Learn Kubernetes Weekly issue 121

Networking: service, kube-proxy, load balancing, How Canonical CAPI providers handle in-place upgrades, From DC/OS to Kubernetes

5 Mar 2025

This newsletter is brought to you by Spectro Cloud: the Kubernetes management platform for enterprise, public sector — and you.

We are running an Advanced Kubernetes workshop at the end of March!

Level up your Kubernetes game!

Articles

1. Kubernetes networking: service, kube-proxy, load balancing

   This article explores Kubernetes networking, focusing on Services, kube-proxy, and load balancing.

   It covers how pods communicate within a cluster, how Services direct traffic, and how external access is managed.

2. How to migrate your VMs to KubeVirt with Forklift

   Explore how to seamlessly migrate your legacy VM workloads to Kubernetes.

   In this practical guide, you'll learn how to use tools like Forklift and our VM Migration Assistant to automate the heavy lifting at scale.

   sponsored

3. How Canonical Kubernetes CAPI providers handle in-place upgrades

   Homayoon Alimohammadi

   Discover how Canonical Kubernetes CAPI providers handle in-place upgrades with the Single Machine In-Place Upgrade Controller and Orchestrated In-Place Upgrade Controller, ensuring smooth and efficient upgrades.

4. Migrating from DC/OS to Kubernetes: a deep dive into the challenges and opportunities

   Klarrio

   In this case study, you will learn about the challenges and opportunities of migrating from DC/OS to Kubernetes, including technical hurdles, migration strategies, and lessons learned from a real-world implementation.

5. Extend Kubernetes Service accounts auth scope to application APIs

   Jesse Haka

   Learn how to extend Kubernetes Service accounts auth scope to application APIs using JWT and Envoy gateway for secure authentication between services in different clusters

6. Securing continuous delivery: Argo CD threat detection

   Mikhail Larin

   Detect and prevent threats in Argo CD pipelines.

   Learn how to identify and mitigate initial admin password compromise, unauthorized application deployment, and other security risks with detection rules and hunting searches.

Articles worth checking out:

• How do Kubernetes operators handle concurrency?

• Scheduling simulations and ghosts in the cluster

• Use KEDA scaling modifiers to manage AI infrastructure

• Lessons learned from a near-zero downtime migration

• Karpenter: EKS best practices guides

• Configuring PostgreSQL Synchronous Replication

• How to update your PVC once it’s been created by a managed resource

• Improving on prem Kubernetes & making it feel like managed Kubernetes

• Threat alert: TeamTNT’s Docker gatling gun campaign

• Kubernetes: Seccomp, AppArmor, SELinux & Pod Security Standards and Admission Control

• Kubernetes: how kube-proxy and CNI work together

• The Many IP addresses of Kubernetes

• Write your next Kubernetes controller in Rust

• Overview of Kubernetes: GPU Scheduling, Device Plugin, CDI, NFD, and GPU Operator

• Image Management on Kubernetes Node

Turn Kubernetes chaos into effortless control, whatever the shape of your business

If you can imagine it, we can help you build it.

We make it easy for platform engineers and DevOps teams to deploy and manage multiple Kubernetes clusters from edge to cloud at scale.

Learn more and book a demo.

Tutorials

1. Supernatural abilities of a virtual kubelet

   In this article, you will learn about setting up Interlink, a Virtual Kubelet plugin engine, to delegate workloads (pods) to remote virtual machines.

2. A practical guide to Kubernetes Gateway API

   Learn how Gateway API leapfrogs ingress to offer greater routing control.

   We'll explain the first principles and then lead you through a step-by-step tutorial.

   sponsored

3. Ensuring effective Helm charts with linting, testing, and diff checks

   Hamdi KHELIL

   In this article, you'll learn how to use Helm Chart-Testing, Helm Unit Test plugin, and Helm Diff to catch potential issues early and ensure smooth deployments.

4. Apply deployment best practices within your Kubernetes cluster with Kyverno

   Talha Khaild

   Improve your Kubernetes cluster security with Kyverno, an open-source tool that helps you validate deployments and secure resources.

   Learn how to apply best practices and ensure a secure cluster.

5. Deploying Llama 3.1 405B on GKE Autopilot with 8 x NVIDIA A100 80GB GPUs

   Sam Stoelinga

   This tutorial teaches you to deploy the Llama 3.1 405B model on GKE Autopilot with 8 x A100 80GB GPUs using KubeAI.

Kubernetes jobs

1. • Software Engineer with US Bank

   • Salary: $155.69K to $164.1K a year

   • Location: based in the office in Charlotte, NC, USA

   • Tech stack: Kubernetes, AWS, Azure, On-premise, Rancher, Javascript, Java, Cassandra, Mongo, Spark

2. • Software Engineer with US Bank

   • Salary: $131.74K to $138.27K a year

   • Location: based in the office in San Francisco, CA, USA

   • Tech stack: Kubernetes, Javascript, Java, Jenkins

3. • Platform Engineer with REWE Group Austria

   • Salary: €60K a year

   • Location: based in the office in Wien, AT

   • Tech stack: Kubernetes, GCP, On-premise, Flux, ArgoCD, Shell, Java, Terraform, Gitlab, Ansible

4. • Software Engineer with Jobgether

   • Salary: $200K to $275K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, AWS, Python, Javascript, Kotlin, MySQL

5. • DevOps Engineer with Tala

   • Salary: $130K to $160K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, AWS, Azure, GCP, ArgoCD, Docker, Terraform, Jenkins, Ansible, Datadog

Discover more Kubernetes jobs on Kube Careers →

Code & tools

1. Bare Metal Operator

   The Bare Metal Operator implements a Kubernetes API for managing bare metal hosts.

