KubernetesLinks

AI is flooding devland while the cloud’s fault lines show—TypeScript crowns GitHub’s surge, US‑EAST‑1 face‑plants on DNS, and platform teams redraw boundaries with WASM and eBPF. If you’re weighing bare metal vs managed, tracing with LLMs, or hardening K8s without a sidecar, the links below carry the receipts—dive into the details.

🚀 AI Takes Over GitHub: TypeScript Tops the Charts as 36 Million New Developers Join the Platform
🚨 Amazon Apologizes for Major AWS Outage in US-EAST-1 Region
🏗️ AWS to Bare Metal Two Years Later: Answering Your Toughest Questions About Leaving AWS
🧭 Building a Kubernetes Platform — Think Big, Think in Planes
🧪 eBPF Beginner Skill Path
🧵 Grafana Tempo 2.9 Supercharges Distributed Tracing with LLM Integration
🛠️ Helm 4 Overview
🛡️ How to build highly available Kubernetes applications with Amazon EKS Auto Mode
📦 The State of OCI Artifacts for AI/ML
🔒 Zero Trust with Cilium : Enforcing mTLS in Kubernetes

Fewer blind spots, more leverage—go make it count.

Have a great week!
FAUN.dev() Team

Easily secure any site by putting SSL management on autopilot, supporting one-step validation and renewal via REST API.

Amazon just dropped EC2 P6e-GB200 UltraServers, packing NVIDIA GB200 Grace Blackwell chips. Built for running trillion-parameter AI models on Amazon EKS without losing sleep over scaling.

Under the hood: NVLink 5.0, IMEX, and EFAv4 stitch up to 72 Blackwell GPUs into one memory-coherent cluster per UltraServer. Fast lanes all the way through.

GitHub blew past 180M users in 2025, thanks in no small part to Copilot Free. It lit a fire under new devs - 80% used it in their first week.

TypeScript edged out Python and JavaScript to top the charts. AI repos? Over 4.3 million and climbing, double what they were two years ago.

Grafana Tempo 2.9 ships with experimental support for the Model Context Protocol (MCP) server. That means LLMs can now hook directly into distributed tracing via TraceQL - no duct tape required.

Big leap: probabilistic TraceQL metrics sampling gets dynamic controls, so you can fine-tune what flows through.

Search and query speeds -> Faster.
Multi-tenant trace visibility -> Now with clearer metrics.

A race condition in DynamoDB’s DNS stack lit up a major AWS outage in US-EAST-1, knocking out chunks of EC2, NLB, and various APIs. Recovery dragged over 15 hours, with throttling and backlog-clearing to unjam the pipes.

Bigger signal: Turns out DNS isn't just plumbing - it’s a critical fault line in cloud-native design. When it cracks, everything shakes.

NVIDIA's teaming up with Red Hat, Canonical, SUSE, CIQ, and Flox to get the CUDA Toolkit into third-party and native package managers. No more grabbing it off NVIDIA’s own repos - now it ships right to where devs already are.

Red Hat’s going all in. CUDA will come baked into RHEL, OpenShift, and Red Hat AI. That means faster AI app rollouts and tighter hooks into the broader ecosystem.

Cilium replaces sidecar proxies and runs mutual TLS (mTLS) right in the K8s data plane using eBPF. Fewer hops. Less mess.

It enforces identity-based policies at the source, handles dynamic cert rotation with SPIFFE and cert-manager, and pipes in real-time visibility through Hubble—even for encrypted traffic.

System shift: Cilium flips service mesh on its head with a sleek, identity-first approach built into the cluster itself.

The CNCF's Kubestronaut Program celebrates folks who knock out all four Kubernetes certs: KCNA, CKA, CKAD, and CKS. One engineer mapped their whole journey—exam overlaps, prep tactics, even wrangling a PSI Secure Browser bug on macOS. It’s a reminder: Kubernetes certs aren’t just checkboxes anymore. They’re a gauntlet.

Cloud DNS is the most cost-effective way to manage your domain names. You can use it with Free DNS or Premium DNS, depending on your needs. Our Cloud DNS service provides up to 10,000% uptime Service Level Agreement (SLA).

