Allow loading remote contents and showing images to get the best out of this email.FAUN.dev's Kubernetes Weekly Newsletter
 
🔗 View in your browser.   |  ✍️ Publish on FAUN.dev   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
Kaptain
 
#Kubernetes #Docker #DistributedSystems
 
 
🔍 Inside this Issue
 
 
Control is the thread this week: tiny immutable distros and Kamaji-driven multi-tenancy on one end, a nasty Capsule label slip and OTel gotchas on the other. Kubernetes itself levels up (DRA, NodeSwap, saner YAML) while real teams cut bills with Linkerd and start letting AI tune the waste—dive in and pull the threads that matter to your stack.
🧪 5 of the best distros for building Kubernetes clusters
🧭 Build Your Own Kubernetes based SaaS Cloud Platform with Kamaji and GitOps
🚨 Critical Kubernetes Capsule Vulnerability Allows Arbitrary Namespace Label Injection
🧰 How Imagine Learning Reduced Operational Overhead by 20% With Linkerd
💸 Kubernetes costs keep rising. Can AI bring relief?
🗺️ Kubernetes Learning Roadmap
🔮 Kubernetes v1.34 Sneak Peek: A Game-Changer for the Kubernetes Expert’s Lifecycle
🧩 OpenTelemetry configuration gotchas
🧠 Tuning Linux Swap for K8s : A Deep Dive
☁️ How to Deploy a Kubernetes App on AWS EKS
Fewer surprises, tighter control—go make your cluster earn its keep.
Have a great week!
FAUN.dev Team
 
 
⭐ Patrons
 
bytevibe.co bytevibe.co
 
🧪💻🎸 Science, Code & Rock 'n' Roll
 
 
Made for coders who live on logic and riffs, it’s soft, seamless, and pure 100% cotton.
 
 

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

 
ℹ️ News, Updates & Announcements
 
faun.pub faun.pub
 
Kubernetes v1.34 Sneak Peek: A Game-Changer for the Kubernetes Expert’s Lifecycle
 
 
Kubernetes v1.34 lands August 2025 with a clear agenda: smarter scheduling, tighter control, fewer surprises.

Dynamic Resource Allocation goes stable, letting clusters actually reason about GPUs, FPGAs, and NICs. AI/ML and HPC jobs stop guessing and start requesting what they need.

ServiceAccount tokens for image pulls hit beta and turn on by default. No more wrestling with secret mounts just to get through the CI/CD pipeline.

KYAML proposes a stricter, saner YAML spec. Fewer config footguns. Better tooling. Less mystery in your manifests.

Container-Level Restart Rules bring precise recovery knobs: tune restarts by container, not the whole pod. And device health reporting kicks observability up a notch—no more “it worked yesterday” debugging.

Kube also cleans up config flows with init-to-main file passing. Hand off files between init and main containers without duct tape. New rollout signals like TerminationStarted help operators speed up deploys without guessing pod lifecycles.

Big picture: Kubernetes grows up—becoming more declarative, durable, and hardware-aware. Less magic. More muscle.
 
 
benzinga.com benzinga.com
 
Elon Musk's xAI Offers Up To $440K For Infrastructure Engineers, Calls It 'Adventure Of A Lifetime'
 
 
xAI wants infrastructure engineers to help scale its supercomputing stack—and they're not playing small. They're after folks who know Kubernetes, can wrangle L4/L7 proxies, and speak fluent cloud networking.

The goal: push multi-cluster production inference across the Memphis supercluster (yeah, the one they spun up in just 120 days).

Bigger picture: xAI looks locked in on vertical integration, dialing in its infrastructure to run proprietary models fast and at serious scale.
 
 
cio.com cio.com
 
Kubernetes costs keep rising. Can AI bring relief?
 
 
88% of Kubernetes users say their total costs keep climbing—thanks to overprovisioned clusters, messy architectures, and hands-on ops. So now, 92% are bringing in AI-driven cost tools to automate rightsizing and squeeze waste from sprawling workloads.

System shift: AI isn't just sneaking into cluster ops. It's staking a claim. Manual tuning can't keep up with the mess.
 
 
cyberpress.org cyberpress.org
 
Critical Kubernetes Capsule Vulnerability Allows Arbitrary Namespace Label Injection
 
 
Capsule v0.10.3 had a problem. Tenant users could sneak their own labels into system namespaces—an easy way to punch holes in Kubernetes multi-tenancy.

v0.10.4 shuts that down. It tightens namespace validation and clamps down on label injection.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
🔗 Stories, Tutorials & Articles
 
kubernetes.io kubernetes.io
 
Tuning Linux Swap for Kubernetes: A Deep Dive
 
 
Kubernetes v1.34 makes NodeSwap official. For the first time, swap on Linux nodes is fully supported—breaking with the old norm of just turning it off.

Why it matters: NodeSwap gives the kubelet a pressure valve. Instead of firing off OOM kills, it can push some memory to disk. But this isn’t a free win. Swapping right takes real tuning. Think swappiness, min_free_kbytes, and watermark_scale_factor. Miss the mark, and your node stability takes the hit.

