Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Anthropic
π° $405K to $485K a year
Remote from the United States of America
β https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with OpenAI
π° $364.5K to $490K a year
Remote from the United States of America
β https://ku.bz/NXd17JHfV
DevSecOps Engineer with Faire
π° $268K to $368.5K a year
Remote from the United States of America, Canada, the United Kingdom (+1 more)
β https://ku.bz/6dD8HVYdT
DevSecOps Engineer with Perplexity
π° $220K to $405K a year
Fully remote
β https://ku.bz/rnYh0TMpt
DevSecOps Engineer with xAI
π° $180K to $440K a year
On-site in Palo Alto, CA, USA, Washington, DC, USA
β https://ku.bz/fk6J-Tflt
π Browse 5267 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Anthropic
π° $405K to $485K a year
Remote from the United States of America
β https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with OpenAI
π° $364.5K to $490K a year
Remote from the United States of America
β https://ku.bz/NXd17JHfV
DevSecOps Engineer with Faire
π° $268K to $368.5K a year
Remote from the United States of America, Canada, the United Kingdom (+1 more)
β https://ku.bz/6dD8HVYdT
DevSecOps Engineer with Perplexity
π° $220K to $405K a year
Fully remote
β https://ku.bz/rnYh0TMpt
DevSecOps Engineer with xAI
π° $180K to $440K a year
On-site in Palo Alto, CA, USA, Washington, DC, USA
β https://ku.bz/fk6J-Tflt
π Browse 5267 jobs on Kube Careers https://kube.careers
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Rohit Agrawal from Databricks on replacing Kubernetes networking with a proxy-less, client-side load balancing system and eliminating 20-30% over-provisioning across hundreds of services.
You will learn:
- Why KubeProxy's L4 routing breaks down for gRPC: it picks a backend once per connection, not per request
- How Databricks built an Endpoint Discovery Service that streams real-time pod metadata to every client
- How zone-aware spillover cuts cross-AZ costs without sacrificing availability
- Why CPU-based routing failed and what signals to use instead
Watch (or listen to) it here: https://ku.bz/y803JMhBk
π Sponsored by LearnKube β Kubernetes training, online or in-person. https://learnkube.com/training
With @Birthmarkb
You will learn:
- Why KubeProxy's L4 routing breaks down for gRPC: it picks a backend once per connection, not per request
- How Databricks built an Endpoint Discovery Service that streams real-time pod metadata to every client
- How zone-aware spillover cuts cross-AZ costs without sacrificing availability
- Why CPU-based routing failed and what signals to use instead
Watch (or listen to) it here: https://ku.bz/y803JMhBk
π Sponsored by LearnKube β Kubernetes training, online or in-person. https://learnkube.com/training
With @Birthmarkb
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 178:
π₯ Kubernetes Remote Code Execution via nodes/proxy Get Permission
π¦ AetΓ²s: From Chaos to Engineering Excellence β A 3-Year Transformation
βΈοΈ Kubernetes v1.35: Extended Toleration Operators to Support Numeric Comparisons
π Reducing Complexity By Migrating from K8S to ECS Fargate for NetworkLessons
ποΈ Database State Management in Kubernetes: Running SQL Server on AKS with GitOps
Read it now: https://kube.today/issues/178
βοΈ This newsletter is brought to you by StormForge by CloudBolt. Stop setting Kubernetes requests. Let ML handle rightsizing https://ku.bz/2wYKp0Q2Y
π₯ Kubernetes Remote Code Execution via nodes/proxy Get Permission
π¦ AetΓ²s: From Chaos to Engineering Excellence β A 3-Year Transformation
βΈοΈ Kubernetes v1.35: Extended Toleration Operators to Support Numeric Comparisons
π Reducing Complexity By Migrating from K8S to ECS Fargate for NetworkLessons
ποΈ Database State Management in Kubernetes: Running SQL Server on AKS with GitOps
Read it now: https://kube.today/issues/178
βοΈ This newsletter is brought to you by StormForge by CloudBolt. Stop setting Kubernetes requests. Let ML handle rightsizing https://ku.bz/2wYKp0Q2Y
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Anthropic
π° $405K to $485K a year
Remote from the United States of America
β https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with OpenAI
π° $364.5K to $490K a year
Remote from the United States of America
β https://ku.bz/NXd17JHfV
DevSecOps Engineer with Faire
π° $268K to $368.5K a year
Remote from the United States of America, Canada, the United Kingdom (+1 more)
β https://ku.bz/6dD8HVYdT
DevSecOps Engineer with Perplexity
π° $220K to $405K a year
Fully remote
β https://ku.bz/rnYh0TMpt
DevSecOps Engineer with Veeam Software
π° $172.4K to $441.5K a year
Remote from the United States of America
β https://ku.bz/lhKbTMggn
π Browse 5950 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Anthropic
π° $405K to $485K a year
Remote from the United States of America
β https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with OpenAI
π° $364.5K to $490K a year
Remote from the United States of America
β https://ku.bz/NXd17JHfV
DevSecOps Engineer with Faire
π° $268K to $368.5K a year
Remote from the United States of America, Canada, the United Kingdom (+1 more)
β https://ku.bz/6dD8HVYdT
DevSecOps Engineer with Perplexity
π° $220K to $405K a year
Fully remote
β https://ku.bz/rnYh0TMpt
DevSecOps Engineer with Veeam Software
π° $172.4K to $441.5K a year
Remote from the United States of America
β https://ku.bz/lhKbTMggn
π Browse 5950 jobs on Kube Careers https://kube.careers
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
Nicholaos Mouzourakis, Staff Product Security Engineer at Gusto, explains a fascinating performance issue they encountered when deploying Open Policy Agent in Kubernetes. He details how Go's default thread management clashed with Kubernetes CPU resource limits, causing significant performance degradation.
