Forecastle is a control panel which dynamically discovers and provides a launchpad to access applications deployed on Kubernetes.

More: https://ku.bz/1ZZZSgjLj

Vincent von Büren was refactoring an old Helm chart when he spotted a debug log line printing a Kubernetes ServiceAccount token to stdout — still running in production.

He decoded it: no audience restrictions, one-year expiry. "My stomach turned. I knew this could be a serious security incident."

In this episode, Vincent breaks down:

- What's actually inside a ServiceAccount JWT
- Why default tokens enable replay attacks
- Projected tokens — the solution that's been available since 1.20, but why most teams haven't switched
- Practical steps to reduce exposure

Watch (or listen to) it here: https://ku.bz/LTnB_Ntbc

🌟 This episode is brought to you by LearnKube — comprehensive Kubernetes training. https://learnkube.com/training

With @Birthmarkb

CronJob Guardian monitors Kubernetes CronJobs with dead-man's switch detection, SLA tracking for success rates and duration regressions, intelligent alerting via Slack/PagerDuty/webhook/email, and a built-in web dashboard with charts and metrics export.

More: https://ku.bz/N2-98L3pg

This article explains how to build cost-efficient microservices on AKS by classifying state as irreplaceable or regenerable, using managed PostgreSQL for critical data while self-hosting Redis, RabbitMQ, and observability tools in Kubernetes.

More: https://ku.bz/WgJHVHDwH

KCL allows developers to create modular, scalable, and stable configurations.

Key features include constraint-based records, functional language, schema modeling, and automation APIs, ideal for cloud-native environments and platform engineering.

More: https://ku.bz/dn98wMpnc

This week's 6 best Kubernetes architect vacancies are:

Solution Architect with NVIDIA
💰 $308K to $471.5K a year
On-site in Santa Clara, CA / Champaign, IL, USA
→ https://ku.bz/VJNQljZmd

Solution Architect with Caylent
💰 $250K to $450K a year
Remote from the United States of America, Canada, Argentina (+6 more)
→ https://ku.bz/fprtkLknc

Software Architect with Okta
💰 $263K to $353K a year
Remote from the United States of America
→ https://ku.bz/4ymF6_89d

Infrastructure Architect with Legion
💰 $250K to $350K a year
Remote from the United States of America
→ https://ku.bz/4_kmCMSk1

👉 Browse 5289 jobs on Kube Careers https://kube.careers

This week on Learn Kubernetes Weekly 177:

☕ What Happens When You Run Java at Scale on Kubernetes
🚀 From Push to Production: Our Deployment Pipeline with Argo CD
⚡ From Minutes to Seconds: How I Eliminated Kubernetes Image Pull Delays
🏕️ Nomad on OpenShift: The Case for the Control Plane
🔬 Deep Dive: The Linkerd Destination Service

Read it now: https://kube.today/issues/177

⭐️ This newsletter is brought to you by Spectro Cloud, helping you scale K8s infrastructure for AI workloads — from cloud to edge https://ku.bz/JD0dS5lhZ

flux-operator simplifies the configuration of Flux multi-tenancy lockdown, sharding, horizontal and vertical scaling, persistent storage, and allows fine-tuning the Flux controllers with Kustomize patches.

More: https://ku.bz/lqx0LQQLz

This article introduces Tony format, a tool that unifies matching, patching, and diffing operations on YAML and JSON using a single typed tree representation with tag-based extensions like !dive, !key, and !if for structural transformations.

More: https://ku.bz/5wwy7tTt_

Argo CD Diff Preview is a tool that renders the diff between two branches in a Git repository, providing a clear and concise view of the changes between two branches, similar to Atlantis for Terraform.

More: https://ku.bz/7Xhg68YzK

Marc Campora breaks down the core differences between AWS Lambda and Kubernetes container deployments.

He explains how Lambda abstracts away infrastructure management - developers simply write, package, and deploy code while AWS handles provisioning, scaling, and availability zone distribution automatically. This contrasts sharply with Kubernetes, where teams must make numerous complex decisions about clusters, instance types, and deployment strategies.