Big picture: This is a serious shift in Kubernetes memory management. More headroom, more nuance. Worth it—if your ops game is sharp.
 
 
onepin.io onepin.io
 
Kubernetes Learning Roadmap   ✅
 
 
The Kubernetes Learning Roadmap covers key concepts such as understanding Kubernetes use cases, installing Kubernetes locally, interacting with Kubernetes using YAML and kubectl, managing deployments and replica sets, and networking in Kubernetes. Additionally, it includes topics like managing environment settings, volumes and storage, namespaces and RBAC, health checks and probes, monitoring and logging, package management with Helm, custom resources and operators, networking deep dive, scaling and auto-healing, CI/CD automation, security best practices, disaster recovery, and certification for real projects.
 
 
freecodecamp.org freecodecamp.org
 
How to Deploy a Kubernetes App on AWS EKS
 
 
AWS EKS takes the grunt work out of running Kubernetes. It handles the control plane, automates upgrades, hooks into IAM and VPC, and scales without breaking a sweat.

With eksctl and kubectl, devs can launch clusters fast, drop in their YAML, and wire up services through built-in load balancers.
 
 
cncf.io cncf.io
 
How Imagine Learning Reduced Operational Overhead by 20% With Linkerd
 
 
Imagine Learning tore down its old platform and rebuilt it on Linkerd with AWS EKS, layering in Argo CD and Argo Rollouts. The result? GitOps deploys, canary releases via the Gateway API, and mTLS baked in from the start.

The payoff:

Over 80% cut in compute costs.
97% fewer service mesh CVEs.
20% drop in ops overhead.

System shift: This isn't just a tech upgrade. It's a clear bet on lightweight, GitOps-native meshes built for secure, scalable, multi-cluster Kubernetes.
 
 
blog.frankel.ch blog.frankel.ch
 
OpenTelemetry configuration gotchas
 
 
Zero-code OpenTelemetry still feels like a myth. Python skips logs out of the box. Quarkus wires up tracing, nothing else. Micrometer Tracing (Spring Boot) ignores OTel env vars unless you’re on 3.5 or later. Every stack plays by its own rules.
 
 
xda-developers.com xda-developers.com
 
5 of the best distros for building Kubernetes clusters
 
 
More devs are spinning up Kubernetes clusters on stripped-down Linux distros—think Raspberry Pi OS, Debian, Talos Linux, Fedora CoreOS. MicroK8s and k3s make low-power, ARM-first deployments feel less like a science project.

Talos Linux? It’s the wildcard—API-only node ops and an immutable, locked-down design that feels made for tinkerers with trust issues.

For the VM crowd, Harvester + Rancher brings a more buttoned-up setup to home labs. Still K8s. Still fun. Just... shinier.
 
 
itnext.io itnext.io
 
Build Your Own Kubernetes based SaaS Cloud Platform with Kamaji and GitOps   ✅
 
 
Want a cost-effective, lean SaaS Kubernetes platform? Consider Kamaji for powerful, flexible multi-tenant control plane management. Say bye to expensive VMs, hello to container-configured control planes across diverse infrastructure. Built by Clastix, it operates effortlessly with CRD-based APIs, just like Boiler Grandpa from Spirited Away.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
⚙️ Tools, Apps & Software
 
github.com github.com
 
czhu12/canine
 
 
Power of Kubernetes, Simplicity of Heroku
 
 
github.com github.com
 
kcp-dev/kcp
 
 
Kubernetes-like control planes for form-factors and use-cases beyond Kubernetes and container workloads.
 
 
github.com github.com
 
kubenote/KubeForge
 
 
Visual Editor for Kubernetes Deployments
 
 
github.com github.com
 
pehlicd/crd-wizard
 
 
CR(D) Wizard is a web based dashboard designed to provide a clear and intuitive interface for visualizing and exploring Kubernetes Custom Resource Definitions (CRDs) and their corresponding Custom Resources (CRs). It helps developers and cluster administrators quickly understand the state of their custom controllers and the resources they manage.
 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤔 Did you know?
 
 
Did you know that Kubernetes’ NodeLocal DNSCache runs CoreDNS locally on each node and intercepts DNS queries via a link-local IP (e.g. 169.254.20.10) with iptables’ NOTRACK, so lookups never hit conntrack? This simple setup keeps DNS working even if conntrack is overloaded by other workloads, preventing noisy apps from knocking cluster DNS offline. Just be mindful—if you use strict NetworkPolicies, you must explicitly allow egress to that link-local IP, or pods may “lose DNS” even when the kube-dns Service appears healthy.
 
 
😂 Meme of the week
 
 
 
 
🤖 Once, SenseiOne Said
 
 
"On Kubernetes, your spec is deterministic and your system is not; controllers, backoff, and eventual consistency arbitrate the gap. Containers remove machine drift; distributed systems turn timing into a feature you must design for. Miss that, and you’ll page yourself for normal convergence."

— SenseiOne
 

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

 
👤 This Week's Human
 
 
This week, we’re highlighting Ihor Yevtushenko, a DevOps Cloud Engineer in Bern running Yevtushenko DevOps Services. 6x AWS certified (DevOps Pro, Security Specialty) with CKA, he builds Terraform-first AWS platforms, production Kubernetes clusters, and GitOps/CI pipelines with ArgoCD, drawing on hands-on stints at EPAM Systems, HCLTech, Morphean SA, and 42matters.
 

💡 Engage with FAUN.dev on LinkedIn — like, comment on, or share any of our posts on LinkedIn — you might be our next “This Week’s Human”!

 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

Kaptain #491: Tuning Linux Swap for Kubernetes
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.