Allow loading remote contents and showing images to get the best out of this email.FAUN.dev's Kubernetes Weekly Newsletter
 
🔗 View in your browser.   |  ✍️ Publish on FAUN.dev   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
 
KubernetesLinks
 
This Week in Kubernetes, with Kaptain the Shark
 
 
📝 A Few Words
 
 
We shipped FAUN.quizzes().

Reading a tutorial feels like learning. It usually isn't. You nod along, close the tab, and retain almost nothing. Quizzes force recall, and recall is what makes knowledge stick.

Try this one: Kubernetes Deep Dive: QoS, Eviction, HPA, Probes, and Sidecars

And you're not limited to ours. You can create your own quiz on any topic and share it with your team, your audience, or the wider FAUN.dev() community: Create your quiz here!

Have a great week,
Aymen from FAUN.dev()
 
 
🔍 Inside this Issue
 
 
This batch lives at the intersection of kernel reality and platform ergonomics: eBPF-powered policy engines, energy attribution that deliberately avoids eBPF, and a UI that makes Cluster API feel less like archaeology. Underneath it all is the same tension: how to scale operations, observability, and even AI workflows without turning your cluster into a mystery novel.

🕸️ Building an Event-Driven Network Policy Engine with eBPF and Cilium
🧭 Introducing the Cluster API plugin for Headlamp
🔋 Kepler, re-architected: Improved power accuracy and a community call to action!
🧑‍🔧 Open source maintainership in the age of AI
📈 OTel and mesh-derived metrics: A 2026 reference
🤖 Why cloud native belongs at the heart of agentic AI: Lessons from building a multi-agent security platform on Kubernetes

Ship smarter, debug faster, sleep more.

See you in the next issue!
FAUN.dev() Team
 
 
⭐ Patrons
 
iacconf.com iacconf.com
 
Turn Terraform modules into self-service building blocks for humans and AI agents.
 
 
Terraform modules are often designed around what they do, not how easily humans or AI agents can use and reuse them. Join Jinger Meilani of MNTN to learn how to design IaC interfaces for humans, AI agents, and whatever comes next. Leave with concrete patterns that reduce misuse and help non-infrastructure developers get up to speed faster.

Register for free. July 14 | 12 PM EDT
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
⭐ Sponsors
 
faun.dev faun.dev
 
Local AI Engineering with Ollama
 
 
🎯 80% of my AI calls now run on my own hardware = 0 API bill for those.

Money wasn't the only point. I stopped paying rent on models my own machine can run. Most developers think running AI locally means weaker results and weekend hacking. So they keep paying per token, forever.

I spent the last 3 months building a different path in another way: local agentic AI with Ollama, LangChain, and MCP.

Then I wrote a book about it: "Local AI Engineering with Ollama".

28 modules, 91 sections, lifetime access and updates, a built-in AI assistant for your questions, and a 30-day money-back guarantee.

Get your copy on FAUN.sensei: Local AI Engineering with Ollama. Use code OLLAMA20 at checkout for 20% off. The code expires July 8, 2026 at 11:59 PM, so move before then.
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
🔗 Stories, Tutorials & Articles
 
kubernetes.io kubernetes.io
 
Open source maintainership in the age of AI
 
 
Kubernetes maintainers accept AI-assisted contributions when contributors disclose AI use, understand the code, and own the change. Maintainers test AI review tools to help them sort issues and pull requests.
 
 
cncf.io cncf.io
 
Why cloud native belongs at the heart of agentic AI: Lessons from building a multi-agent security platform on Kubernetes
 
 
In March, Willem Berroubache gave a talk at KubeCon + CloudNativeCon Europe 2026 in Amsterdam, addressing questions about building agentic AI on cloud native foundations. The internal security-operations platform at Orange Innovation utilizes A2A protocol for inter-agent coordination, MCP for environment integration, and Falco with eBPF intercepts for anomaly detection. The system is designed to shorten mean time to detect and respond, with agents organized as Kubernetes workloads and inter-agent traffic secured with mTLS.
 