The core issue: Go automatically spawns threads equal to the number of CPU cores reported by the OS (8 in their case), but Kubernetes with a 750 millicore limit only allowed access to 75% of a single core. This meant all 8 Go threads were competing for limited CPU resources, creating what he describes as "context switch thrashing."
Nicholaos shares how they diagnosed this problem and the counterintuitive solution - reducing
Watch the full episode: https://kube.fmhttps://ku.bz/S-2vQ_j-4
The core issue: Go automatically spawns threads equal to the number of CPU cores reported by the OS (8 in their case), but Kubernetes with a 750 millicore limit only allowed access to 75% of a single core. This meant all 8 Go threads were competing for limited CPU resources, creating what he describes as "context switch thrashing."
Nicholaos shares how they diagnosed this problem and the counterintuitive solution - reducing
GOMAXPROCS from 8 to 2 - which immediately improved performance.Watch the full episode: https://kube.fmhttps://ku.bz/S-2vQ_j-4
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 179:
βοΈ CloudEvents: The Missing Standards of Event-Driven Architecture
π₯ A Field Guide to Sandboxes for AI
π Securing East-West Traffic with GKE Internal Gateway
π₯ Designing for Failure: Chaos Engineering Best Practices
π Building a Centralized Multi-Account AWS Monitoring Platform
Read it now: https://kube.today/issues/179
βοΈ This newsletter is brought to you by Portworx. Automate, protect, and unify data for modern applications across on-premises, public, and hybrid cloud environments https://ku.bz/sjN4qdbrL
βοΈ CloudEvents: The Missing Standards of Event-Driven Architecture
π₯ A Field Guide to Sandboxes for AI
π Securing East-West Traffic with GKE Internal Gateway
π₯ Designing for Failure: Chaos Engineering Best Practices
π Building a Centralized Multi-Account AWS Monitoring Platform
Read it now: https://kube.today/issues/179
βοΈ This newsletter is brought to you by Portworx. Automate, protect, and unify data for modern applications across on-premises, public, and hybrid cloud environments https://ku.bz/sjN4qdbrL
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Anthropic
π° $405K to $485K a year
Remote from the United States of America
β https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with OpenAI
π° $364.5K to $490K a year
Remote from the United States of America
β https://ku.bz/NXd17JHfV
DevSecOps Engineer with Faire
π° $268K to $368.5K a year
Remote from the United States of America, Canada, the United Kingdom (+1 more)
β https://ku.bz/6dD8HVYdT
DevSecOps Engineer with Mercor
π° $130K to $500K a year
On-site in San Francisco, CA, USA
β https://ku.bz/Hs5qfr1h2
DevSecOps Engineer with Perplexity
π° $220K to $405K a year
Fully remote
β https://ku.bz/rnYh0TMpt
π Browse 6284 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Anthropic
π° $405K to $485K a year
Remote from the United States of America
β https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with OpenAI
π° $364.5K to $490K a year
Remote from the United States of America
β https://ku.bz/NXd17JHfV
DevSecOps Engineer with Faire
π° $268K to $368.5K a year
Remote from the United States of America, Canada, the United Kingdom (+1 more)
β https://ku.bz/6dD8HVYdT
DevSecOps Engineer with Mercor
π° $130K to $500K a year
On-site in San Francisco, CA, USA
β https://ku.bz/Hs5qfr1h2
DevSecOps Engineer with Perplexity
π° $220K to $405K a year
Fully remote
β https://ku.bz/rnYh0TMpt
π Browse 6284 jobs on Kube Careers https://kube.careers
Forwarded from LearnKube news
Master Kubernetes with LearnKube's Advanced Kubernetes workshop!
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts next week: https://learnkube.com/training
We also run in-person courses and private training: https://learnkube.com/corporate-training
What should you expect?