Watch the full episode: https://ku.bz/5gMTkzLhV

This case study shows how Portworx built Aetòs, an Internal Developer Platform processing 50M daily API calls, managing 14,000 VMs, achieving 70% cloud cost reduction, and saving 10,000 engineering hours quarterly.

More: https://ku.bz/PDsYhsYZ2

Yasmin Rajabi from CloudBolt Software walks through what's new:

- Kubernetes cost allocation GA with container-level visibility
- MCP support for AI-assisted operations
- HPA algorithm patent
- In-place pod resizing as the default resize behavior

The shift to in-place resizing means pods no longer need to restart for resource changes — reducing one of the biggest adoption barriers to automated right-sizing.





Watch the announcement: https://ku.bz/BLhCGcbB9

Read the announcement: https://ku.bz/JrbVrpS_t

Sveltos is a Kubernetes add-on controller that simplifies the deployment and management of Kubernetes add-ons and applications across multiple clusters, whether on-prem, in the cloud or a multitenant environment.

More: https://ku.bz/y4Q4HSXF8

This tutorial shows how to build integration tests for Kubernetes using Rust, kind clusters, and Terraform with automatic cleanup via Kyverno TTL policies and namespace isolation for concurrent test execution.

More: https://ku.bz/cbWvYlylR

This week's 6 best Kubernetes leadership jobs are:

Engineering Manager with Justworks
💰 $83.98K to $104.98K a year
Remote from Mexico
→ https://ku.bz/k3strqrPN

Engineering Manager with Grafana Labs
💰 US$100.58K to US$132.06K a year
Remote from Germany, Sweden, Spain (+2 more)
→ https://ku.bz/FhHwQMYTl

DevSecOps Engineer with OpenAI
💰 $364.5K to $490K a year
Remote from the United States of America
→ https://ku.bz/NXd17JHfV

Engineering Manager with Graphcore
💰 US$94.56K to US$127.92K a year
Remote from the United Kingdom
→ https://ku.bz/kPCTlvM4H

Software Engineer with Exadel
💰 PLN 5,7K to PLN 792K a year
Remote from Poland, Armenia, Bulgaria (+3 more)
→ https://ku.bz/bhNHlJvq6

👉 Browse 5166 jobs on Kube Careers https://kube.careers

This tool extends Argo CD with a hub-and-spoke agent architecture in which lightweight agents in remote clusters connect back to a central control plane.

More: https://ku.bz/69d9-tLTX

This case study shows how to run SQL Server on Azure Kubernetes Service using StatefulSets, persistent volumes, and GitOps for multi-tenant database deployments.

More: https://ku.bz/YZF0RX5vR

Rohit Agrawal from Databricks on replacing Kubernetes networking with a proxy-less, client-side load balancing system and eliminating 20-30% over-provisioning across hundreds of services.

You will learn:

- Why KubeProxy's L4 routing breaks down for gRPC: it picks a backend once per connection, not per request
- How Databricks built an Endpoint Discovery Service that streams real-time pod metadata to every client
- How zone-aware spillover cuts cross-AZ costs without sacrificing availability
- Why CPU-based routing failed and what signals to use instead

Watch (or listen to) it here: https://ku.bz/y803JMhBk

🌟 Sponsored by LearnKube — Kubernetes training, online or in-person. https://learnkube.com/training

With @Birthmarkb

The MariaDB operator lets you declaratively manage your MariaDB using Kubernetes CRDs rather than imperative commands.

More: https://ku.bz/2zD_QsmDK

Michael Levan redefines platform engineering as combining customer service and product development.

He argues that the primary goal isn't technical excellence but making other teams' lives easier. Platform engineers should focus on building internal tools and abstracting complexity — for example, providing GitOps capabilities without requiring teams to understand if they're using Flux, Argo, or other tools.

The key measure of success is how well platform teams serve their internal customers rather than the sophistication of their technical solutions.

Watch the full episode: https://ku.bz/qlZPfM-zr