Kaptain

FAUNSensei is almost here.

As you may know, we're launching our new platform where developers don’t just learn — they teach, share, and earn from their expertise.

You can turn your experience into premium courses, and reach hundreds of learners hungry for practical content. You focus on teaching — FAUNSensei handles the rest.

And if you're here to learn? You'll find battle-tested lessons from engineers who've actually done the work.

👉 Join the early access list to be the first to know when we go live.

Kubernetes is shedding its old skin—from revolutionary new security measures to APIs that are changing the game. This week, plunge into security that's baked into your pipeline, a Kubernetes gateway that's raising the bar, and a fresh new look at Docker builds that torch inefficiency.

🔍 20 Best Kubernetes Monitoring Tools in 2025
📝 Azure Kubernetes Cluster with Terraform
💡 Choosing the Best Kubernetes API Gateway
🚧 Debugging the One-in-a-Million Failure: Pinterest's Story
🛡️ Docker Scout for Vulnerability management
📜 From Borg to Broken: why Kubernetes 2.0 is an apology letter
⚡ How to use cache mounts to speed up Docker builds
🔋 Implementing High-Performance LLM Serving on GKE
🌀 Talos Linux for Kubernetes: Never Look Back
👋 Retiring Docker Content Trust


Read. Think. Ship. Dive into the new era of Kubernetes.

Have a great week!
FAUN.dev Team

Why the next generation of tooling is built for developers, not ops. From always-on profiling to AI-driven root cause analysis, here's what modern observability looks like when it’s developer-native.

👉 Read the article

Kubernetes v1.34 lands in August 2025. It brings Dynamic Resource Allocation (DRA) to stable—structured resource requests, CEL filtering, and support for GPUs and custom gear. Built on new API types. Finally.

Kubelet and API Server tracing level up with OpenTelemetry. Stable's the goal.

Per-HPA autoscaling tolerance? More tuning knobs—hitting beta.

ServiceAccount token-based image pulls jump to beta. They'll be on by default.

And then there's KYAML—a stripped-down, safer YAML. kubectl gets a new output format. More guardrails, fewer footguns.

System shift: Kubernetes leans harder into identity-aware auth, smarter autoscaling, and tighter device orchestration. More control. Better traceability. Built for hairy workloads.

Amazon EKS cranked up its gear—you can now spin up clusters with a staggering 100,000 nodes at your beck and call. That’s a cozy home for either 1.6 million AWS Trainium chips or 800,000 NVIDIA GPUs. Welcome to the playground for ultra-scale AI/ML.

Performance soars skyward by ditching old etcd consensus and diving into in-memory databases. Watch out for Karpenter: it's got a flair for spinning new static node pools and turbocharging capacity. Deploy at eye-watering speeds: up to 2000 nodes per minute. It's unapologetically fast.

Docker’s sunsetting Docker Content Trust (DCT) in 2025, starting with Docker Official Images. Not many used it, and Notary v1 is toast. So they’re moving to modern signing tools like Sigstore and Notation. Migration guides are on the way.

What’s really happening: The container world’s ditching old trustboxes for signing systems that actually scale and get maintained.

Kubernetes lets you override a container’s CMD and ENTRYPOINT with the command and args fields in your Pod spec. But don’t expect to change them after the Pod’s spun up—this isn’t Docker. No runtime flags here.

Freshworks optimized AWS EKS with Karpenter to handle diverse instance types, reduce costs, and achieve seamless node provisioning, disruptions, and terminations with minimal impact to service availability and resource utilization.

Migrating Pinterest's search infrastructure to Kubernetes—toasty, right? But it tripped over a rare hiccup: sluggish 5-second latencies. The culprit? cAdvisor, overzealously spying on memory like a helicopter parent. Flicking off WSS? Problem evaporated.

Key takeway: Migrating complex systems to Kubernetes can expose rare performance issues caused by unexpected interactions between infrastructure monitoring tools and memory-intensive workloads — often resolved by carefully tuning or disabling intrusive defaults.

Talos Linux—an OS stripped down to the essentials and locked tighter than a production firewall—now boots cleanly as a VM on Proxmox, playing nice with full KVM/QEMU support. No shell, read-only filesystem, all wired for Kubernetes via talosctl.

System shift: Devs are tossing old-school VM stacks for bare-metal vibes. Minimal OSes like Talos run lean, talk Kubernetes natively, and dodge the bloat.

