Learn Kubernetes Weekly issue 179 · 15 Apr 2026

CloudEvents Standards, Sandboxes for AI, GKE East-West Traffic Security, Chaos Engineering, Multi-Account AWS Monitoring

This newsletter is brought to you by Portworx. Automate, protect, and unify data for modern applications across on-premises, public, and hybrid cloud environments.

Articles

1. CloudEvents: The missing standards of Event-Driven Architecture

   medium.com

   This article explains how CloudEvents provides missing standardization for Event Driven Architecture by defining a common envelope format for events, solving inconsistency problems across distributed systems.

2. What Is The Kubernetes Operator Pattern, and Why Does It Matter for Databases?

   portworx.com

   This article explains how a Kubernetes operator encodes operational knowledge into custom controllers, converting manual runbooks into declarative YAML manifests.

   It uses the CloudNativePG operator as a reference for this pattern and shows how it automates several complex database tasks.

   sponsored

3. A field guide to sandboxes for AI

   luiscardoso.dev

   This article compares isolation technologies for AI agents, including microVMs like Firecracker and Kata Containers, gVisor's userspace kernel, and runtime sandboxes for securing untrusted code execution.

4. Securing East-West Traffic with GKE Internal Gateway

   medium.com

   This tutorial shows how to secure east-west traffic in GKE using an Internal Regional Gateway with Envoy proxies, certificates, HTTP Routes with path rewriting, and a zero-trust architecture for service-to-service communication.

5. Designing for Failure: Chaos Engineering Best Practices

   pulse.rajatgupta.work

   This article explains chaos engineering practices for Kubernetes, covering how to design resilient systems by proactively testing failure scenarios like pod crashes, network failures, and resource exhaustion using tools like Chaos Mesh and LitmusChaos.

6. Building a Centralized Multi Account AWS Monitoring Platform

   medium.com

   This case study shows building a centralized multi-account AWS monitoring platform managing 25+ accounts using Python Boto3 to fetch resource configurations into MongoDB, with Flask API and Next.js frontend achieving $30k annual savings.

Articles worth checking out:

• New Conversion from cgroup v1 CPU Shares to v2 CPU Weight

Tutorials

1. Adding Observability to My EKS Cluster: Moving to App of Apps and Deploying Kube-Prometheus-Stack

   medium.com

   This tutorial shows how to add observability to an EKS cluster by migrating to ArgoCD's App of Apps pattern and deploying kube-prometheus-stack with a properly configured EBS CSI driver and kubelet cAdvisor configuration.

2. Kubernetes for Pentesters: Breaking Orchestrated Infrastructure from Zero

   kayssel.substack.com

   This tutorial teaches Kubernetes security testing from an offensive perspective, covering:

   • pod compromise detection,
   • service account token exploitation,
   • RBAC privilege escalation,
   • and tools like kubeletctl and peirates.

3. How I deploy any kubernates service to EKS with Terraform

   medium.com

   This tutorial teaches how to deploy Kubernetes services to EKS using Terraform, with Route 53 for DNS management, ACM certificates for HTTPS, and VPC configuration and proper subnet setup for a complete, production-ready infrastructure.

Kubernetes jobs

1. • Site Reliability Engineer with Verisign

   • Salary: $135.8K to $183.8K a year

   • Location: based in the office (and remote from home) in Reston, VA, USA

   • Tech stack: Kubernetes, Kubernetes, Docker, Openstack, DNS, Jenkins, Ansible, Terraform, ServiceNow, RedHat Identity Manager

2. • Software Engineer with Workato

   • Salary: $40.5K to $269.5K a year

   • Location: based in the office in Sofia, BG

   • Tech stack: Kubernetes, Kubernetes, Google Cloud, AWS, Azure, compliance, security, AWS S3, C, Go

3. • Software Engineer with Workato

   • Salary: $47.97K to $233.2K a year

   • Location: based in the office in Lisbon, PT

   • Tech stack: Kubernetes, Kubernetes, Google Cloud, AWS, Azure, C, Go, Rust

4. • Software Engineer with Workato

   • Salary: €45K to €126.5K a year

   • Location: based in the office in Barcelona, ES

   • Tech stack: Kubernetes, Kubernetes, Google Cloud, AWS, Azure, C, Go, Rust

5. • DevSecOps Engineer with Veeam Software

   • Salary: $147.4K to $377.4K a year

   • Location: based in the office in San Jose, CA, USA

   • Tech stack: Kubernetes, Kubernetes, AWS, Azure, Docker, GCP, On-premise, Git, GitHub Actions, compliance

Discover more Kubernetes jobs on Kube Careers →

Code & tools

1. Docker Time Machine: image evolution

   github.com/jtodic

   Docker Time Machine is a CLI tool written in Go that tracks Docker image evolution through git history by walking through commits, building images, and recording metrics like size, layer count, and build time.

2. Kubernetes Operator for MCP Servers

   github.com/vitorbari

   MCP Operator deploys and validates MCP servers on Kubernetes with automatic protocol detection for SSE and Streamable HTTP, built-in monitoring via Prometheus and Grafana dashboards, optional metrics sidecar for request tracking, and HPA support.

3. cert-manager-webhook-pdns

   github.com/zachomedia

   cert-manager-webhook-pdns is a PowerDNS webhook for cert-manager that enables automated Let's Encrypt certificate issuance using DNS-01 challenges by integrating with PowerDNS API for DNS record management.

4. external-dns-provider-mikrotik – ExternalDNS Webhook for MikroTik DNS

   github.com/mirceanton

   This project provides a webhook provider for ExternalDNS that lets Kubernetes automatically manage DNS records on a MikroTik RouterOS via its API.

5. Stakpak: Open Source DevOps AI Agent

   github.com/stakpak

   Stakpak is an open source terminal AI agent for DevOps that generates infrastructure code, debugs Kubernetes, and automates deployments — with secret substitution so the LLM never sees your actual credentials.

Other interesting projects:

• kubecfg: kubeconfig CLI tool

• Sloth: Prometheus SLO Generator

• kubechecks: App Updates

Upcoming Kubernetes events

1. Apr

   15

   Getting traffic into Kubernetes clusters on-premise at scale

   Online & in-person meetup organized by Cloud Native Prague.

   • Location: Prague, CZ and virtual

   • This is a free event.

2. Apr

   15

   SREday San Francisco 2026

   In-person conference organized by SREday.

   • Location: San Francisco, CA, USA

   • This event requires an entrance fee

3. Apr

   20

   Kubernetes Community Days Panama 2026

   In-person conference organized by KCD Panama.

   • Location: Panama City, PA

   • This is a free event.

4. Apr

   20

   SREday Seattle 2026

   In-person conference organized by SREday.

   • Location: Seattle, WA, USA

   • This event requires an entrance fee

5. Apr

   21

   Devopsdays Atlanta

   In-person conference organized by Devopsdays.

   • Location: Atlanta, GA, USA

   • This event requires an entrance fee

6. Apr

   23

   Advanced Kubernetes course

   Online workshop organized by LearnKube.

   • This is a virtual event

   • This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes call for papers

1. 31

   days

   Kubernetes Community Days Lima 2026

   The Call For Paper is open until 19 May 2026 at UTC. More info →

   • Location: Lima, PE

   • In-person conference organized by KCD Lima, Perú.

   • The conference starts on the 18 July 2026.

   • Apply here

2. 15

   days

   KubeCon China 2026

   The Call For Paper is open until 3 May 2026 at UTC. More info →

   • Location: Shanghai, CN

   • In-person conference organized by CNCF.

   • The conference starts on the 9 September 2026.

   • Apply here

3. 44

   days

   Cloud Native Days Norway

   The Call For Paper is open until 1 June 2026 at UTC. More info →

   • Location: Bergen, NO

   • In-person conference organized by CND Norway.

   • The conference starts on the 27 October 2026.

   • Apply here

4. 3

   days

   SREday Munich 2026

   The Call For Paper is open until 21 April 2026 at UTC. More info →

   • Location: Munich, DE

   • In-person conference organized by SREday.

   • The conference starts on the 15 May 2026.

   • Apply here

5. 47

   days

   Devopsdays Feira de Santana

   The Call For Paper is open until 4 June 2026 at UTC. More info →

   • Location: Feira de Santana, BR

   • In-person conference organized by Devopsdays.

   • The conference starts on the 6 June 2026.

   • Apply here

6. 13

   days

   SREday NYC 2026

   The Call For Paper is open until 1 May 2026 at UTC. More info →

   • Location: New York, NY, USA

   • In-person conference organized by SREday.

   • The conference starts on the 2 June 2026.

   • Apply here

7. 47

   days

   Devopsdays Curitiba

   The Call For Paper is open until 4 June 2026 at UTC. More info →

   • Location: Curitiba, BR

   • In-person conference organized by Devopsdays.

   • The conference starts on the 22 August 2026.

   • Apply here

8. 15

   days

   Devopsdays Berlin

   The Call For Paper is open until 3 May 2026 at UTC. More info →

   • Location: Berlin, DE

   • In-person conference organized by Devopsdays.

   • The conference starts on the 29 September 2026.

   • Apply here

9. 3

   days

   CLC26

   The Call For Paper is open until 21 April 2026 at UTC. More info →

   • Location: Mannheim, DE

   • In-person conference organized by Rheinwerk Verlag.

   • The conference starts on the 11 November 2026.

   • Apply here

Until next time!

— Gulcan