Learn Kubernetes Weekly issue 131

Synchronizing Database schema, Building Resilient Applications, EKS Auto Mode vs AKS Automatic, How does Calico assign IPs to itself?

14 May 2025

This newsletter is sponsored by RunWhen — build AI Engineering Assistants with thousands of tools for your infrastructure, platform services, logs, metrics and more.

Articles

  1. Synchronizing Database schema updates between projects and environments

    DV Engineering

    DoubleVerify uses a shared DB schema repo + Helm pre-install hooks to sync updates across multi-project environments, avoiding monorepo due to CI/CD/security constraints.

  2. Reducing Prometheus Alert Fatigue: An AI Intervention for Infrastructure and Application Monitoring

    Kubernetes alerting is painful: since it is "self healing", there is a continuous stream of noise from infrastructure that may be unhealthy now but will improve in a few seconds.

    Learn how AI Agents can help.

    sponsored

  3. Building Resilient Applications on Kubernetes

    Learn why Xe returned to Kubernetes and opted for Civo's managed k3s cluster over Vultr due to cost-effective unlimited egress and reliability.

  4. Amazon EKS Auto Mode vs Azure AKS Automatic: Which is the Better Managed Kubernetes Solution?

    Pixel Robots.

    This article compares AWS EKS Auto Mode and Azure AKS Automatic regarding automation, scaling, observability, and security.

    • AKS Automatic offers end-to-end networking and workload scaling automation.
    • EKS Auto Mode focuses on node provisioning.

  5. A CNI 'chicken-and-egg' dilemma: How does Calico assign IPs to itself?

    xiaoqing

    Calico bootstraps itself on NotReady nodes by scheduling calico-node as a hostNetwork Pod, which installs CNI binaries via initContainers.

    This allows kubelet to become network-ready and calico-ipam to allocate IPs before other Calico components start.

  6. API Streaming in Kubernetes: Memory-Efficient List Responses

    Kubernetes 1.32 adds API streaming for list requests, sending objects one by one from the watch cache instead of buffering complete responses in memory.

    This prevents kube-apiserver memory spikes and Out Of Memory (OOM).

Articles worth checking out:

Like Cursor.ai for SRE Work?

Build agents for your team with thousands(!) of tools imported and configured for your environment in minutes.

Build agents that respond to alerts and build tickets or provide self-service in your help channels.

Like Cursor.ai for SRE Work?

Tutorials

  1. How etcd works with and without Kubernetes

    Emanuel Evans

    Learn how Kubernetes uses etcd as a strongly consistent key-value store via Raft, where every API write becomes a key under /registry, controllers watch key prefixes, and MVCC with revisions ensures atomic, ordered state across the cluster.

  2. Understanding the 1MB Limit of Etcd in Kubernetes: Challenges with Helm Deployments

    Logeshbalu

    This article details how etcd’s 1MB per-object limit causes Helm deployments to fail when release metadata stored as Secrets exceeds the cap.

    It offers strategies like chart modularization and history pruning to mitigate these issues.

  3. Distroless Images in Docker: Minimalism, Security, and Debugging in Kubernetes

    Sergei Ozeranskii

    This article details how Distroless images reduce attack surface by removing shells and package managers.

    It compares image sizes, shows how to build with multistage Dockerfiles, and validates security via Grype—finding 53 vs 107 CVEs in slim images.

  4. Building a Resilient EKS Cluster with In-cluster Auto-Scaled Lib hardware

    LoxiLB

    Learn how LoxiLB transforms EKS cluster networking by providing in-cluster, auto-scaled load balancing that cuts costs, enhances performance, and enables flexible multi-network deployments across AWS regions.

Kubernetes jobs

    • Platform Engineer with SimSpace

    • Salary: $150K to $210K a year

    • Location: remote from the United States

    • Tech stack: Kubernetes, Go, Python, Java, Kotlin

    • DevOps Engineer with NMI

    • Salary: $155K to $165K a year

    • Location: remote from the United States

    • Tech stack: Kubernetes, On-premise, Go, Shell, Python, MySQL, Gitlab, Ansible, Puppet, Grafana

    • Software Engineer with GEICO

    • Salary: $115K to $230K a year

    • Location: remote from the United States

    • Tech stack: Kubernetes, AWS, Azure, GCP, Docker, Python, SQL, Java, C++, C#

    • DevOps Engineer with Huntington Bank

    • Salary: $57K to $113K a year

    • Location: based in the office (and remote from home) in Columbus, OH, USA

    • Tech stack: Kubernetes, AWS, Docker, Python, SQL, Javascript, Typescript, DynamoDB, PostgreSQL, MySQL

    • Software Engineer with Natera

    • Salary: $99.3K to $124.1K a year

    • Location: remote from the United States

    • Tech stack: Kubernetes, AWS, Docker, Shell, Python, SQL, Java, Groovy, Kafka, Gitlab

Discover more Kubernetes jobs on Kube Careers →

Code & tools

  1. Helmfile

    Helmfile is a declarative spec for deploying Helm charts. It lets you:

    • Keep a directory of chart value files and maintain changes in version control.
    • Apply CI/CD to configuration changes.
    • Periodically sync to avoid skew in environments.

