Learn Kubernetes Weekly issue 135

Kubernetes networking guide, Configuration Management at Ant, Audit log policy, Can't NAT after NAT, Readiness vs Liveness

11 Jun 2025

This newsletter is brought to you by Arm — Explore learning paths and technical resources to start, accelerate, or complete your cloud migration.

Articles

  1. The Kubernetes networking guide

    The purpose of the Kubernetes networking guide is to provide an overview of various Kubernetes networking components with a specific focus on exactly how they implement the required functionality.

  2. Arm Introduces New Developer Initiative to Expedite Migration to Arm-based Cloud Platforms

    Arm launched a new initiative for developers to streamline migration to Arm-based cloud platforms, offering 100+ learning paths, community support, and access to Arm experts.

    Companies like Uber, Spotify, and Datadog have already seen significant performance from migrating to Arm.

    sponsored

  3. Configuration Management at Ant Group: Generated Manifest and Immutable Desired State

    KusionStack

    Ant Group addresses large-scale configuration chaos with KusionStack by using a strict, unchangeable manifest model.

    This model aligns the objectives of platform and application teams into a version-controlled, declarative specification.

  4. My favourite Kubernetes audit log policy

    Paul Immelman

    Learn how to create a precise policy that tracks critical cluster events, secures sensitive data, and provides actionable security insights without overwhelming log volumes.

  5. Can't NAT after NAT

    reoring

    This article clarifies why DNAT chaining doesn't work in Kubernetes due to limitations in Linux iptables: NAT is tracked per connection using conntrack, and packets don’t re-enter PREROUTING after the first DNAT.

  6. Readiness vs Liveness Probes: What is the Difference? (and Startup Probes!)

    Juliano Kessler

    This article simulates real pod failures to show how readiness stops traffic, liveness triggers restarts, and startup delays probe execution.

Articles worth checking out:

Arm in the Cloud: More Performance, Less Energy

Leading cloud providers Amazon Web Services, Google Cloud, Microsoft Azure, and Oracle Cloud Infrastructure offer Arm-powered cloud instances, which means better performance, lower energy consumption across applications, and reduced total cost of ownership (TCO) compared to legacy x86.

Transition to Arm

Arm in the Cloud: More Performance, Less Energy

Tutorials

  1. OpenTelemetry Resource Attributes: Best Practices for Kubernetes

    This article explains how to enrich Kubernetes telemetry with OpenTelemetry semantic resource attributes like k8s·pod·uid, k8s·node·name, and k8s·cluster·name, using the Downward API and the k8sattributesprocessor.

  2. Cloud Migration: On-Demand Code-Along Series

    The Arm Cloud Migration code-along series assists developers in building, optimizing, and deploying cloud-native applications on Arm-based infrastructure.

    It provides practical guidance for modernizing workloads and creating scalable GenAI applications, from setting up cloud environments to automating CI/CD and efficiently running large language models (LLMs).

    sponsored

  3. Helm Chart Validation Just Got Smarter Thanks to This Google-Powered Tool

    Suleiman Dibirov

    Helm CEL Plugin enhances Helm chart validation using Google's Common Expression Language (CEL), enabling expressive, reusable rules with severity levels.

    It supports automatic rule generation, integrates via helm cel validate and helm cel generate.

  4. Stop paying for AWS MSK or Kinesis. Running production-grade Kafka has never been easier.

    Konstantin Mogilevskii

    This guide walks through deploying a highly available, autoscaling Kafka cluster on EKS using DoEKS Terraform blueprints and the Strimzi Operator.

Kubernetes jobs

    • Solution Architect with Volkswagen Group of America

    • Salary: $104.1K to $212.4K a year

    • Location: remote from the United States

    • Tech stack: Kubernetes, AWS, Azure, GCP, On-premise, Docker, SQL, Javascript, C#, SQL Server

    • Software Engineer with IEEE

    • Salary: $138K to $172K a year

    • Location: based in the office (and remote from home) in Los Alamitos, CA, USA

    • Tech stack: Kubernetes, AWS, Docker, SQL, Javascript, PHP, Typescript, DynamoDB, Mongo, MySQL

    • DevOps Engineer with Altium

    • Salary: $190K to $220K a year

    • Location: remote from the United States

    • Tech stack: Kubernetes, AWS, Docker, Jenkins, Gitlab

    • DevSecOps Engineer with Kraken

    • Salary: $110K to $176K a year

    • Location: remote from Europe

    • Tech stack: Kubernetes, AWS, GCP, Shell, Python, Terraform

    • DevOps Engineer with LEIDOS

    • Salary: $126.1K to $227.95K a year

    • Location: remote from the United States

    • Tech stack: Kubernetes, AWS, Azure, OpenShift, Docker, Python, Javascript, Tekton, Jenkins, Gitlab

Discover more Kubernetes jobs on Kube Careers →

Code & tools

  1. Khronoscope: Time Travel for Troubleshooting and Debugging

    hoyle1974

    Khronoscope snapshots your cluster's resource states in-memory and lets you inspect changes over time with VCR-like controls.

