at a startup.
Ephemeral Infrastructure: Why Short-Lived is a Good Thing
lukasniessen.medium.com
This article explains how to use ephemeral infrastructure where components are designed to exist only as long as needed, then disappear, making systems more stable.
It details how Kubernetes Pods are designed to be killed and replaced at any moment.
Kubernetes Multitenancy March: A Free 3-Part Series
Not all multitenancy is created equal — a namespace won’t cut it when you need CRD isolation, and a dedicated cluster is overkill when you just need a sandbox.
This series walks through the actual trade-offs: what breaks, what scales, and what to pick for your specific setup.
Tutorials
Persistent Storage in AKS using Azure Disks: Deploying MySQL with a WebApp via LoadBalancer
www.devopswithritesh.in
This article shows how to use Azure Disks to provide persistent storage in an AKS cluster by deploying a MySQL database and a web application exposed through a LoadBalancer.
Kubernetes Gateway API: A Complete Step-by-Step Setup Guide
ashagraw.medium.com
This tutorial teaches how to set up and configure Kubernetes Gateway API by:
- installing a Gateway API controller,
- creating Gateway and HTTPRoute resources,
- and configuring traffic routing rules.
medium.com
This tutorial shows how to use Microcks to create consistent API mocking across local development and Kubernetes production environments, bridging the gap between developers and operations teams through contract-first development.
You self-host services at home, but upgrades break things, rollbacks require SSH-ing in to kill containers manually, and there's no safety net if your hardware fails.
Thibault Martin, Director of Program Development at the Matrix Foundation, walked this exact path — from Docker Compose to Podman with Ansible to Kubernetes on a single server — and explains why each transition happened and what it solved.
In this interview:
- Why Ansible's declarative promise fell short with the Podman collection, forcing sequential imperative steps instead of desired-state definitions
- How community Helm charts replace the need to write and maintain every manifest yourself
- Why GitOps isn't just a deployment workflow — it's a disaster recovery strategy when your infrastructure lives in your living room
- How k3s removes the barrier to entry by bundling opinionated defaults so you can skip choosing CNI plugins and storage providers
Kubernetes doesn't have to be enterprise-scale — with the right distribution and community tooling, it can be a practical, low-overhead choice for anyone who cares about their data.
Kubernetes jobs
Site Reliability Engineer with Verisign
Salary: $118.9K to $147.3K a year
Location: based in the office (and remote from home) in Reston, VA, USA
Tech stack: Kubernetes, On-premise, Bare-metal, Kubernetes, GitHub Actions, ArgoCD, GitHub, Terraform, RBAC, Python
Platform Engineer with Verisign
Salary: $108.9K to $147.3K a year
Location: remote from
Tech stack: Kubernetes, On-premise, Bare-metal, Kubernetes, Prometheus, Grafana, Splunk, GitHub Actions, GitHub, Python
DevSecOps Engineer with Subsplash
Salary: $140K to $175K a year
Location: remote from
Tech stack: Kubernetes, AWS, Azure, GCP, EKS, AKS, GKE, Kubernetes, Git, Terraform
Platform Engineer with Tatari
Salary: $180K to $210K a year
Location: based in the office in New York City, NY, USA
Tech stack: Kubernetes, AWS, EKS, Docker, Kubernetes, Datadog, Kibana, Terraform, Amazon Redshift, Kafka
Platform Engineer with Tatari
Salary: $180K to $210K a year
Location: based in the office in New York City, NY, USA
Tech stack: Kubernetes, AWS, EKS, Docker, Kubernetes, Datadog, Kibana, Terraform, Amazon Redshift, Kafka
Discover more Kubernetes jobs on Kube Careers →
Code & tools
github.com/yokecd
Yoke is an IaC tool inspired by Helm that leverages WebAssembly and Go to dynamically deploy Kubernetes packages with executable runtime capabilities.
