Allow loading remote contents and showing images to get the best out of this email.FAUN.dev's Kubernetes Weekly Newsletter
 
🔗 View in your browser.   |  ✍️ Publish on FAUN.dev   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
 
KubernetesLinks
 
This Week in Kubernetes, with Kaptain the Shark
 
 
📝 A Few Words
 
 
I'm glad to announce my new book: GitOps the Hard Way, with Argo CD

Most Argo CD tutorials stop at "apply this, watch it sync". Then production reality hits: drifts, RBAC lockouts, repo-server OOM, secrets sitting in Git ..etc and you're on your own.

This book is the other path. 12 hands-on chapters from an empty cluster to automated deploys: Argo CD, Helm, ApplicationSets, GitLab CI/CD, Kubernetes and more! Every command ran against a live cluster and every manifest applies and syncs.

Build it the hard way once, you finish with a working artifact; an automated GitOps pipeline you assembled yourself, running on infrastructure you provisioned, that you can explain piece by piece.

20% off with GITOPS20, through June 30 -> Get it on FAUN.sensei()

Have a great week,
Aymen.
 
 
🔍 Inside this Issue
 
 
Kubernetes got a little sharper and a little weirder this week: VM benchmarking is finally getting grown-up tooling, signatures are getting out of your way, and the Dashboard era is officially over. Then there is the uncomfortable part: a default CoreDNS setting that makes it way too easy to lie with DNS.

🧪 Benchmarking KubeVirt performance with virtbench
🌍 Breaking free of a single datacenter: Practical geo-distributed AI operations with the k0smos platforms
🔏 Eliminating Kubernetes Image Signature Replication
🧭 From Dashboard to Headlamp: Understanding the Transition
🕳️ Kubernetes' Default CoreDNS Configuration is insecure

Steal the good ideas, fix the scary defaults, and ship with confidence.

See you in the next issue!
FAUN.dev() Team
 
 
⭐ Sponsors
 
bytevibe.co bytevibe.co
 
Kubectl - Developer T-Shirt
 
 
First thing you do on a fresh machine: alias k=kubectl

Second thing: buy the shirt.

"kubectl". The command you've typed more times than your own name. Now on 100% cotton, no side seams, runs true to size.

Buy now
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
🔗 Stories, Tutorials & Articles
 
kubernetes.dev kubernetes.dev
 
Eliminating Kubernetes Image Signature Replication
 
 
The Kubernetes image promoter no longer replicates container image signatures across regions. The rewrite drops that replication entirely, cuts latency, and simplifies the codebase, while keeping signature verification working seamlessly for end users.

Next, the project is moving to OCI 1.1 referrers for signature discovery, which opens the door to further improvements in how signatures are handled.
 
 
cncf.io cncf.io
 
Breaking free of a single datacenter: Practical geo-distributed AI operations with the k0smos platforms
 
 
This post discusses the challenges of leveraging distributed resources for AI workloads and the role of Kubernetes in addressing these challenges. The k0smos stack is highlighted as a solution for operating geo-distributed AI infrastructure, divided into three technical layers: k0s, k0smotron, and k0rdent. Field studies conducted using this stack demonstrate the feasibility of running AI workloads across dynamic, energy-aware orchestration models.
 
 
cncf.io cncf.io
 
Benchmarking KubeVirt performance with virtbench
 
 
Portworx released "virtbench," an open-source CLI that lets platform teams run reproducible KubeVirt benchmarks and assess VM readiness, rather than rely on pod health as a proxy.
 
 
kubernetes.io kubernetes.io
 
From Dashboard to Headlamp: Understanding the Transition
 
 
The Kubernetes Dashboard project has been archived, with Headlamp now carrying the legacy forward by offering a visual interface with enhanced capabilities like multi-cluster visibility and application-centric views.

Headlamp keeps familiar workflows, while expanding to support multi-cluster environments and application context with Projects. The UI can be extended with plugins, and Headlamp can be run in-cluster or as a desktop application based on user needs.
 
 
blog.kammel.dev blog.kammel.dev
 
Kubernetes' Default CoreDNS Configuration is insecure
 
 
CoreDNS pods insecure option is the default in Kubernetes as it allows for the creation of arbitrary DNS A records. Combined with wildcard SSL certs, it poses a security risk, highlighted by Cilium's handling of network policies in the face of DNS manipulation. Time to shift to a more secure DNS configuration!
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
⚙️ Tools, Apps & Software
 
github.com github.com
 
kubetail-org/kstack
 
 
Skill pack for Claude Code that helps you monitor and troubleshoot your K8s clusters superintelligently
 
 
github.com github.com
 
adinhodovic/compass
 
 
A landing page for your services, dashboards, and documents, discovered automatically from sources such as Docker, Kubernetes, and Tailscale.
 
 
github.com github.com
 
cozystack/blockstor
 
 
Free Software-Defined Storage System based on Kubernetes
 
 
github.com github.com
 
zeborg/kubekosh
 
 
Interactive Kubernetes Playground
 
 
github.com github.com
 
SametKUM/klustr
 
 
A native Kubernetes desktop client - nothing in your cluster. Helm, Argo CD, Flux CD, Gateway API & cert-manager built in.
 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤔 Did you know?
 
 
Did you know that Kubernetes will keep routing live traffic to a Pod that is functionally dead, as long as its readiness probe keeps returning success? A readiness probe is a small health check Kubernetes runs to decide whether a Pod should receive requests, and teams often aim it at a trivial endpoint that stays green even when the real request path is frozen. The liveness probe, which restarts stuck containers, shares the same blind spot when it checks that same shallow endpoint. The fix is to make your probes hit the actual code path real requests use, so a wedged Pod actually looks wedged.
 
 
🤖 Once, SenseiOne Said
 
 
"Kubernetes turns failure into a feature, then punishes you for pretending your service boundaries are real. Containers make things reproducible until the network reminds you the system is the product. The orchestration is deterministic; the behavior never is."
- SenseiOne
 

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

 
😂 Meme of the week
 
 
 
 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

KubernetesLinks #533: Benchmarking KubeVirt Performance With virtbench
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.