ClouDNS offers Free DNS zone migration for all new customers!

Broadcom underwent significant changes post-VMware acquisition, with emphasis on subscription-based pricing and portfolio simplification. Prashant Shenoy claims VCF lowered prices by 50%, challenging industry norms about AI workloads on bare metal versus virtualized environments. Integration pointedly shows improved clarity and strategic continuity.

OCI artifacts quietly leveled up. Over the last 18 months, they’ve gone from a niche hack to production muscle for AI/ML workloads on Kubernetes.

The signs? Clear enough:
KitOps and ModelPack landed in the CNCF Sandbox.
Kubernetes 1.31 got native support for Image Volume Source.
Docker pushed Model Runner to GA—with out-of-the-box support for GGUF models.

Bigger picture: OCI registries are becoming the default nerve center for model packaging, provenance, and deployment in K8s-native ML stacks. The ecosystem’s converging there - and fast.

Helm 4 ditches the old plugin model for a sharper, plugin-first architecture powered by WebAssembly. That means isolation/control, and deeper customization - if you're ready to adapt!

Post-renderers are now plugins. That breaks compatibility with earlier exec-based setups, so expect some rewiring. On the plus side, new plugin types give you more hooks into Helm's guts.

Other changes: digest-based chart installs (think immutability), support for multi-document values files, and cleaner deployment feedback thanks to better kstatus signals.

Big picture: Helm 4 redraws the plugin boundary. WASM runs the show. The CI/CD pipeline just got way more composable.

OneUptime ditched the cloud bill and rolled their own dual-site setup. Think bare metal, orchestrated with MicroK8s, booted by Tinkerbell, patched together with Ceph, Flux, and Terraform. Result? 99.993% uptime and $1.2M/year saved—76% cheaper than even well-optimized AWS.

They run it all with just ~14 engineer-hours/month. Thanks, Talos. The cloud's still in play, but only where it helps: archival, CDN, and burst capacity.

Thinking in planes, as introduced by the Platform Engineering reference model, helps teams describe their platform in a simple, shared language, turning a collection of tools into a platform. It forces you to think horizontally, connecting teams and technologies instead of adding more layers, creating a meaningful mindset shift for platform engineering success.

Amazon EKS Auto Mode now runs the cluster for you—handling control plane updates, add-on management, and node rotation. It sticks to Kubernetes best practices so your apps stay up through node drains, pod failures, AZ outages, and rolling upgrades.

It also respects Pod Disruption Budgets, Readiness Gates, and topology constraints every step of the way. How? It's been hammered with resilience tests and came through steady.

This hands-on path drops devs straight into writing, loading, and poking at basic eBPF programs with libbpf, maps, and those all-important kernel safety checks. It starts simple - with a beginner-friendly challenge - then dives deeper into the verifier and tools for runtime introspection.

Show your Kubernetes pride with the Kubectl Heavy Blend™ Hoodie — soft, durable, and built for long dev sessions or quick rollouts. This hoodie keeps you warm and ready to ship, whether you’re scaling clusters, sipping coffee or debugging last week incident :)

Did you know that client-go defaults to a QPS of 5 and a burst of 10 when interacting with the Kubernetes API server? These client-side rate limits can silently throttle operators and controllers during high-churn reconciliations - forcing slowdowns before API server scheduling (APF) ever kicks in.

"The more 'stateless' your service, the more state you encode in YAML and the control plane. We hid servers behind pods, then started debugging the distributed scheduler instead of the app. Containers simplify deployment, not complexity."
— SenseiOne

This week, we’re highlighting Gareth Roberts (PhD), a Principal AI Specialist at Culture Amp and former Head of AI at NEOS. From building containerised offline LLMs with RAG pipelines and LLM routers at Hyperpriors to shipping an AI-assisted insurance underwriter that reduced pre-assessment handling time, he brings a Python-first, neuroscience-grounded approach to responsible AI. Raised in a remote Western Australian mining town and now based in Sydney, he turns research into production without losing sight of safety and ethics.