 
kubernetes.io kubernetes.io
 
Introducing the Cluster API plugin for Headlamp
 
 
Headlamp is an open-source, extensible Kubernetes SIG UI project designed to let you explore, manage, and debug cluster resources directly from a browser. Cluster API (CAPI) is a Kubernetes sub-project that brings declarative, Kubernetes-style APIs to cluster lifecycle management. It lets platform teams provision, upgrade, and manage the lifecycle of Kubernetes clusters using standard Kubernetes objects stored and reconciled in a management cluster. Management of Cluster API resources historically required raw kubectl commands and deep familiarity with ownership hierarchies. The Headlamp Cluster API plugin brings visual clarity, faster debugging, and simplified operations for platform teams directly inside Headlamp.
 
 
howtech.substack.com howtech.substack.com
 
Building an Event-Driven Network Policy Engine with eBPF and Cilium
 
 
Running iptables -L on a node in a 500-node cluster can cause the terminal to freeze due to kube-proxy writing 40,000–60,000 rules across various chains. Conntrack tracks each flow with a global spinlock, becoming a bottleneck past 80,000 connections per second. Cilium replaces this path entirely by loading BPF programs at the Traffic Control (TC) ingress hook.
 
 
cncf.io cncf.io
 
Kepler, re-architected: Improved power accuracy and a community call to action!
 
 
Kepler maintainers rewrote Kepler to remove eBPF. They replaced privileged kernel tracing with read-only Linux process data to attribute energy use to Kubernetes workloads.
 
 
cncf.io cncf.io
 
OTel and mesh-derived metrics: A 2026 reference
 
 
A blog post by Mesut Oezdil, a DevOps Engineer from Buoyant, discusses how Linkerd's proxy provides network layer metrics with zero changes to application code. The post showcases the overlap and differences between mesh-derived metrics and OpenTelemetry metrics, along with the integration pattern to unify them in the same backend for analysis purposes.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
⭐ Supporters
 
bytevibe.co bytevibe.co
 
Git Happens - Developer T-Shirt
 
 
Every developer has force-pushed to the wrong branch at least once. The good ones own it.

This 100% cotton tee is for them. Classic fit, no side seams, no itchy interruptions while you're rebasing your reputation. Black or Irish Green, sizes S to 5XL.

Merge conflicts are forgivable. Bad swag isn't.

Shop now
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
💬 Discussions, Q&A & Forums
 
reddit.com reddit.com
 
Why does your company use Kubernetes?
 
 
 
 
 
⚙️ Tools, Apps & Software
 
github.com github.com
 
dengtaowei/usbtrace
 
 
eBPF-based USB subsystem tracer and diagnostic tool for Linux BSP.
 
 
github.com github.com
 
yehudacohen/applik8s
 
 
applik8s lets you build applications on the Kubernetes control plane with TypeScript.
 
 
github.com github.com
 
warp-tech/warpgate
 
 
Fully transparent SSH, HTTPS, Kubernetes, MySQL and Postgres bastion/PAM that doesn't need additional client-side software
 
 
github.com github.com
 
ccyrene/prism
 
 
A workload-identity bus for Kubernetes-aware eBPF — one stable identity for the scheduler, network, and tracing.
 
 
github.com github.com
 
aidansteele/microvm-fun
 
 
A sample repo showing Kubernetes running on a fleet of AWS Lambda MicroVMs, and the ability to SSH into MicroVMs
 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤔 Did you know?
 
 
Did you know that Kubernetes enforces a container's CPU limit by slicing time into 100 millisecond windows, and a container that spends its quota early is frozen until the next window opens? This mechanism, called CFS bandwidth control in the Linux kernel, can spike tail latency even when the node has idle CPU to spare, because the paused container is not allowed to borrow it. That is why some teams drop CPU limits on latency-sensitive services and lean on CPU requests for scheduling, watching for the telltale sign of a rising throttling counter while node usage stays low.
 
 
🤖 Once, SenseiOne Said
 
 
"Kubernetes makes failures repeatable, not rare; it scales your assumptions as faithfully as it scales your services. Containers give you portability by amputating context, and distributed systems charge interest on whatever you forgot. The real craft is deciding which truths to standardize and which ones to leave painfully local."

— SenseiOne
 

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

 
😂 Meme of the week
 
 
 
 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

KubernetesLinks #535: Why Cloud Native Belongs at the Heart of Agentic AI
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.