The Kubernetes Gateway API leveled up - unifying North-South, East-West, and egress traffic with standard CRDs likeGRPCRoute,HTTPRoute, andReferenceGrant. In a Linkerd world, that means clean, declarative canary releases, granular egress control to outside APIs (say, Mistral AI), and clearer lines b.. read more  

Running RKE2 with Cilium and MetalLB in a lightweight Podman VM on macOS enables experimentation with Kubernetes. Unique network challenges require SSH port forwarding for service exposure... read more  

Seven ways folks trip over Kubernetes - each more avoidable than the last. Top offenses: skippingresource requests/limits, forgettinghealth probes, trustingephemeral logsthat vanish when you need them. Reusing configs across dev and prod? Still a bad idea. Pushing off observability until it’s on fir.. read more  

The Kubernetes Policy Working Group got busy turning good intentions into real specs. They rolled out thePolicy Reports API, dropped best-practice docs worth reading, and helped steerValidatingAdmissionPolicyandMutatingAdmissionPolicytoward GA. Their work pulled inSIG Auth,SIG Security, and anyone e.. read more  

Bare-metal Kubernetes just got a cloud-style glow-up. By wiring upMetalLBin layer2 mode with theNGINX ingress controller, the setup exposesLoadBalancer-typeservices—no cloud provider in sight. MetalLB dishes out static, LAN-routable IPs. NGINX funnels external traffic to internalClusterIPservices th.. read more  

DoubleVerify built a traffic replay tool that actually scales. It runs onPekko StreamsandPekko Cluster, pumping real production-like traffic into non-prod setups. Throttlenails the RPS with precision for functional tests.Distributed datasyncs stressful loads across cluster nodes without breaking a s.. read more  

AWS shows how to wire upArgo CDwithAWS Controllers for Kubernetes (ACK)to automateEKS Pod Identityfor IAM roles - GitOps-style. The catch? The Pod Identity API has a lag. So they bolt on apre-deployment validation jobto wait-and-confirm that the IAM role's actually bound before app pods come online... read more  

Pushing Kubernetes to 1M nodes isn’t just hardware—it's architectural judo. Networking flips to exclusive IPv6.Less chatter, more breathing room. etcd hits a wall.Write throughput stalls at scale, so they swap it out. Entermem_etcd, a Rust-built replacement pushing over 1M buffered writes per second.. read more  

Docker droppedBuildx debuggingfor VS Code. Set breakpoints in your Dockerfiles. Peek into image layers. Even jump into an interactive shell mid-build. It runs on theDebug Adapter Protocol, so editors likeNeovimandJetBrains IDEscan join the party too... read more  

Docker just wired anAI guardrailstraight into its Hardened Image (DHI) pipeline. It scans upstream diffs, catches regressions before they ship, and stops bad logic in its tracks. Case in point: it flagged a logic bug that slipped past the usual coding copilots. A real fix landed upstream. Win for cu.. read more