Spin up a production-grade AKS cluster with Terraform, but skip the hand-wavy theory. This new hands-on project gets into the weeds—RBAC, autoscaling, network policies, IP lockdowns, and yes, Azure Monitor wired up for observability out of the gate. Costs? Controlled. Infra? All code.

It’s IaC for teams who don’t want to babysit clusters—or bleed budget while they scale.

Kubernetes 2.0 is kicking YAML to the curb. After years of living and breathing .yaml files, the project is eyeing a hard break. Maintainers haven’t said it outright, but the message is clear: YAML isn’t cutting it anymore.

System shift: This could signal a real usability reboot—maybe even a less painful way to wrangle K8s configs. Time to unlearn what you think you know about orchestration.

Neoclouds democratize GPU access but lack the orchestration layer ML teams need. SkyPilot bridges the gap with AI-native control that automates multi-cluster workflows seamlessly, enabling efficient model training without Kubernetes expertise.

Docker Scout now scans Azure Linux 3.0 containers for CVEs in real time—right in your pipeline. It spots vulns by layer, shows you how to fix them, and plays nice with Docker, Azure DevOps, and GitHub Actions.

Security scanning isn't extra credit anymore. It's shipping with the build.

Depot just dropped NVMe-backed cache mounts—persistent, high-speed, and wired for true incremental Docker builds. Yes, even in ephemeral CI.

It hooks into native BuildKit cache mounts, supporting both shared and exclusive access. No more fragile registry caches. No more arcane CI cache duct tape.

The Kubernetes Gateway API hit v1.0 and is officially stable. It's a clean break from the old Ingress model, bringing modular, role-aware, multi-protocol control. Core players: Gateway, GatewayClass, and HTTPRoute.

On the flip side, Kong Gateway is losing ground. The newer kids—Envoy Gateway and kgateway—are rising fast. Both are Kubernetes-native, CNCF-backed, and based on Envoy. They're easier to extend, mesh-friendly, and already eyeing AI traffic handling.

The real shift: Kubernetes networking is lining up behind Envoy and the Gateway API. That changes the game for ingress, service mesh, and API traffic flow.

vCluster cuts Kubernetes infra costs by running virtual clusters as pods inside a shared host. No more spinning up full control planes for every tenant.

Its lean Syncer filters API traffic to keep clusters from melting down. Shared controllers and a built-in sleep mode keep idle workloads quiet—and cheap.

System shift: vCluster flips the script on Kubernetes multi-tenancy. Think high-density, low-drama environments with almost no overhead.

Meet the GKE Inference Gateway—a swaggering rebel changing the way you deploy LLMs. It waves goodbye to basic load balancers, opting instead for AI-savvy routing. What does it do best? Turbocharge your throughput with nimble KV Cache management. Throw in some NVIDIA L4 GPUs and Google's model artistry, and scaling those gnarly generative AI workloads becomes easier. No bottleneck sweating necessary.

Kubernetes monitoring isn't just about scraping metrics anymore. It's grown up into full-stack observability—metrics, logs, traces, plus flashy toys like AI-powered anomaly detection, real-time dashboards, and distributed tracing that actually works.

The big players—Prometheus, Grafana, Datadog, Dynatrace—plug straight into your Kubernetes setup. They auto-discover services, wire in alerts (native or CRD-based), and make sure you're watching the stuff that matters.

TypeScript Client for Kubernetes

KubeElasti is a Kubernetes-native solution that offers scale-to-zero functionality when there is no traffic and automatic scale up to 1 when traffic arrives.

DPRS (Docker PRocesS Manager) is a terminal user interface for managing Docker containers and monitoring their logs. Built with a focus on reliability, usability, and efficient container management.

Google Cloud Karpenter Provider

Modern Docker Management, Designed for Everyone

Did you know Kubernetes was born out of Google’s internal Borg system and open‑sourced in mid‑2014 with support for namespaces from day one? Network policies to enforce inter‑pod communication controls were only introduced later, becoming stable in Kubernetes 1.7 around late 2017.

"In a world where containers promise to isolate, remember they're only as lonely as the interconnected web allows; Kubernetes orchestrates a symphony of self-sufficient dependencies."
— SenseiOne

Meet Peter Stoyanov,a Software Engineer at Amusnet Interactive in Sofia, Bulgaria, where he applies a strong grasp of Workload Prioritization and Database Systems. Peter transitioned from a Software Engineer Intern to a full-time role, building on his foundation in MySQL and Git, alongside 31 other notable skills.