In this article, I'll show how the Argo Workflows Executor Plugin lets you extend the Argo Workflows controller without maintaining your own fork—simply by implementing a small HTTP server in any language. As a bonus, this same mechanism reduces the number of extra pods in your DAGs and lightens the load on the Kubernetes scheduler. If you're new to Argo, I'll briefly cover the architecture and where plugins fit in. We'll finish with practical examples and key configuration details.

K8sQuest is a local, game-based Kubernetes training platform with an interactive GUI-like terminal interface. Each mission breaks something in Kubernetes. Your job is to fix it.

kimspect is a kubernetes container image inspection tool that provides comprehensive visibility into container images running inside your cluster. kimspect can get image information by pod, namespace, and node. Built for performance and reliability, kimspect enables container image insights with a simple, intuitive command-line interface.

KAOS is a Kubernetes-native framework for deploying and orchestrating AI agents with tool access, multi-agent coordination, and seamless LLM integration.

A K9s-inspired terminal UI for monitoring Flux GitOps resources in real-time.

Mount /nix into Kubernetes pods using the CSI Ephemeral Volume feature. Volumes share lifetime with Pods and are embedded into the Podspec.

Cartography is a Python tool that maps infrastructure assets and their relationships into a Neo4j-backed graph view.

Morgan Stanley explains how it scaled Flux across 500+ clusters over five years, including security, performance, and observability lessons.

Every container image you pull from registry.k8s.io got there through kpromo, the Kubernetes image promoter. It copies images from staging registries to production, signs them with cosign, replicates signatures across more than 20 regional mirrors, and generates SLSA provenance attestations. If this tool breaks, no Kubernetes release ships. Over the past few weeks, we rewrote its core from scratch, deleted 20% of the codebase, made it dramatically faster, and nobody noticed. That was the whole point.

This covers safer Kubernetes debugging with least-privilege RBAC, short-lived identity-bound credentials, and audited SSH-style access paths.

Agent Sandbox adds a declarative Kubernetes API for isolated, stateful AI agents with strong execution boundaries and stable network identities.

At the beginning of 2025, the OpenTelemetry Developer Experience SIG published the results of its first community survey. One of the strongest themes was clear: teams want more real-world examples of how the OpenTelemetry SDKs and the OpenTelemetry Collector are actually used in production.

To help close that gap, the SIG began collecting stories directly from end users—across industries, architectures, and company sizes. This post kicks off a new series focused specifically on organizations’ real world stories, starting with a small but uniquely challenging case.

This first story features Mastodon, a non-profit organization operating at global scale with a remarkably small team.

The post argues AI-written incident reviews fail without rich cross-system data and human engagement because incident reviews are socio-technical learning work, not just document generation.

The post walks through ten status page examples and highlights clear communication, simple layouts, and expectation-setting details that help users during incidents.

The post argues teams should make reliability targets, support limits, and roadmap uncertainty explicit early so customers and stakeholders do not build riskier implicit expectations.

Five practical DX improvements for daily OpenTofu/Terraform + AWS work: use `tenv` for seamless version switching, a `grep` alias to summarize plans quickly, `tflint` with cloud provider plugins for linting, `awsp` for fast AWS profile switching, and a customized shell prompt showing the current branch/workspace/profile at a glance to prevent costly wrong-context mistakes.

A zero-cost drift detection pipeline built entirely on GitHub Actions uses Terraform's native `-detailed-exitcode` flag to auto-discover root modules, run daily parallel plans, and open GitHub Issues when drift is detected — no external tools or paid services required, with OIDC for keyless AWS auth.

An open-source platform from Electrolux that lets platform teams define reusable Terraform templates while enabling developers to self-serve multi-cloud infrastructure (AWS, Azure, GCP) via pull-request-driven continuous delivery, with audit logging and an MCP server for AI agent integration.

AI agents get filesystem access, run shell commands, and are wide open to prompt injections. The standard response is guardrails and policies. The problem is that policies can be bypassed — and guardrails can be talked out of.

With nono, you don't have to. nono wraps your agent in a kernel-isolated sandbox in seconds — with API key protection, destructive action guardrails, and full snapshot/rollback built in. No hypervisor to configure. No container volume mounts, instead fine grained capability control to the file level. Zero latency overhead.