  2. RunWhen Authors Program

    The RunWhen Open Source Authors program is for engineers interested in royalties and bounties in return for contributing AI-ready SRE automation.

    sponsored

  3. Helm-mapkubeapis: Fix Deprecated APIs in Helm Releases

    mapkubeapis is a Helm v3 plugin which updates in-place Helm release metadata that contains deprecated or removed Kubernetes APIs to a new instance with supported Kubernetes APIs.

  4. Vals Configuration Loader

    helmfile

    Vals is a Helm-compatible tool that injects secrets and config values from backends like Vault, AWS SSM, GCP Secrets Manager, and Kubernetes.

    It resolves ref+ URIs in YAML, supporting helmfile, direnv, and kubectl workflows.

  5. KGrok – Self-Service HTTPS Tunnels for Local Devs via Kubernetes

    IxDay

    KGrok is a Kubernetes-native CLI tool that enables developers to expose their local machines via secure HTTPS endpoints using the Gateway API and wildcard DNS.

Other interesting projects:

Upcoming Kubernetes events

  1. May

    15

    Kubernetes Community Days Texas Austin 2025

    In-person conference organized by KCD Texas.

    • Location: Austin, TX, USA

    • This event requires an entrance fee

  2. May

    16

    Building AI Workflows with DigitalOcean Kubernetes & Dissecting the Kubernetes Scheduler

    In-person meetup organized by DigitalOcean New York.

    • Location: New York, NY, USA

    • This is a free event.

  3. May

    20

    DevOps Pro Europe

    Online & in-person conference organized by Data Miner.

    • Location: Vilnius, LT and virtual

    • This event requires an entrance fee

      • Use LEARNK8S10 to get 10% off

  4. May

    22

    Kubernetes Community Days Seoul 2025

    In-person conference organized by KCD South Korea.

    • Location: Seoul, KR

    • This event requires an entrance fee

  5. Jun

    26

    Advanced Kubernetes course

    Online workshop organized by Learnk8s.

    • This is a virtual event

    • This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

  1. 9

    days

    Kubernetes Community Washington DC 2025

    The Call For Paper is open until 26 May 2025 at UTC. More info →

    • Location: Washington, D.C., USA

    • In-person conference organized by KCD Washington DC.

    • The conference starts on the 16 September 2025.

    • Apply here

  2. 14

    days

    Cloud Native Days Austria

    The Call For Paper is open until 31 May 2025 at UTC. More info →

    • Location: Vienna, AT

    • In-person conference organized by CNDA Austria.

    • The conference starts on the 8 October 2025.

    • Apply here

  3. 11

    days

    KubeCon + CloudNativeCon North America 2025

    The Call For Paper is open until 28 May 2025 at UTC. More info →

    • Location: Atlanta, GE, USA

    • In-person conference organized by Linux Foundation.

    • The conference starts on the 10 November 2025.

    • Apply here

  4. 30

    days

    Cloud Native Denmark 2025

    The Call For Paper is open until 16 June 2025 at UTC. More info →

    • Location: Aarhus, DK

    • In-person conference organized by CND.

    • The conference starts on the 17 April 2025.

    • Apply here

  5. 44

    days

    Kubernetes Community Days Porto 2025

    The Call For Paper is open until 30 June 2025 at UTC. More info →

    • Location: Porto, PT

    • In-person conference organized by KCD Porto.

    • The conference starts on the 4 November 2025.

    • Apply here

  6. 30

    days

    Kubernetes Community Days Warsaw 2025

    The Call For Paper is open until 16 June 2025 at UTC. More info →

    • Location: Warsaw, PL

    • In-person conference organized by KCD Warsaw.

    • The conference starts on the 9 October 2025.

    • Apply here

  7. 78

    days

    Texas Linux Festival 2025

    The Call For Paper is open until 3 August 2025 at UTC. More info →

    • Location: Austin, TX, USA

    • In-person conference organized by TXLF.

    • The conference starts on the 4 October 2025.

    • Apply here

  8. 30

    days

    Devopsdays Tel Aviv

    The Call For Paper is open until 15 June 2025 at UTC. More info →

    • Location: Tel Aviv, IL

    • In-person conference organized by Devopsdays.

    • The conference starts on the 11 December 2025.

    • Apply here

  9. 79

    days

    Open Source Summit Japan 2025

    The Call For Paper is open until 4 August 2025 at UTC. More info →

    • Location: Tokyo, JP

    • In-person conference organized by Linux Foundation.

    • The conference starts on the 10 December 2025.

    • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!

Or follow us on: