Learn Kubernetes Weekly issue 136
Native macOS Workloads with Kubernetes, Pods breaking bad, FacetController: Infrastructure Changes at Lyft, Managing Stateful Workloads
18 Jun 2025
This issue is brought to you by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training.
This Thursday, I'm going live with Andrew to discuss one of the most persistent challenges in Kubernetes: resource management.
We will explore how algorithms can make more effective resource decisions than manual configuration!
Articles
How We Integrated Native macOS Workloads with Kubernetes
Vitalii Horbachov
Agoda built
macOS-vz-Kubelet, a virtual kubelet running directly on macOS, to manage Apple Silicon VMs via Apple’s Virtualization Framework.It turns Mac Minis into schedulable Kubernetes nodes with OCI-backed VM images and hybrid Pod support.
Why our pods were breaking bad (and how we fixed them)
Kshitij Nawandar
Razorpay's UPI service pods were silently degrading over time.
They used Go's pprof profiling to find that a global variable kept growing.
The code fix reduced CPU usage from 5 cores to ~150m, memory from 700 MiB to 50 MiB, and API latency by half.
FacetController: How We Made Infrastructure Changes at Lyft Simple
Miguel Molina
Learn how Lyft developed FacetController, a CRD that simplifies infrastructure changes by creating a unified abstraction for microservice deployments.
This enables rapid, safe updates across thousands of services without manual intervention.
Operational Considerations for Managing Stateful Workloads
pampatzoglou
This article provides a playbook for managing database workloads in Kubernetes, focusing on strategies for isolation, dynamic credential management, high availability, disaster recovery, and observability.
Can configuration languages (Config DSLs) solve configuration complexity?
Brian Grant
Can config DSLs solve config complexity?
This article reviews various config languages (HCL, Jsonnet, etc.). It concludes that they offer some benefits but are ultimately micro-optimizations that don't solve the core IaC challenges.
GKE Cost Cutting — Three Key Lookout Points to View Your Potential Savings
Olive Power
Optimize GKE expenses by analyzing cluster costs, identifying at-risk workloads, and rightsizing resources using Google's built-in tools to reduce infrastructure spending by up to 50%.
Articles worth checking out:
Join the next Advanced Kubernetes course
Join Learnk8s' 4-day Advanced Kubernetes workshop next week!
Get your hands dirty with Kubernetes and learn what makes Kubernetes tick in a session packed with hands-on labs!
Tutorials
Track privilege escalations with eBPF
Chris Chinchilla
This guide shows how to detect Kubernetes runtime threats (e.g. sudo misuse, suspicious file access) using Falco + eBPF, forward logs with Fluent Bit, and route them to Parseable log streams like
falcowarnorfalconotice.\Why every platform engineer should care about Kubernetes operators
Engin Diri
This tutorial explains how kubernetes operators extend controllers with CRDs to automate complex app lifecycles.
They manage deployments, upgrades, backups, and recovery, embedding domain-specific logic for self-managing systems.
Optimizing Kubernetes Resource Allocation with Robusta-KRR
Timothy
This article demonstrates how Robusta KRR analyzes pod CPU and memory usage, then recommends optimized resource requests and limits.
Learn how to reduce overprovisioning and lower costs using automated metrics-based tuning in Kubernetes.
Demystifying Swap in Kubernetes: A Handbook for DevOps Engineers
Robert Botez
Kubernetes 1.28+ allows controlled swap via
LimitedSwapfor Burstable pods, avoiding OOMs during memory spikes.This guide shows how to set up swap files, enable Kubelet config flags, and test behavior.
Argo Rollouts — Canary Deployment with Istio
Chuk-Munn Lee
This article demonstrates how Argo Rollouts leverages Istio’s traffic routing—via VirtualService and DestinationRule—to enable advanced canary strategies: by percentage, HTTP header, and request mirroring.
Kubernetes jobs
Software Engineer with Hootsuite
Salary: CA$98.4K to CA$137.8K a year
Location: remote from Canada
Tech stack: Kubernetes, Docker, Go, Javascript, Scala, PHP, Typescript, Redis, MySQL, Kafka
Data Engineer with Chartbeat
Salary: $128K to $147K a year
Location: remote from the United States
Tech stack: Kubernetes, Python, PostgreSQL, Snowflake, Kafka
Software Engineer with NVIDIA
Salary: $148K to $276K a year
Location: remote from the United States
Tech stack: Kubernetes, Shell, Python, Ansible, Puppet
Solution Architect with NVIDIA
Salary: $148K to $235.75K a year
Location: based in the office (and remote from home) in Santa Clara, CA / NC / TX / CO / WA, USA
Tech stack: Kubernetes, Data center, Docker, C++, C
Platform Engineer with Handshake
Salary: $180K to $220K a year
Location: remote from the United States
Tech stack: Kubernetes, AWS, GCP, ArgoCD, Java, Elastic Search, Terraform, Datadog, OTEL, Istio
Discover more Kubernetes jobs on Kube Careers →
Code & tools
dynup
kpatch enables runtime kernel function patching by injecting precompiled replacement functions directly into the live kernel.
