Kubernetes for Agentic Apps - A Platform Engineering Perspective | Kaptain

FAUN.dev's Kubernetes Weekly Newsletter

🔗 View in your browser. | ✍️ Publish on FAUN.dev | 🦄 Become a sponsor

Kaptain

#Kubernetes #Docker #DistributedSystems

📝 The Opening Call

In the past days:

A security breach in Red Hat's consulting GitLab instance led to the theft of 570GB of data.
Anthropic launched Petri, a new open-source tool for AI safety audits.
Microsoft released an open-source agent framework for AI.
GitHub introduced post-quantum secure SSH.
Azure introduced AKS Automatic, a new way to manage Kubernetes clusters.
Perplexity rolled out its new AI browser to everyone.
Alpine Linux shifted to a /usr-merged file system.
And more!

Most news outlets wrote long articles about it - paragraphs upon paragraphs of text that take time to read and understand. We took a different approach:
Instead of walls of text, we show you the news as an AI-powered visual, a practical story map that highlights:

The core facts in seconds
How the players connect (people, tools, orgs)
The timeline of what happened and when
The key numbers that actually matter
And more

All digested in minutes, not hours. We believe this is a smarter way to follow developer news. You can see some examples here https://faun.dev/news

This is the second week since the official launch of FAUN.news()! It's a new project and if you want to show your support, we'll be glad to hear your honest feedback! Hit the reply button!

🔍 Inside this Issue

Kubernetes is both the backbone and the bruise this week: from Azure’s manual restarts to sharper autoscaling and meshes that finally speak real HTTPS inside the cluster. Plus: Alpine’s /usr-merge, agent-native platforms, Node.js cost myths, and a detective story that unmasks a noisy pod—details and takeaways tucked into every link.

🏔️ Alpine Linux 3.23 Adopts /usr-Merged File System Layout
🚨 Azure Outage: Kubernetes Crash Hits Teams, Minecraft in EMEA Regions
🛠️ How I Built My Kubernetes Command Toolkit: A Journey from kubectl Chaos to Command Mastery
🔐 Internal HTTPS Routing in Istio.
🔦 Introducing Headlamp Plugin for Karpenter
🤖 Kubernetes for agentic apps: A platform engineering perspective
📊 Most Cloud-Native Roles are Software Engineers
💸 The Myths (and Costs) of Running Node.js on Kubernetes
🕵️‍♂️ Who’s Calling That API? A Detective Story from the Depths of EKS Networking

Ship smarter, keep the cluster calm, and make the next incident boring.

Have a great week!
FAUN.dev Team

ℹ️ News, Updates & Announcements

faun.dev

Alpine Linux 3.23 Adopts /usr-Merged File System Layout

Alpine 3.23 embraces the /usr-merge. Say goodbye to scattered /bin, /sbin, and /lib - they're now symlinks into /usr.

Why it matters: fewer packaging headaches, smoother containers, and a step closer to how the rest of Linux rolls.

faun.dev

Azure Outage: Kubernetes Crash Hits Teams, Minecraft in EMEA Regions

A Kubernetes crash knocked out 30% of Azure Front Door’s capacity, pulling down Microsoft services across EMEA. No bad update to blame this time - just broken nodes. Engineers had to jump in, restart Kubernetes by hand, and fail over the Microsoft 365 portal to get things moving again.

Heavy bet on Kubernetes, but weak auto-recovery left a big hole in Azure’s failover game!

kubernetes.io

Introducing Headlamp Plugin for Karpenter

The new Headlamp Karpenter Plugin wires real-time autoscaling insight straight into the Headlamp UI. It shows Karpenter resources, live metrics, scaling moves—no kubectl spelunking required.

NodePools and NodeClaims get mapped to core Kubernetes objects. You can tweak configs in the UI, get validation on the spot, and instantly see what’s stalling pods or breaking scheduling.

System shift: Autoscaler visibility is crashing into the UI layer. Debugging clusters by click might be the new normal.

👉 Enjoyed this?Read more news on FAUN.dev/news

🔗 Stories, Tutorials & Articles

medium.com

Who’s Calling That API? A Detective Story from the Depths of EKS Networking

A production network got hammered by too many Auth0 token requests. The source? EKS workloads tucked behind a shared NAT Gateway. No easy trail.

Engineers stitched it together using VPC Flow Logs, pod-to-node maps, and some sharp Istio ServiceEntry logs. Even with Kubernetes CNI doing its NAT-obscuring thing, they pinned the blame on the exact pod.

cloudnativenow.com

Most Cloud-Native Roles are Software Engineers

Software Engineers still own the cloud-native job boards in 2025 - nearly 47% of all Kubernetes-tagged listings. DevOps holds onto second. But Platform Engineers just leapfrogged SREs, which have slid 30% since 2023.

blog.platformatic.dev

The Myths (and Costs) of Running Node.js on Kubernetes

Kubernetes struggles to scale Node.js efficiently due to a mismatch in resource usage patterns. Autoscaling can be sluggish with bursty traffic, leading to revenue risks and performance issues. Teams must rethink resource allocation and scaling strategies to optimize Node.js efficiency in Kubernetes and avoid unnecessary costs and complexities.

medium.com

How I Built My Kubernetes Command Toolkit: A Journey from kubectl Chaos to Command Mastery

A dev-built Kubernetes CLI framework reshapes kubectl for how teams actually work. Commands get grouped by role - dev, SRE, sec, admin - instead of by resource.

It bakes in defaults for Kyverno policies, encourages muscle-memory workflows, and wires up real-time troubleshooting to shrink downtime in prod.

platformengineering.org

Kubernetes for agentic apps: A platform engineering perspective

Agentic AI flips the old model. Instead of stateless, event-by-event workloads, we get stateful, self-steering systems that observe, reason, plan, and act - on loop.

Kubernetes steps up as the OS for this next phase. Boosted by platform engineering, it brings the right mix: ephemeral compute, persistent memory, tight orchestration, and a clean way to wire in tools.

Big picture: We’re moving from cloud-native microservices to something more alive - agent-native systems that think and adapt, not just react.

nut-charoenpattanasirikul.medium.com

Internal HTTPS Routing in Istio.

Istio finally brings internal HTTPS routing with SNI-based traffic rules. Services in the mesh can now talk over port 443—TLS fully intact. Just like in prod.

TLS terminates at the ingress gateway. Routing pivots on SNI, not headers. Which makes this much closer to real-world mTLS flows.

What’s the play? Use internal HTTPS in your E2E tests. It closes the gap between test and prod, locking in tighter infra parity.

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

⚙️ Tools, Apps & Software

github.com

OscarAraque/k3s-docker-gpu

K3s Docker GPU project for GPU-accelerated Python workloads in containers. It ships UV, CUDA 12.2, CuPy, NVIDIA GPU support, and K3s deployment with testing and monitoring

github.com

abhishekya233/k8s-overcommit-operator

Manage resource overcommitment in Kubernetes clusters with the k8s-overcommit Operator. Optimize performance and efficiency effortlessly.

github.com

kairos-io/kairos

The immutable Linux meta-distribution for edge Kubernetes.

github.com

HarborGuard/HarborGuard

Modern image vulnerability scanning & patching platform with multi-tool integration.

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

🤔 Did you know?

Did you know that when a Kubernetes node stops responding, its pods can stay bound to it for several minutes before being recreated elsewhere? By default, the control plane waits about 40 seconds of missed heartbeats before marking the node NotReady, and then up to 5 minutes before force-deleting its pods. During that time, controllers still count those pods as running, delaying rescheduling until the eviction timeout expires.

😂 Meme of the week

🤖 Once, SenseiOne Said

"You traded vendor lock-in for control-plane lock-in and called it portability. Reconciliation turns outages into backlogs you ignore until controllers fall behind. Containers isolate processes, not consequences."
— SenseiOne

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

👤 This Week's Human

This week, we’re highlighting Jukka Forsgren — Senior Solutions Architect and GenAI Ambassador at AWS, serving as a field CTO for EMEA North accounts totaling over €100M ARR. He blends deep Kubernetes and agentic AI chops with hands-on delivery—building CDK/Python POCs, running Immersion Days/Game Days/Well-Architected sessions, and channeling customer feedback to service teams. 11× AWS Certified, RHCA, and CKA/CKAD, he’s the engineer you’ve seen at Slush and Red Hat Open Tour turning cloud strategy into shipped systems.

💡 Engage with FAUN.dev on LinkedIn — like, comment on, or share any of our posts on LinkedIn — you might be our next “This Week’s Human”!

❤️ Thanks for reading

👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.

Kaptain #498: Kubernetes for Agentic Apps - A Platform Engineering Perspective
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.