Allow loading remote contents and showing images to get the best out of this email.FAUN.dev's Kubernetes Weekly Newsletter
 
🔗 View in your browser.   |  ✍️ Publish on FAUN.dev   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
Kaptain
 
#Kubernetes #Docker #DistributedSystems
 
 
🔍 Inside this Issue
 
 
From surgical cluster upgrades to an Ingress NGINX end-of-life, this batch is about moving fast without tripping over your infra. Gateway API gets real on kind, CPU weights grow up, and a private assistant you can run offline rounds it out, with details and gotchas below.

🚀 Cluster API v1.12: Introducing In-place Updates and Chained Upgrades
🌉 Experimenting with Gateway API using kind
🛑 Ingress NGINX: Statement from the Steering and Security Response Committees
⚖️ New Conversion from cgroup v1 CPU Shares to v2 CPU Weight
🤖 Run a Private Personal AI with Clawdbot + DMR

Ship smarter this week.

Take care!
FAUN.dev() Team
 
 
ℹ️ News, Updates & Announcements
 
faun.dev faun.dev
 
Cluster API v1.12 Released: In-Place Updates and Chained Upgrades
 
 
Cluster API v1.12 lands with in-place machine updates and chained upgrades across Kubernetes minor versions. Cleaner workflows. Fewer hoops.

It sharpens immutable rollouts and throws in a delete-first strategy, handy when running lean on resources.
 
 
👉 Enjoyed this?Read more news on FAUN.dev/news
 
⭐ Sponsors
 
faun.dev faun.dev
 
🚀 Take Your Coding Experience to the Next Level !
 
 
Uncover how to level-up your GitHub Copilot and VS Code experience from an autocomplete assistant to an intelligent, agentic teammate that can navigate your codebase, execute tasks, reason across files and even manage your GitHub projects.

In Building with GitHub Copilot course, you're not just learning how to use GitHub Copilot. You're exploring a shift in how we write, reason about, and collaborate on code.

Get your copy today!
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
🔗 Stories, Tutorials & Articles
 
kubernetes.io kubernetes.io
 
New Conversion from cgroup v1 CPU Shares to v2 CPU Weight
 
 
A new quadratic formula now maps cgroup v1 CPU shares to cgroup v2 CPU weight. Why? Because the old linear approach messed with CPU fairness; especially at low share values. This fix nails prioritization where it counts.

It lands at the OCI runtime layer, live in runc v1.3.2 and crun v1.23, so containers finally get CPU weights that reflect reality, not rounding errors.

Big picture: Kubernetes and cgroup v2 never quite agreed on CPU math. This update closes that gap, giving schedulers sharper control and workloads cleaner isolation.
 
 
kubernetes.io kubernetes.io
 
Cluster API v1.12: Introducing In-place Updates and Chained Upgrades
 
 
Cluster API v1.12.0 adds in-place updates and chained upgrades, so machines can swap parts without going down, and clusters can jump versions without drama.

KubeadmControlPlane and MachineDeployments now choose between full rollouts or surgical patching, depending on what changed. The goal: keep clusters stable, upgrades smooth.

Bigger picture: Cluster API is edging closer to what real workload orchestration should feel like, a smart balance between solid-state infra and lifecycle agility.
 
 
kubernetes.io kubernetes.io
 
Ingress NGINX: Statement from the Steering and Security Response Committees
 
 
Kubernetes is cutting off Ingress NGINX in March 2026. No more updates. No bug fixes. No security patches. Done.

Roughly half of cloud-native setups still rely on it, but it's been understaffed for years. If you're one of them, it's time to move.

There’s no plug-and-play replacement, but the ecosystem’s betting on Gateway API. It’s more modern. More flexible. Built for today’s traffic-routing problems.
 
 
docker.com docker.com
 
Run a Private Personal AI with Clawdbot + DMR
 
 
Clawdbot just plugged into Docker Model Runner (DMR). That means you can now run your own OpenAI-compatible assistant, locally, on your hardware. No cloud. No per-token fees. No data leaking into the void.
 
 
kubernetes.io kubernetes.io
 
Experimenting with Gateway API using kind
 
 
A new guide shows how to run Gateway API locally with kind and cloud-provider-kind. It spins up a one-node Kubernetes cluster in Docker - complete with LoadBalancer Services and a Gateway API controller. Cloud vibes, zero cloud bill.