It's built on the
CONFIG_LIVEPATCHinfrastructure and usesftraceto reroute function calls at runtime.Kubernetes Security Cheatsheet Diagram: A Visual Map of On-Prem Cluster Security Controls
lars-solberg
This diagram maps core Kubernetes security concepts—from RBAC, PodSecurity, and audit logging to container isolation—helping teams visualize enforcement points.
Built by Telenor for on-prem clusters, it’s ideal for threat modelling or reviews.
KWOK (Kubernetes-WithOut-Kubelet) is a toolkit that enables setting up a cluster of thousands of nodes in seconds.
Under the scene, all Nodes are simulated to behave like real ones, so the overall approach employs a pretty low resource footprint.
git-sync is a simple command that pulls a git repository into a local directory.
It is a perfect "sidecar" container in Kubernetes - it can periodically pull files down from a repository so that an application can consume them.
Talos is a modern Linux distribution for running Kubernetes: secure, immutable, and minimal.
Talos is fully open-source & production-ready.
All system management is done via an API - no shell or interactive console exists.
Other interesting projects:
Upcoming Kubernetes events
Jun
26
Online workshop organized by Learnk8s.
This is a virtual event
This event requires an entrance fee
Jun
24
In-person conference organized by Cloud Native Days Italy.
Location: Bologna, IT
This event requires an entrance fee
Use community-kube-event-earlybird to get a discounted ticket
Jun
19
Let the Algorithms Decide: Smart Kubernetes Resource Management
Online webinar organized by Learnk8s.
This is a virtual event
This is a free event.
Jun
18
One year in production with CloudNativePG and ZFS on the cheapest Kubernetes cluster we could find
Online meetup organized by Data on Kubernetes Community.
This is a virtual event
This is a free event.
Jun
19
Yoke an Adventure into Code-First Kubernetes Resource Management
In-person meetup organized by Cloud Native Toronto.
Location: Toronerto, CA
This is a free event.
Discover more Kubernetes events on Kube Events →
Kubernetes Call for Papers
5
days
Kubernetes Community Days Porto 2025
The Call For Paper is open until 30 June 2025 at UTC. More info →
Location: Porto, PT
In-person conference organized by KCD Porto.
The conference starts on the 4 November 2025.
- Apply here
41
days
Kubernetes Community Days Sri Lanka 2025
The Call For Paper is open until 4 August 2025 at UTC. More info →
Location: Colombo, LK
In-person conference organized by KCD Sri Lanka.
The conference starts on the 26 October 2025.
- Apply here
39
days
The Call For Paper is open until 3 August 2025 at UTC. More info →
Location: Austin, TX, USA
In-person conference organized by TXLF.
The conference starts on the 4 October 2025.
- Apply here
40
days
The Call For Paper is open until 4 August 2025 at UTC. More info →
Location: Tokyo, JP
In-person conference organized by Linux Foundation.
The conference starts on the 10 December 2025.
- Apply here
3
days
The Call For Paper is open until 28 June 2025 at UTC. More info →
Location: Lima, PE
In-person conference organized by Devopsdays.
The conference starts on the 20 August 2025.
- Apply here
53
days
The Call For Paper is open until 16 August 2025 at UTC. More info →
Location: Detroit, MI, USA
In-person conference organized by Devopsdays.
The conference starts on the 22 October 2025.
- Apply here
expired
The Call For Paper was open until 23 June 2025 at UTC. More info →
Location: Philadelphia, PA, USA
In-person conference organized by Devopsdays.
The conference starts on the 30 September 2025.
- Apply here
36
days
The Call For Paper is open until 31 July 2025 at UTC. More info →
Location: San José, CR
In-person conference organized by DC11506.
The conference starts on the 19 October 2025.
- Apply here
83
days
The Call For Paper is open until 16 September 2025 at UTC. More info →
Location: Bogotá, CO
In-person conference organized by Devopsdays.
The conference starts on the 14 October 2025.
- Apply here
Until next time!
— Dan
Subscribe and, every Wednesday, receive the latest Kubernetes news!