Allow loading remote contents and showing images to get the best out of this email.FAUN.dev's Kubernetes Weekly Newsletter
 
🔗 View in your browser.   |  ✍️ Publish on FAUN.dev   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
Kaptain
 
#Kubernetes #Docker #DistributedSystems
 
 
📝 A Few Words
 
 
Ingress-NGINX is being retired this month.

If you're still running it, migration can't wait.

The official tool to help: ingress2gateway - it reads
your existing Ingress resources and converts them to Gateway API equivalents.

One command to get started: ingress2gateway print --providers=ingress-nginx --all-namespaces

It supports ingress-nginx, Cilium, Istio, Kong, GCE, and more. Output is YAML you can review before applying anything. Not a silver bullet - custom annotations won't carry over - but it gets you 80% of the way there fast.

Have a great week,
Aymen
 
 
🔍 Inside this Issue
 
 
AI is pushing its way down into the network layer, while the rest of us are still arguing about the right amount of platform. This one bounces between pragmatic container ops, security workflows with LLMs, and a couple strong takes on when your tooling is doing more harm than good.

🧭 Announcing the AI Gateway Working Group
🛡️ How I Use LLMs for Security Work
🧪 NanoClaw + Docker Sandboxes: Secure Agent Execution Without the Overhead
🐳 Podman fixed every problem I had with Docker, and I switched in an afternoon
🧱 When Kubernetes Is the Wrong Default
🐧 Why I stopped using NixOS and went back to Arch Linux

Take the ideas, steal the tactics, skip the scars.

Stay safe out there.
FAUN.dev() Team
 
 
⭐ Patrons
 
eventbrite.com eventbrite.com
 
Build & Scale AI Workloads on Kubernetes, March 28th
 
 
Most AI workloads run fine in a demo and fall apart in production. GPU scheduling gets expensive, model serving chokes under real traffic, and your pipeline becomes a firefighting exercise. This 4-hour hands-on workshop fixes that. You'll build and deploy AI workloads on Kubernetes yourself. Walk away with a production-ready setup you can use at work on Monday.

FAUN.dev readers get 30% off with code FAUN30
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
ℹ️ News, Updates & Announcements
 
faun.dev faun.dev
 
NanoClaw + Docker Sandboxes: Secure Agent Execution Without the Overhead
 
 
NanoClaw fuses with Docker Sandboxes. It lets agents handle live data, run code, install packages, and collaborate inside isolated MicroVMs.

The open-source core spans 15 core files. It uses Claude Agent SDK to orchestrate setup, monitor runs, and tweak code via natural language. All within scoped secure boundaries.
 
 
👉 Enjoyed this?Read more news on FAUN.dev/news
 
🔗 Stories, Tutorials & Articles
 
developic.dpdns.org developic.dpdns.org
 
Why I stopped using NixOS and went back to Arch Linux
 
 
After a year on NixOS, the author reverted to Arch Linux. They blamed frequent breakage, rebuild loops, and unpredictable regressions after updates.

They flagged NixOS's reproducible config, isolated builds, and multi-generation installs. These swell disk use, force wide glibc rebuilds, and make updates slower than pacman.
 
 
kubernetes.io kubernetes.io
 
Announcing the AI Gateway Working Group
 
 
Kubernetes launched the AI Gateway Working Group. It will add standards and declarative APIs to make networking play nice with AI workloads and extend the Gateway API.

Active proposals attack two gaps. Payload processing inspects and transforms full HTTP payloads using declarative configs, ordered pipelines, and explicit failure modes. Egress gateways route outbound AI traffic out of the cluster.

This is a system shift. The group pushes AI-specific networking into the Gateway API, moving policy enforcement up to the platform so inference traffic follows standardized network rules.
 
 
devops-daily.com devops-daily.com
 
When Kubernetes Is the Wrong Default
 
 
The guide maps team size, workload shape, and time-to-value to three tiers: managed platforms, VMs, and Kubernetes.

It calls out Kubernetes bluntly: expect a 1–3 month delay to production. Expect ongoing consumption of 30–50% of one engineer. It only pays off for multi-region setups, complex networking, or teams with dedicated platform engineers.
 
 
dispatch.thorcollective.com dispatch.thorcollective.com
 
How I Use LLMs for Security Work
 
 
LLMs like Claude, Cursor, and ChatGPT help tackle complex problems, but prompting them like Google won't cut it. Use role-stacking for varied perspectives (e.g.: you are a senior security engineer and sr. software engineer with experience in Docker, Kubernete..) and always specify your tools for better output. Validate reasoning, ask for systems thinking, and iterate prompts for enhanced results in security work. Keep human judgment paramount; LLMs enhance, not replace, our critical thinking.
 
 
xda-developers.com xda-developers.com
 
Podman fixed every problem I had with Docker, and I switched in an afternoon
 
 
Author swapped Docker for Podman. The swap revealed CLI parity and minor networking and volume tweaks.

Podman eschews a central daemon. It runs containers as system processes and defaults to rootless via user namespaces. That cuts privilege exposure and trims baseline overhead.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
⭐ Supporters
 
bytevibe.co bytevibe.co
 
Linux Is Sexy - Long Sleeve Tee
 
 
Tux on your sleeve. Terminal humor on your chest. A shirt that makes the inside joke visible - built for hack nights, open-source meetups, or just your next sudo session. Soft, heavyweight cotton that actually holds its shape.

grab yours →
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
⚙️ Tools, Apps & Software
 
github.com github.com
 
linuxserver/docker-kali-linux
 
 
Web accessible Kali Linux with a KDE interface
 
 
github.com github.com
 
ghantakiran/ShieldOps
 
 
AI-Powered Autonomous SRE Platform — Autonomous agents for investigation, remediation, security, and learning across multi-cloud and on-prem infrastructure
 
 
github.com github.com
 
c0m4r/kula
 
 
Lightweight, self-contained Linux® server monitoring tool
 
 
github.com github.com
 
rertp/hetzner-flux-gitops
 
 
Manage Kubernetes infrastructure on Hetzner Cloud using FluxCD for streamlined GitOps workflows with ready-to-adapt configurations.
 
 
github.com github.com
 
bulwark-studio/bulwark
 
 
The open-source server command center that replaces Portainer + pgAdmin + Uptime Kuma + your deployment scripts — with 4 npm dependencies.
 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤔 Did you know?
 
 
Did you know that Kubernetes ConfigMap volume mounts do not update instantly? The kubelet propagates changes by atomically swapping a symlink to a new timestamped directory, but only after its periodic sync - which can take up to 2 minutes by default (sync period + cache TTL). If you mount using subPath, updates never propagate at all and a pod restart is required. Apps that need to react to config changes must explicitly watch for file updates rather than assuming the file reflects the latest state.
 
 
🤖 Once, SenseiOne Said
 
 
"Kubernetes makes the infrastructure programmable, then punishes you for programming it casually: every YAML shortcut becomes distributed behavior you have to debug at 3 a.m. Containers promise identical runtimes, but the differences you shipped are in the network, storage, and failure modes you ignored."

— SenseiOne
 

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

 
⚡Growth Notes
 
 
Leaving default service account tokens auto-mounted on every pod is the kind of misconfiguration that passes every functional test and fails every audit - any compromised workload in the cluster inherits enough API access to enumerate secrets, list nodes, and move laterally before anyone notices.
 
Each week, we share a practical move to grow faster and work smarter
 
😂 Meme of the week
 
 
 
 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

Kaptain #520: Announcing the AI Gateway Working Group
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.