    Without persistent storage or agent overhead, you can view logs, rewind crashes, and trace dependencies across namespaces.

  2. kubectl-rexec: auditable pod shell access

    Adyen

    kubectl-rexec enforces auditable pod shell access by blocking native kubectl exec via a ValidatingWebhook and routing sessions through a proxied APIService that logs all activity.

  3. kubernetes-sigs/node-feature-discovery

    Node Feature Discovery is a Kubernetes add-on for detecting hardware features and system configuration.

    It detects hardware features available on each node in a Kubernetes cluster and advertises those features using node labels.

  4. Hypershift: clusters with hosted control planes

    HyperShift is a middleware for hosting OpenShift control planes at scale that saves cost and time to provision and portability cross-cloud with a strong separation of concerns between management and workloads.

  5. Gardener: cluster of clusters

    Gardener implements the automated management and operation of Kubernetes clusters as a service and provides a fully validated extensibility framework that can be adjusted to any programmatic cloud or infrastructure provider.

Other interesting projects:

Upcoming Kubernetes events

  1. Jun

    14

    Kubernetes Community Day Antigua Guatemala

    In-person conference organized by KCD Guatemala.

    • Location: Antigua Guatemala, GT

    • This is a free event.

  2. Jun

    17

    KubeCon + CloudNativeCon Japan 2025

    In-person conference organized by Linux Foundation.

    • Location: Tokyo, JP

    • This event requires an entrance fee

  3. Jun

    17

    LINSTOR Is Like Kubernetes, But for Block Devices & Self-Hosting in the Real World

    In-person meetup organized by Tech Internals Community.

    • Location: Berlin, DE

    • This is a free event.

  4. Jun

    18

    One year in production with CloudNativePG and ZFS on the cheapest Kubernetes cluster we could find

    Online meetup organized by Data on Kubernetes Community.

    • This is a virtual event

    • This is a free event.

  5. Jun

    26

    Advanced Kubernetes course

    Online workshop organized by Learnk8s.

    • This is a virtual event

    • This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

  1. expired

    Cloud Native Denmark 2025

    The Call For Paper was open until 16 June 2025 at UTC. More info →

    • Location: Aarhus, DK

    • In-person conference organized by CND.

    • The conference starts on the 17 April 2025.

    • Apply here

  2. 11

    days

    Kubernetes Community Days Porto 2025

    The Call For Paper is open until 30 June 2025 at UTC. More info →

    • Location: Porto, PT

    • In-person conference organized by KCD Porto.

    • The conference starts on the 4 November 2025.

    • Apply here

  3. expired

    Kubernetes Community Days Warsaw 2025

    The Call For Paper was open until 16 June 2025 at UTC. More info →

    • Location: Warsaw, PL

    • In-person conference organized by KCD Warsaw.

    • The conference starts on the 9 October 2025.

    • Apply here

  4. 46

    days

    Kubernetes Community Days Sri Lanka 2025

    The Call For Paper is open until 4 August 2025 at UTC. More info →

    • Location: Colombo, LK

    • In-person conference organized by KCD Sri Lanka.

    • The conference starts on the 26 October 2025.

    • Apply here

  5. 45

    days

    Texas Linux Festival 2025

    The Call For Paper is open until 3 August 2025 at UTC. More info →

    • Location: Austin, TX, USA

    • In-person conference organized by TXLF.

    • The conference starts on the 4 October 2025.

    • Apply here

  6. expired

    Devopsdays Tel Aviv

    The Call For Paper was open until 15 June 2025 at UTC. More info →

    • Location: Tel Aviv, IL

    • In-person conference organized by Devopsdays.

    • The conference starts on the 11 December 2025.

    • Apply here

  7. 45

    days

    Open Source Summit Japan 2025

    The Call For Paper is open until 4 August 2025 at UTC. More info →

    • Location: Tokyo, JP

    • In-person conference organized by Linux Foundation.

    • The conference starts on the 10 December 2025.

    • Apply here

  8. expired

    Devopsdays Cairo

    The Call For Paper was open until 12 June 2025 at UTC. More info →

    • Location: Cairo, EG

    • In-person conference organized by Devopsdays.

    • The conference starts on the 15 September 2025.

    • Apply here

  9. 9

    days

    Devopsdays Lima

    The Call For Paper is open until 28 June 2025 at UTC. More info →

    • Location: Lima, PE

    • In-person conference organized by Devopsdays.

    • The conference starts on the 20 August 2025.

    • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!

Or follow us on: