Allow loading remote contents and showing images to get the best out of this email.Kubernetes Weekly Newsletter, Kaptain, a FAUN Newsletter.
 
🔗 View in your browser.   |  ✍️ Publish on FAUN   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
Kaptain
 
Curated Kubernetes news, tutorials, tools and more!
 
 
⭐ Patrons
 
www.manageengine.com www.manageengine.com
 
Navigating Kubernetes observability: A live webinar by ManageEngine and DevOps Toolkit
 
 
Struggling with Kubernetes visibility? Join ManageEngine and DevOps expert Viktor Farcic in this exclusive webinar to uncover strategies for enhancing performance, eliminating blind spots, and optimizing your Kubernetes environment. Register now!
 
 

👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.

 
ℹ️ News, Updates & Announcements
 
kubernetes.io kubernetes.io
 
Ingress-nginx CVE-2025-1974: What You Need to Know
 
 

Ingress-nginx patches critical vulnerabilities in CVE-2025-1974, compelling users to upgrade for secure cluster management. Versions v1.12.1 and v1.11.5 eliminate these flaws. If an immediate upgrade isn't feasible, users should consider disabling the Validating Admission Controller.

 
 
kubernetes.io kubernetes.io
 
Fresh Swap Features for Linux Users in Kubernetes 1.32
 
 

Kubernetes 1.22 saw the debut of Alpha swap support, allowing Linux nodes to gracefully handle memory surges by relocating dormant data. By version 1.28, swap support advanced to Beta, bolstering stability, along with cgroup v2 integration, and smartly determining swap limits on its own. Pods in high-stakes environments stay swap-resistant to ensure memory is at hand. With cgroup v2 systems, swap usage now stands thwarted to protect node vitality. The swap feature is on a path to full availability, with plans for fine-tuned evictions and enhanced debugging.

 
 
www.wiz.io www.wiz.io
 
Remote Code Execution Vulnerabilities in Ingress NGINX   ✅
 
 

Wiz Research discovered some eyebrow-raising Remote Code Execution flaws in the Ingress NGINX Controller for Kubernetes. These flaws potentially jeopardize 43% of cloud environments, putting 6,500 clusters at risk of unauthorized tampering. Carrying a daunting CVSS v3.1 score of 9.8, these vulnerabilities in Ingress NGINX’s admission controller could lead to a full-blown cluster takeover. Swift patching is essential to fend off exposure to public and pod networks. So, it's not the time to take a coffee break. Get that patch moving!

 
 
kubernetes.io kubernetes.io
 
Kubernetes v1.33 sneak peek
 
 

In Kubernetes v1.33, the Endpoints API will be phased out in favor of EndpointSlices, ushering in benefits for features such as dual-stack networking. Pod User Namespaces, which first appeared in alpha form in v1.25, will become standard in v1.33. These namespaces bolster security without disrupting the current Pods.

 
 
techcommunity.microsoft.com techcommunity.microsoft.com
 
Key announcements for AKS from KubeCon Europe 2024
 
 

During KubeCon Europe 2024, Azure Kubernetes Service (AKS) introduced breakthroughs in AI toolchain management through its KAITO add-on, designed to boost cost-efficiency and security. Windows GPU support now fuels compute-heavy tasks, with advancements in fleet workload orchestration and cost analysis refining management. Embracing dual stack networking bolsters IP utilization and scalability.

 
 
www.infoq.com www.infoq.com
 
Google Cloud Announces Kubernetes History Inspector to Visualise Cluster Logs
 
 

Google Cloud introduces the Kubernetes History Inspector (KHI), a tool crafted to chronicle cluster logs in an orderly visual sequence, simplifying Kubernetes troubleshooting tasks. It utilizes Cloud Logging to fetch state details, displaying the information in a visual timeline. This lets users monitor component usage with ease, sidestepping the need for intricate query compositions.

 
 
 
🐾 From FAUNers
 
faun.pub faun.pub
 
Introduction to KCP?
 
 

KCP pioneers a fresh approach by providing a control plane for Kubernetes APIs that doesn't rely on having a cluster. It thrives in multi-tenant settings by introducing workspaces. Unlike Kubernetes, KCP zeroes in solely on the control plane, allowing for infrastructure agnosticism, streamlining management, and leaving the direct handling of workloads to other hands.

 
 

👉 Create your FAUN Page if it's not done yet and start sharing your blog posts, news, and tools on FAUN Developer Community, collect badges and more!
 

 
🔗 Stories, Tutorials & Articles
 
thenewstack.io thenewstack.io
 
Set Up a Cloud Native GPU Testbed With Nvkind Kubernetes
 
 

Kind utilizes Docker containers for managing cluster nodes, but GPU access is often elusive. However, Nvkind swoops in to simplify things by enabling GPU-aware clusters using just one Nvidia H100 GPU.

