Kaptain

In the past days:

• A security breach in Red Hat's consulting GitLab instance led to the theft of 570GB of data.
• Anthropic launched Petri, a new open-source tool for AI safety audits.
• Microsoft released an open-source agent framework for AI.
• GitHub introduced post-quantum secure SSH.
• Azure introduced AKS Automatic, a new way to manage Kubernetes clusters.
• Perplexity rolled out its new AI browser to everyone.
• Alpine Linux shifted to a /usr-merged file system.
• And more!

Most news outlets wrote long articles about it - paragraphs upon paragraphs of text that take time to read and understand. We took a different approach:
Instead of walls of text, we show you the news as an AI-powered visual, a practical story map that highlights:

• The core facts in seconds
• How the players connect (people, tools, orgs)
• The timeline of what happened and when
• The key numbers that actually matter
• And more

All digested in minutes, not hours. We believe this is a smarter way to follow developer news. You can see some examples here https://faun.dev/news

This is the second week since the official launch of FAUN.news()! It's a new project and if you want to show your support, we'll be glad to hear your honest feedback! Hit the reply button!

Kubernetes is both the backbone and the bruise this week: from Azure’s manual restarts to sharper autoscaling and meshes that finally speak real HTTPS inside the cluster. Plus: Alpine’s /usr-merge, agent-native platforms, Node.js cost myths, and a detective story that unmasks a noisy pod—details and takeaways tucked into every link.

🏔️ Alpine Linux 3.23 Adopts /usr-Merged File System Layout
🚨 Azure Outage: Kubernetes Crash Hits Teams, Minecraft in EMEA Regions
🛠️ How I Built My Kubernetes Command Toolkit: A Journey from kubectl Chaos to Command Mastery
🔐 Internal HTTPS Routing in Istio.
🔦 Introducing Headlamp Plugin for Karpenter
🤖 Kubernetes for agentic apps: A platform engineering perspective
📊 Most Cloud-Native Roles are Software Engineers
💸 The Myths (and Costs) of Running Node.js on Kubernetes
🕵️‍♂️ Who’s Calling That API? A Detective Story from the Depths of EKS Networking

Ship smarter, keep the cluster calm, and make the next incident boring.

Have a great week!
FAUN.dev Team

Alpine 3.23 embraces the /usr-merge. Say goodbye to scattered /bin, /sbin, and /lib - they're now symlinks into /usr.

Why it matters: fewer packaging headaches, smoother containers, and a step closer to how the rest of Linux rolls.

A Kubernetes crash knocked out 30% of Azure Front Door’s capacity, pulling down Microsoft services across EMEA. No bad update to blame this time - just broken nodes. Engineers had to jump in, restart Kubernetes by hand, and fail over the Microsoft 365 portal to get things moving again.

Heavy bet on Kubernetes, but weak auto-recovery left a big hole in Azure’s failover game!

The new Headlamp Karpenter Plugin wires real-time autoscaling insight straight into the Headlamp UI. It shows Karpenter resources, live metrics, scaling moves—no kubectl spelunking required.

NodePools and NodeClaims get mapped to core Kubernetes objects. You can tweak configs in the UI, get validation on the spot, and instantly see what’s stalling pods or breaking scheduling.

System shift: Autoscaler visibility is crashing into the UI layer. Debugging clusters by click might be the new normal.

A production network got hammered by too many Auth0 token requests. The source? EKS workloads tucked behind a shared NAT Gateway. No easy trail.

Engineers stitched it together using VPC Flow Logs, pod-to-node maps, and some sharp Istio ServiceEntry logs. Even with Kubernetes CNI doing its NAT-obscuring thing, they pinned the blame on the exact pod.

Software Engineers still own the cloud-native job boards in 2025 - nearly 47% of all Kubernetes-tagged listings. DevOps holds onto second. But Platform Engineers just leapfrogged SREs, which have slid 30% since 2023.

Kubernetes struggles to scale Node.js efficiently due to a mismatch in resource usage patterns. Autoscaling can be sluggish with bursty traffic, leading to revenue risks and performance issues. Teams must rethink resource allocation and scaling strategies to optimize Node.js efficiency in Kubernetes and avoid unnecessary costs and complexities.

A dev-built Kubernetes CLI framework reshapes kubectl for how teams actually work. Commands get grouped by role - dev, SRE, sec, admin - instead of by resource.

It bakes in defaults for Kyverno policies, encourages muscle-memory workflows, and wires up real-time troubleshooting to shrink downtime in prod.

Agentic AI flips the old model. Instead of stateless, event-by-event workloads, we get stateful, self-steering systems that observe, reason, plan, and act - on loop.

Kubernetes steps up as the OS for this next phase. Boosted by platform engineering, it brings the right mix: ephemeral compute, persistent memory, tight orchestration, and a clean way to wire in tools.

Big picture: We’re moving from cloud-native microservices to something more alive - agent-native systems that think and adapt, not just react.

Istio finally brings internal HTTPS routing with SNI-based traffic rules. Services in the mesh can now talk over port 443—TLS fully intact. Just like in prod.

TLS terminates at the ingress gateway. Routing pivots on SNI, not headers. Which makes this much closer to real-world mTLS flows.

What’s the play? Use internal HTTPS in your E2E tests. It closes the gap between test and prod, locking in tighter infra parity.

K3s Docker GPU project for GPU-accelerated Python workloads in containers. It ships UV, CUDA 12.2, CuPy, NVIDIA GPU support, and K3s deployment with testing and monitoring

Manage resource overcommitment in Kubernetes clusters with the k8s-overcommit Operator. Optimize performance and efficiency effortlessly.

The immutable Linux meta-distribution for edge Kubernetes.

Modern image vulnerability scanning & patching platform with multi-tool integration.

Did you know that when a Kubernetes node stops responding, its pods can stay bound to it for several minutes before being recreated elsewhere? By default, the control plane waits about 40 seconds of missed heartbeats before marking the node NotReady, and then up to 5 minutes before force-deleting its pods. During that time, controllers still count those pods as running, delaying rescheduling until the eviction timeout expires.

"You traded vendor lock-in for control-plane lock-in and called it portability. Reconciliation turns outages into backlogs you ignore until controllers fall behind. Containers isolate processes, not consequences."
— SenseiOne

This week, we’re highlighting Jukka Forsgren — Senior Solutions Architect and GenAI Ambassador at AWS, serving as a field CTO for EMEA North accounts totaling over €100M ARR. He blends deep Kubernetes and agentic AI chops with hands-on delivery—building CDK/Python POCs, running Immersion Days/Game Days/Well-Architected sessions, and channeling customer feedback to service teams. 11× AWS Certified, RHCA, and CKA/CKAD, he’s the engineer you’ve seen at Slush and Red Hat Open Tour turning cloud strategy into shipped systems.