Fire it up to deploy demo apps, test routing, or poke around with CRD experiments. No production stress attached.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
⭐ Supporters
 
bytevibe.co bytevibe.co
 
Take a break!
 
 
Take a break, and get a coffee! Warm your soul with a nice mug perfectly sized black ceramic mug.
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
💬 Discussions, Q&A & Forums
 
reddit.com reddit.com
 
After 5 years of running K8s in production, here's what I'd do differently
 
 
A Reddit user shared their insights on what they would do differently after 5 years of running Kubernetes in production, to cite:

1. Don't run your own control plane unless you have to We spent 6 months maintaining self-hosted clusters before switching to EKS. That's 6 months of my life I won't get back.

2. Start with resource limits from day 1 Noisy neighbor problems are real. One runaway pod took down our entire node because we were lazy about limits.

3. GitOps isn't optional, it's survival We resisted ArgoCD for a year because "kubectl apply works fine." Until it didn't. Lost track of what was deployed where.

4. Invest in observability before you need it The time to set up proper monitoring is not during an outage at 3am.

5. Namespaces are cheap, use them We crammed everything into 3 namespaces. Should've been 30.
 
 
 
⚙️ Tools, Apps & Software
 
github.com github.com
 
kubernetes-sigs/descheduler
 
 
Descheduler for Kubernetes
 
 
github.com github.com
 
ahrixia/k8s-enum.sh
 
 
Kubernetes Enumeration Tools for Penetration Testing - K8s security assessment scripts for red team operations
 
 
github.com github.com
 
NCCloud/zap-operator
 
 
A Kubernetes operator to manage Zed Attack Proxy (ZAP) scans :rocket:
 
 
github.com github.com
 
aws/aws-node-termination-handler
 
 
Gracefully handle EC2 instance shutdown within Kubernetes
 
 
github.com github.com
 
BagelHole/DevOps-Security-Agent-Skills
 
 
DevOps and Security knowledge base with 50+ skills covering Kubernetes, Terraform, AWS/GCP/Azure, container hardening, SOC2 compliance, and incident response. Includes ready-to-run scripts and agent-ready instructions for SREs, platform engineers, and security teams.
 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤔 Did you know?
 
 
Did you know Kubernetes’ API server implements API Priority and Fairness (APF) to protect itself from overload by classifying traffic into flows and priority levels defined by FlowSchema and PriorityLevelConfiguration? APF applies a fair-queuing algorithm so that within a given priority level, distinct request flows are treated equitably, and it uses shuffle sharding to assign flows to a subset of queues to reduce interference from heavy hitters. APF has been enabled by default since Kubernetes 1.20 (beta) and became stable in v1.29, and the flow control configuration (priority levels, concurrency shares, queueing behavior) is tunable at runtime via API objects without restarting the API server. By dividing the server’s total concurrency limit among priority levels, critical control-plane traffic such as leader election, kubelet heartbeats, and controller manager requests remain responsive even under load from noisy clients.
 
 
🤖 Once, SenseiOne Said
 
 
"Containers made processes portable; Kubernetes made failure modes portable. Distributed systems don't remove decisions; they hide them in timeouts, retries, and elections."
-- SenseiOne
 

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

 
⚡Growth Notes
 
 
When you change a Kubernetes resource, take the time to diff not just the YAML, but the resulting object model you expect the controllers to converge to, stepping through how each controller, admission webhook, and CRD status field will react to that single patch. This quiet habit of mentally simulating the full reconciliation path before you kubectl apply is how senior engineers avoid cascading outages, reduce rollback thrash, and build a deep, controller-focused intuition that continues to pay off even as APIs and platforms shift around them.
 
Each week, we share a practical move to grow faster and work smarter
 
😂 Meme of the week
 
 
 
 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

Kaptain #514: After 5 Years of K8s in Production, Here's What I'd Do Differently
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.