 
 
ahmet.im ahmet.im
 
Every pod eviction in Kubernetes, explained   ✅
 
 

Kubernetes governs pod lifecycles with various eviction techniques that can influence availability and sometimes disregard PodDisruptionBudgets. To address nodes under duress, Kubelet takes action. At the same time, eviction APIs, taints, and kube-schedulers oust pods according to priority. Configuring these elements aptly can avert unintentional pod terminations.

 
 
medium.com medium.com
 
IPA: Building AI driven Kubernetes Autoscaler   ✅
 
 
IPA revolutionizes Kubernetes scaling by deploying LLM-based AI for clever pod autoscaling. This approach delves into metrics and logs, suggesting the most efficient scaling tactics, leaving traditional static methods in the dust.
 
 
medium.com medium.com
 
Running PySpark on Kubernetes: Installation Guide & Cost Benefits
 
 

Apache Spark teams up with Kubernetes to tackle scalable data workloads. This duo enhances cost efficiency and permits dynamic resource allocation for big data analytics. By employing spot instances and autoscaling, organizations can slice costs by 40-60% while keeping things flexible across multiple clouds or on-premise.

 
 
www.armosec.io www.armosec.io
 
What is Runtime Security? A Detailed Guide
 
 

Runtime security fortifies container environments by vigilantly surveilling and thwarting threats, defending against kernel commandeers and container jailbreaks. Robust solutions harness behavioral analysis, machine learning, and AI to spot irregularities and shield cloud applications in real time, tackling a variety of vulnerabilities.

 
 
dzone.com dzone.com
 
Using KRaft Kafka for Development and Kubernetes Deployment
 
 

KRaft allows Kafka to ditch ZooKeeper, opting to crown its own leader server, making deployment a breeze. Docker setups make development a cinch, but Kubernetes configurations need just the right port tweaks for KRaft.

 
 
medium.com medium.com
 
Kubernetes Services: An In-Depth Guide   🔰
 
 
Kubernetes Services offer a reliable endpoint interface, unshackling applications from the ever-changing dance of pod IPs and simplifying scalability and maintenance. Meanwhile, Kube-proxy expertly choreographs traffic routes, wielding the power of iptables or IPVS modes to ensure seamless load balancing across the cluster. More service types are discussed.
 
 
www.loft.sh www.loft.sh
 
One giant Kubernetes cluster for everything
 
 

Kubernetes emerged to handle large-scale deployments gracefully, orchestrating thousands of nodes to skillfully juggle resources across sprawling systems. A giant cluster brings perks like centralized policies, resource balancing, and cost savings, but it teeters on the edge of pitfalls like larger failure repercussions and multi-tenancy headaches. A vCluster steps in as a remedy, isolating workloads and easing upgrades, ensuring the scalability of one large cluster while addressing its quirks.

 
 
 
⚙️ Tools, Apps & Software
 
github.com github.com
 
rohitg00/kubectl-mcp-server
 
 

A Model Context Protocol (MCP) server for Kubernetes that enables AI assistants like Claude, Cursor, and others to interact with Kubernetes clusters through natural language.

 
 
kaniuse.com kaniuse.com
 
Kaniuse - Kubernetes Feature Status Tracker   ✅
 
 
CloudFlare stumbled last night, causing ripples across the digital ocean as users encountered trouble accessing a multitude of websites worldwide.
 
 
github.com github.com
 
ExpediaGroup/container-startup-autoscaler
 
 

A Kubernetes controller that modifies the CPU and/or memory resources of containers depending on whether they're starting up, according to the startup/post-startup settings you supply.

 
 
github.com github.com
 
dockur/windows-arm
 
 

Windows for ARM in a Docker container.

 
 
github.com github.com
 
kagent-dev/kagent
 
 

 Cloud Native Agentic AI

 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤔 Did you know?
 
 
Did you know that Shopify runs on a massive monolith written in Ruby on Rails—nicknamed “The Rails Monolith”? While many companies move toward microservices, Shopify doubled down on monolith architecture for core services, arguing it simplifies development, testing, and deployment at scale. To handle its huge global traffic, Shopify supplements the monolith with carefully isolated services written in Go, and uses Kubernetes for orchestration. This hybrid approach lets them handle billions in e-commerce transactions every year—especially during massive spikes like Black Friday.
 
 
😂 Meme of the week
 
 
 
 
🗣️ Quote of the week
 
 
"It always takes longer than you expect, even when you take into account Hofstadter's Law." ~ The Hofstadter Law
 
 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

Kaptain #470: Every Pod Eviction Explained, Critical Ingress-nginx CVE and AI-Driven Kubernetes
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.