Kaptain

Cloud‑native is getting opinionated, security is non‑negotiable, AI is standardizing, and Kubernetes hums in the background while platforms take the wheel. Start where it hurts, zero‑access control planes, portable inference, real backups, hardening, and a CKA cram, then keep going for the edges.

📈 2025's Cloud Native Reality Check: Who's In, Who's Lagging

🔒 Amazon Elastic Kubernetes Service gets independent affirmation of its zero operator access design

💾 AWS Backup now supports Amazon EKS

🤖 CNCF Launches Certified Kubernetes AI Conformance Program at KubeCon

🚀 KServe becomes a CNCF incubating project

🛡️ Microsoft Defender Now Blocks Pod Privilege Escalation

🎓 Prepare for the Kubernetes Administrator Certification and Pass

🧠 Streamline Complex AI Inference on Kubernetes with NVIDIA Grove

🖥️ Using Komodo to Run Docker Commands from a Web Interface

You’ve got the signal—now turn it into shipping speed.

Have a great week!
FAUN.dev() Team

Easily secure any site by putting SSL management on autopilot, supporting one-step validation and renewal via REST API.

Microsoft Defender for Cloud just dropped a preview of Restrict Pod Access, a new move to box in lateral movement and privilege creeps inside Kubernetes. Containers get chattier, it gets nosier.

Container image re-scans now hit every 30 days, but only for images currently in use. Less drift, more signal.

Support for scanning images from JFrog Artifactory and Docker Hub is out of preview and into GA.

56% of backend devs now count as cloud native. That rise tracks with heavy use of API gateways (50%) and microservices (46%). Only 30% touch Kubernetes directly, but hybrid (30%) and multi-cloud (23%) setups are gaining ground. The shift? Tighter security and chunkier, modular infra.

System shift: Cloud native isn’t all about Kubernetes anymore. It's leaning into internal platforms and MLaaS layers that spare developers from wrestling with bare-metal config.

NVIDIA released Grove, a Kubernetes API baked into Dynamo, to wrangle the chaos of modern AI inference. It pulls apart your big, messy model into clean, discrete chunks - prefill, decode, routing - and runs them like a single, orchestrated act.

The trick? Custom hierarchical resources. They let Grove handle startup order, gang scheduling, topology-aware placement, and multilevel autoscaling without breaking a sweat.

Why this matters: Grove turns AI inference into something Kubernetes can actually understand, declarative and dependency-aware. This is scheduling for large, multi-role models that live in the real world.

KServe is upgrading. The CNCF pulled it into incubation, backing it as the Kubernetes-native way to serve both generative and predictive AI. Translation: it’s not a side project anymore - it’s core infra.

Version 0.15 steps up with tighter integrations across the stack: vLLM, Envoy Gateway, llm-d, Knative, and Istio. The goal? Fully abstracted, scalable LLM inference. No hand-wiring. No mess.

Big picture: KServe’s new badge signals a shift toward standardized, production-ready orchestration in Kubernetes-first AI pipelines.

Amazon EKS just went full Fort Knox. It now runs on a zero operator access model - meaning even AWS can’t peek inside your Kubernetes control or data plane.

The setup leans on the Nitro System’s confidential compute, guarded APIs, and multi-party approval pipelines. NCC Group also kicked the tires and gave it the all-clear: no hidden backdoors for AWS staff.

CNCF just kicked off the Certified Kubernetes AI Conformance Program (beta). Think of it as a litmus test for running AI workloads on Kubernetes without duct tape and hope.

The spec lays down a reference architecture, GPU and networking test criteria, and an annual renewal loop. Full automation is on deck by v2.0 in 2026.

Big picture: Kubernetes is moving from "it runs AI if you squint hard enough" to a legit standard for portable, production-grade AI/ML workloads. Less chaos. More click-and-go.

AWS Backup just added support for Amazon EKS. Now you can back up cluster state and persistent volumes, no agents, no third-party hacks.

It handles scheduling, retention, and immutability out of the box. Restore full clusters or drill down to specific components, even across Regions and accounts.

Cloud DNS is the most cost-effective way to manage your domain names. You can use it with Free DNS or Premium DNS, depending on your needs. Our Cloud DNS service provides up to 10,000% uptime Service Level Agreement (SLA).

ClouDNS offers Free DNS zone migration for all new customers!

A tight 2-hour YouTube course built for the CKA exam grind. It's all real-world tasks: cluster setup, upgrades, troubleshooting. No fluff, just shell commands and Kubernetes in action.

It walks through the gritty bits: etcd backup and restore, node affinity, tolerations, and how to set up Ingress like someone’s job depends on it.

Komodo drops a slick browser-based UI for wrangling Docker - containers, images, networks, and Compose stacks - through a real-time visual dashboard. Think native Docker meets one-click redeploys, host curation via agents, and reusable container configs that don’t make you hate YAML.

See why GitOps often feels like a sprawl of configs, discover how to manage Configuration as Data for your Kubernetes platform, and learn how ConfigHub can help.

Show your Kubernetes pride with the Kubectl Heavy Blend™ Hoodie — soft, durable, and built for long dev sessions or quick rollouts. This hoodie keeps you warm and ready to ship, whether you’re scaling clusters, sipping coffee or debugging last week incident :)

The Cloud-Native API Gateway and AI Gateway

Monitor and restart unhealthy, killed, or stopped Docker containers according to a user-defined restart policy, including any dependent containers.

MCP server connecting to Kubernetes

Your own self-hosted infra for lightweight VM sandboxes to safely execute untrusted code. CLI, API, Python SDK.

Did you know that EndpointSlice in Kubernetes was created to avoid huge Endpoints objects that might breach etcd’s API-request size limit? The new resource shards large Services into slices (default up to 100 endpoints each) so updates become incremental and watch traffic shrinks.

"Kubernetes makes desired state trivial to declare and causality painful to reconstruct. Containers free you from the host, while the distributed system binds you to timeouts, backoffs, and partitions. The control plane is eventually consistent; your incident report isn’t."
— SenseiOne

This week, we’re highlighting Corina Taban, a Founder of 934 Leadership Advisors and Researcher & Doctoral Candidate at Grenoble Ecole de Management. A former Microsoft and Meta negotiator, she led multi‑million‑dollar partnerships with C‑level teams and now builds research‑backed leadership programs for tech companies grounded in organizational behavior and psychology. Her doctoral work on the psychological contract was recognized at the 2025 Academy of Management Global Conference, and she was named among the McKinsey Next Generation Women Leaders, having lived in five countries.