- Learn how to architect and design clusters from the ground up (in the cloud or on-prem).
- Explore the Kubernetes internal component and how the system is designed with resiliency in mind.
- Deep-dive into the networking components and observe the packets flowing into the cluster.
- Hands-on labs to test the theory with real-world scenarios!
- And more.
The next course starts next week: https://learnkube.com/training
We also run in-person courses and private training: https://learnkube.com/corporate-training
Cilium Policy Generator, watches dropped flows in real time, and auto-generates CiliumNetworkPolicy YAML files to allow them β so you stop writing policies by hand in default-deny Cilium clusters.
More: https://ku.bz/hZYF4XgL_
More: https://ku.bz/hZYF4XgL_
X.509 Certificate Exporter is a Go-based Prometheus exporter that monitors certificate expiration inside Kubernetes clusters or as a standalone service, helping teams alert before TLS certificates expire.
More: https://ku.bz/BPXM_D-v2
More: https://ku.bz/BPXM_D-v2
Forwarded from LearnKube news
The Kubernetes control plane is where the cluster accepts changes, stores the desired state, and decides what happens next.
In this series of articles, you will learn:
- How the API server handles authentication, authorization, admission, and storage
- How etcd stores the cluster state and why it can become a bottleneck at scale
- How the controller manager turns intent into actions through reconciliation loops
- How the scheduler filters and ranks nodes before placing Pods
https://learnkube.com/kubernetes-control-plane
π If you want to level up your Kubernetes knowledge, the next LearnKube training starts this Thursday:
https://learnkube.com/training
In this series of articles, you will learn:
- How the API server handles authentication, authorization, admission, and storage
- How etcd stores the cluster state and why it can become a bottleneck at scale
- How the controller manager turns intent into actions through reconciliation loops
- How the scheduler filters and ranks nodes before placing Pods
https://learnkube.com/kubernetes-control-plane
π If you want to level up your Kubernetes knowledge, the next LearnKube training starts this Thursday:
https://learnkube.com/training
This tutorial teaches how to build a cert-manager external issuer that uses a YubiHSM 2 to sign TLS certificates via Go's crypto.Signer interface.
More: https://ku.bz/b9GlYRS88
More: https://ku.bz/b9GlYRS88
Forwarded from KubeFM
Media is too big
VIEW IN TELEGRAM
A special episode on KubeFM, and a slightly different subject than usual.
Kelsey Hightower, Eric Abercrombie, and Julius Payne II join Bart to explore what hip-hop can teach us about Kubernetes and how music, creativity, and lived experience shape how we think about technology.
You will learn:
- Why fundamentals, patience, and repetition still matter more than shortcuts
- How Kubernetes, community, and confidence intersect for people entering cloud-native work
- What hip-hop, production, and storytelling can teach us about ownership, authenticity, and finding your voice
Watch (or listen to) it here: https://ku.bz/czrCCXSLt
π This episode is brought to you by LearnKube β get started on your Kubernetes journey through comprehensive online, in-person, or remote training: https://learnkube.com/training
With @Birthmarkb
Kelsey Hightower, Eric Abercrombie, and Julius Payne II join Bart to explore what hip-hop can teach us about Kubernetes and how music, creativity, and lived experience shape how we think about technology.
You will learn:
- Why fundamentals, patience, and repetition still matter more than shortcuts
- How Kubernetes, community, and confidence intersect for people entering cloud-native work
- What hip-hop, production, and storytelling can teach us about ownership, authenticity, and finding your voice
Watch (or listen to) it here: https://ku.bz/czrCCXSLt
π This episode is brought to you by LearnKube β get started on your Kubernetes journey through comprehensive online, in-person, or remote training: https://learnkube.com/training
With @Birthmarkb
Forwarded from Kube Today
New report: Immutable OS for Kubernetes
Weβve published a new report on how teams manage Kubernetes node OSes in practice.
Based on 2,138 responses across 4 platforms, the report examines node updates, incident response, CVE patch windows, and OS customization. The results suggest that immutable-node operations are becoming more common, but the hard part is still operational: building reliable image pipelines, observability, and rollout processes around the base OS.
Read the full report:
https://kube.today/immutable-linux-kubernetes-2026
βοΈ This research was sponsored by Spectro Cloud. If you want to explore an immutable OS built for Kubernetes, check out Hadron OS:
https://ku.bz/P5Gj9c18t
Weβve published a new report on how teams manage Kubernetes node OSes in practice.
Based on 2,138 responses across 4 platforms, the report examines node updates, incident response, CVE patch windows, and OS customization. The results suggest that immutable-node operations are becoming more common, but the hard part is still operational: building reliable image pipelines, observability, and rollout processes around the base OS.