It supports revision tracking, rollback, and inspection.
github.com/arxignis
Synapse is a high-performance reverse proxy and firewall built with Rust, using XDP-based packet filtering for ultra-low latency protection at kernel level.
nix-snapshotter: native understanding of Nix packages for containerd
github.com/pdtpartners
This code lets containerd pull and run images directly from the Nix store instead of traditional OCI layers by giving containerd native awareness of Nix packages and a CRI image service for Kubernetes.
Korrel8r: observability correlation engine
github.com/korrel8r
Korrel8r is a rule-based correlation engine that automatically discovers and graphs relationships between Kubernetes cluster resources and observability signals across Prometheus, Loki, Alertmanager, and the Kubernetes API.
github.com/k8s-lynq
Lynq Operator automates Kubernetes resource provisioning directly from database rows using Go templates and Sprig functions.
Other interesting projects:
Upcoming Kubernetes events
Feb
12
In-person conference organized by Container Days.
Location: London, UK
This event requires an entrance fee
Use KUBEEVENTS to get 50% off
Feb
13
In-person conference organized by Red Hat.
Location: Pune, IN
This event requires an entrance fee
Feb
14
Deploying AI/ML Applications and Models with Docker and Kubernetes
Online meetup organized by Stacja IT Kraków.
This is a virtual event
This is a free event.
Feb
15
Why Kubernetes Costs More Than You Expect
Online meetup organized by Cloud Native Jordan.
This is a virtual event
This is a free event.
Feb
17
Building PCI Compliant Kubernetes Platforms & ArgoCD Plugins to take back control of your GitOps
Online & in-person meetup organized by Cloud Native Québec.
Location: Québec, CA and virtual
This is a free event.
Feb
24
The Multi-Tenancy Spectrum 2026: From Team Isolation to Agent Sandboxing
Online webinar organized by LearnKube + vCluster.
This is a virtual event
This is a free event.
Kubernetes call for papers
4
days
The Call For Paper is open until 15 February 2026 at UTC. More info →
Location: Ghent, BE
In-person conference organized by CfgMgmtCamp.
The conference starts on the 4 February 2026.
- Apply here
17
days
The Call For Paper is open until 28 February 2026 at UTC. More info →
Location: Hamburg, DE
In-person conference organized by Container Days.
The conference starts on the 4 September 2026.
- Apply here
23
days
The Call For Paper is open until 6 March 2026 at UTC. More info →
Location: Bologna, IT
In-person conference organized by CND Italy.
The conference starts on the 18 May 2026.
- Apply here
13
days
Kubernetes Community Days Beijing 2026
The Call For Paper is open until 24 February 2026 at UTC. More info →
Location: Beijing, CN
In-person conference organized by KCD Beijing.
The conference starts on the 30 December 2025.
- Apply here
6
days
Kubernetes Community Days Toronto Canada 2026
The Call For Paper is open until 17 February 2026 at UTC. More info →
Location: Toronto, CA
In-person conference organized by KCD Toronto.
The conference starts on the 13 May 2026.
- Apply here
37
days
The Call For Paper is open until 20 March 2026 at UTC. More info →
Location: Amsterdam, NL
In-person conference organized by Cloud Native Amsterdam.
The conference starts on the 22 May 2026.
- Apply here
20
days
Kubernetes Community Days Panama 2026
The Call For Paper is open until 3 March 2026 at UTC. More info →
Location: Panama City, PA
In-person conference organized by KCD Panama.
The conference starts on the 20 April 2026.
- Apply here
18
days
Kubernetes Community Days Kochi 2026
The Call For Paper is open until 1 March 2026 at UTC. More info →
Location: Kochi, IN
In-person conference organized by KCD Kochi.
The conference starts on the 11 April 2026.
- Apply here
49
days
Kubernetes Community Days Czech & Slovak - Prague 2026
The Call For Paper is open until 1 April 2026 at UTC. More info →
Location: Bratislava, SK
In-person conference organized by KCD Czech & Slovak.
The conference starts on the 21 May 2026.
- Apply here
Until next time!
— Gulcan