   It maintains an inventory of available hosts as instances of the BareMetalHost Custom Resource Definition.

2. Autotune: optimizations with SLOs

   Kruize Autotune accepts a user-provided "SLO" goal to optimize application performance.

   It uses Prometheus to identify "layers" of an application that it is monitoring and matches tunable from those layers to the user-provided SLO.

3. Kubernetes Resource Recommender

   Kubernetes Resource Recommender is a CLI tool for optimizing resource allocation in Kubernetes clusters.

   It gathers pod usage data from Prometheus and recommends requests and limits for CPU and memory.

   This reduces costs and improves performance.

4. mirrord

   mirrord lets you easily mirror traffic from your Kubernetes cluster to your development environment.

   It comes as both Visual Studio Code extension and a CLI tool.

5. Timoni: package manager for Kubernetes

   Timoni is a package manager for Kubernetes, powered by CUE and inspired by Helm.

   Instead of using Go templates with YAML like Helm or layering YAML like Kustomize, Timoni relies on Cuelang's type safety, code generation and data validation features.

Other interesting projects:

• k0smotron

• paralus/paralus

• Trivy

• Kube-vip: virtual IP and load balancer

• Kubeshark: API traffic analyzer for Kubernetes

• Goldilocks: requests and limits

• CRD to sample YAML

• kubeip: assign static public IPs

• K8s cleaner

• kubectl-validate

• Kubernetes-reflector: replicate secrets, ConfigMaps and certificates

Upcoming Kubernetes events

1. Mar

   6

   CloudNativePG: running PostgreSQL the Kubernetes way

   Online meetup organized by Data on Kubernetes Community.

   • This is a virtual event

   • This is a free event.

2. Mar

   6

   Kubernetes release

   Online webinar organized by Rancher.

   • This is a virtual event

   • This is a free event.

3. Mar

   8

   From Homelab to Helm Charts, Crossplane & Autoscaling for Kubernetes

   In-person meetup organized by Cloud Native Hanoi.

   • Location: Hanoi, VN

   • This is a free event.

4. Mar

   11

   Node scaling optimization & optimizing Kubernetes

   In-person meetup organized by Cloud Native Berlin.

   • Location: Berlin, DE

   • This is a free event.

5. Mar

   12

   Devopsdays Zurich

   In-person conference organized by Devopsdays.

   • Location: Zurich, CH

   • This event requires an entrance fee

6. Mar

   20

   Advanced Kubernetes course

   Online workshop organized by Learnk8s.

   • This is a virtual event

   • This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

1. 26

   days

   ContainerDays

   The Call For Paper is open until 31 March 2025 at UTC. More info →

   • Location: Hamburg, DE

   • In-person conference organized by Looevent.

   • The conference starts on the 9 September 2025.

   • Apply here

2. 9

   days

   Kubernetes Community Days Czech & Slovak 2025

   The Call For Paper is open until 15 March 2025 at UTC. More info →

   • Location: Prague, CZ

   • In-person conference organized by KCD Czech & Slovak.

   • The conference starts on the 5 June 2025.

   • Apply here

3. 20

   days

   Kubernetes Community Days Bengaluru 2025

   The Call For Paper is open until 26 March 2025 at UTC. More info →

   • Location: Bangalore, IN

   • In-person conference organized by KCD Bengaluru.

   • The conference starts on the 7 June 2025.

   • Apply here

4. 31

   days

   Kubernetes Community Days Utrecht 2025

   The Call For Paper is open until 6 April 2025 at UTC. More info →

   • This is a virtual event

   • Online conference organized by KCD Utrecht.

   • The conference starts on the 3 July 2025.

   • Apply here

5. 46

   days

   Kubernetes Community Days Taipei 2025

   The Call For Paper is open until 20 April 2025 at UTC. More info →

   • Location: Taipei, TW

   • In-person conference organized by KCD Taiwan.

   • The conference starts on the 5 July 2025.

   • Apply here

6. 55

   days

   DevOps Pro Europe

   The Call For Paper is open until 30 April 2025 at UTC. More info →

   • Location: Vilnius, LT and virtual

   • Online & in-person conference organized by Data Miner.

   • The conference starts on the 20 May 2025.

   • Apply here

7. 18

   days

   GitOpsCon Europe 2025

   The Call For Paper is open until 23 March 2025 at UTC. More info →

   • This is a virtual event

   • Online conference organized by CNCF.

   • The conference starts on the 29 April 2025.

   • Apply here

8. 66

   days

   Devopsdays Eindhoven

   The Call For Paper is open until 10 May 2025 at UTC. More info →

   • Location: Eindhoven, NL

   • In-person conference organized by Devopsdays.

   • The conference starts on the 2 October 2025.

   • Apply here

9. 17

   days

   KubeCon + CloudNativeCon India 2025

   The Call For Paper is open until 23 March 2025 at UTC. More info →

   • Location: Hyderabad, IN

   • In-person conference organized by Linux Foundation.

   • The conference starts on the 7 August 2025.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!