Read the full report:
https://kube.today/immutable-linux-kubernetes-2026
βοΈ This research was sponsored by Spectro Cloud. If you want to explore an immutable OS built for Kubernetes, check out Hadron OS:
https://ku.bz/P5Gj9c18t
Forwarded from Kube Architect
This article explains how ListenerSet in Gateway API v1.5 separates listeners from Gateways so teams can restore self-service TLS management across namespaces and scale beyond the old listener limit.
More: https://ku.bz/s-5QsVS_T
More: https://ku.bz/s-5QsVS_T
k8s-mechanic watches for pod crashes, degraded Deployments, and NotReady nodes, spawns a read-only in-cluster agent that investigates the failure and opens a PR on your GitOps repo with secret redaction, prompt injection detection, and a pentest report.
More: https://ku.bz/Xg8shhsZb
More: https://ku.bz/Xg8shhsZb
Forwarded from LearnKube news
This week on Learn Kubernetes Weekly 180:
π₯ Hidden Infrastructure Challenges in Distributed LLM Inference on Kubernetes
π― Simplifying Model Serving with Kubernetes and Ray: Inside DoubleVerify's ML Platform
π₯ Lazy-Pulling Container Images: A Deep Dive into OCI Seekability
π₯ Building eBPF-Based Bandwidth Limiting in AWS Network Policy Agent β Why Vibe Coding Isn't Enough
π Slurm on Kubernetes (SUNK): Modernizing HPC and AI Workload Management
Read it now: https://kube.today/issues/180
βοΈ This newsletter is brought to you by Portworx. Automate, protect, and unify data for modern applications across on-premises, public, and hybrid cloud environments https://ku.bz/sjN4qdbrL
π₯ Hidden Infrastructure Challenges in Distributed LLM Inference on Kubernetes
π― Simplifying Model Serving with Kubernetes and Ray: Inside DoubleVerify's ML Platform
π₯ Lazy-Pulling Container Images: A Deep Dive into OCI Seekability
π₯ Building eBPF-Based Bandwidth Limiting in AWS Network Policy Agent β Why Vibe Coding Isn't Enough
π Slurm on Kubernetes (SUNK): Modernizing HPC and AI Workload Management
Read it now: https://kube.today/issues/180
βοΈ This newsletter is brought to you by Portworx. Automate, protect, and unify data for modern applications across on-premises, public, and hybrid cloud environments https://ku.bz/sjN4qdbrL
This article explains how to secure production debugging in Kubernetes with least-privilege RBAC, controlled exec access, ephemeral containers, and short-lived just-in-time credentials for on-call teams.
More: https://ku.bz/k0qGtqj-d
More: https://ku.bz/k0qGtqj-d
Forwarded from Kube Careers
This week's 6 best Kubernetes vacancies that focus on security are:
DevSecOps Engineer with Anthropic
π° $405K to $485K a year
Remote from the United States of America
β https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with OpenAI
π° $364.5K to $490K a year
Remote from the United States of America
β https://ku.bz/NXd17JHfV
DevSecOps Engineer with Faire
π° $268K to $368.5K a year
Remote from the United States of America, Canada, the United Kingdom (+1 more)
β https://ku.bz/6dD8HVYdT
DevSecOps Engineer with Mercor
π° $130K to $500K a year
On-site in San Francisco, CA, USA
β https://ku.bz/Hs5qfr1h2
DevSecOps Engineer with Perplexity
π° $220K to $405K a year
Fully remote
β https://ku.bz/rnYh0TMpt
π Browse 6598 jobs on Kube Careers https://kube.careers
DevSecOps Engineer with Anthropic
π° $405K to $485K a year
Remote from the United States of America
β https://ku.bz/wrrnmcjDQ
DevSecOps Engineer with OpenAI
π° $364.5K to $490K a year
Remote from the United States of America
β https://ku.bz/NXd17JHfV
DevSecOps Engineer with Faire
π° $268K to $368.5K a year
Remote from the United States of America, Canada, the United Kingdom (+1 more)
β https://ku.bz/6dD8HVYdT
DevSecOps Engineer with Mercor
π° $130K to $500K a year
On-site in San Francisco, CA, USA
β https://ku.bz/Hs5qfr1h2
DevSecOps Engineer with Perplexity
π° $220K to $405K a year
Fully remote
β https://ku.bz/rnYh0TMpt
π Browse 6598 jobs on Kube Careers https://kube.careers
Audicia is an open source Kubernetes operator that reads audit logs and generates least-privilege RBAC policies, compliance reports, and GitOps-ready manifests.
More: https://ku.bz/JC2kbCg1X
More: https://ku.bz/JC2kbCg1X
This article explains how PAI adds security hooks, memory, reusable skills, and verification steps on top of Claude Code to make AI-assisted Kubernetes work more safely and more under control.
More: https://ku.bz/xR1ZgkWlv
More: https://ku.bz/xR1ZgkWlv