Hacker News with Generative AI: Kubernetes

Running WebAssembly with containerd, crun, and WasmEdge on Kubernetes (ycombinator.com)
I recently wrote a blog walking through how to run WebAssembly (WASM) containers using containerd, crun, and WasmEdge inside a local Kubernetes cluster.
Getting forked by Microsoft (philiplaine.com)
Three years ago, I was part of a team responsible for developing and maintaining Kubernetes clusters for end user customers.
Show HN: Kforward – Lightweight K8s proxy for local dev (github.com/sanspareilsmyn)
kforward is a lightweight, simple CLI tool designed to streamline local development for applications interacting with Kubernetes services.
EKS Auto Mode: Simplify Kubernetes Operations (spacelift.io)
Kubernetes has revolutionized container orchestration, but managing production-grade clusters can be complex and time-consuming. Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that simplifies running containerized applications on AWS. It eliminates the need for users to operate their own Kubernetes control plane.
Container CPU requests and limits explained with GOMAXPROCS tuning (victoriametrics.com)
In this article, we’re going to cover a few things that might’ve puzzled you if you’ve been running your applications, especially Go applications, in Kubernetes:
Raspberry Pi cluster spotted inside $6k audio processor (jeffgeerling.com)
People often ask me whether Pi clusters are useful besides just tinkering. I've built my fair share, including my most recent 'Lamp Rack' Kubernetes-in-a-Lamp cluster.
Show HN: Koreo – A platform engineering toolkit for Kubernetes (koreo.dev)
Koreo is a new approach to Kubernetes configuration management and resource orchestration empowering developers through programmable workflows and structured data
Stop Treating YAML Like a String (theyamlengineer.com)
Koreo is a data structure orchestration engine. Although it's primarily designed for Kubernetes resource orchestration, Koreo's core functionality can orchestrate and manage virtually any structured data. What Koreo provides today, however, is a new approach to Kubernetes configuration management empowering developers and platform teams through programmable workflows. This approach draws upon the strengths of existing tools like Helm, Kustomize, and Crossplane while addressing some of their limitations.
A Comparative Analysis of K3s, MicroK8s, and Alternatives (htdocs.dev)
In the evolving landscape of container orchestration, small businesses leveraging Hetzner Cloud face critical decisions when selecting a Kubernetes deployment strategy.
Nelm, a Helm 3 alternative, is generally available now (github.com/werf)
Kai Scheduler: Kubernetes Native scheduler for AI workloads at large scale (github.com/NVIDIA)
KAI Scheduler is a robust, efficient, and scalable Kubernetes scheduler that optimizes GPU resource allocation for AI and machine learning workloads.
Building a Firecracker-Powered Course Platform to Learn Docker and Kubernetes (iximiuz.com)
This is a long overdue post on iximiuz Labs' internal kitchen. It'll cover why I decided to build my own learning-by-doing platform for DevOps, SRE, and Platform engineers, how I designed it, what technology stack chose, and how various components of the platform were implemented.
Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX (wiz.io)
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover.  This attack vector has been assigned a CVSS v3.1 base score of 9.8. 
RCE Vulnerabilities in K8s Ingress Nginx (9.8 CVE for ingress-Nginx) (wiz.io)
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover.  This attack vector has been assigned a CVSS v3.1 base score of 9.8.
Multiple vulnerabilities in ingress-Nginx (Score 9.8) (groups.google.com)
Multiple issues have been discovered in ingress-nginx that can result in arbitrary code execution in the context of the ingress-nginx controller.
Understanding DNS Resolution on Linux and Kubernetes (jpetazzo.github.io)
I recently investigated a warning message on Kubernetes that said: DNSConfigForming ... Nameserver limits were exceeded, some nameservers have been omitted. This was technically a Kubernetes event with type: Warning, and these usually indicate that there’s something wrong, so I wanted to investigate it.
Show HN: K8sel – interactive (fzf) filter for K8s YAML (github.com/jonesalk)
Google Cloud, Azure and AWS "collaborating" on a new OSS project (cloud.google.com)
We are thrilled to announce the collaboration between Google Cloud, AWS, and Azure on Kube Resource Orchestrator, or kro (pronounced “crow”). kro introduces a Kubernetes-native, cloud-agnostic way to define groupings of Kubernetes resources. With kro, you can group your applications and their dependencies as a single resource that can be easily consumed by end users.
Migrating from AWS to a European Cloud – How We Cut Costs by 62% (hopsworks.ai)
In Q4 2024, we completed the migration from AWS, seamlessly transitioning thousands of users to a resilient Kubernetes-based infrastructure on OVHCloud.
xlskubectl – a spreadsheet to control your Kubernetes cluster (github.com/learnk8s)
xlskubectl integrates Google Spreadsheet with Kubernetes.
Zero-Downtime Kubernetes Deployments on AWS with EKS (glasskube.dev)
I am Jakob—an engineer working at Glasskube, which helps companies distribute their application to customer-controlled environments. We build an Open Source Software Distribution platform called Distr (github.com/glasskube/distr), the hosted version of which is running on AWS EKS.
Kubernetes Home – what do you do if your ISP changes your IP addresses? (priv.no)
In my last blog post I described external-DNS, which is a way to have Kubernetes create and update DNS entries for its services. But as I mentioned, it got me thinking a bit on ways to extend this concept to handle other external aspects of my Kubernetes environment.
Nvidia GPU on bare metal NixOS Kubernetes cluster explained (fangpenlin.com)
Since the last time I published the second MAZE (Massive Argumented Zonal Environments) article, I realized that the framework is getting more mature, but I need a solution to run it on a large scale.
Yoke: Infrastructure as code, but actually (xeiaso.net)
Yoke is a project that takes this basic idea to the next level. With Yoke, you write your infrastructure definitions in Go or Rust, compile it to WebAssembly, and then you take input and output Kubernetes manifests that get applied to the cluster.
Show HN: Grogg – Manage Multiple Kubernetes Clusters in VSCode (grogg.app)
The Kubernetes Mirage: When Scaling Up Becomes Your Greatest Downfall (medium.com)
It’s 3 AM when your phone erupts. Production is down. Your “fault-tolerant” Kubernetes cluster has become a digital Ouija board — pods vanishing, nodes collapsing, logs whispering nonsense. By sunrise, you’ve burned a lifetime supply of cloud credits and aged three years. Welcome to the Kubernetes paradox: the tool meant to save you now owns you.
Skill Path to Run Any Databases on Kubernetes (iximiuz.com)
Master database management on Kubernetes with Get Started with KubeBlocks! This skill path guides you through five tutorials—from setup to auto-tuning—showing how KubeBlocks runs any database with ease and production-grade power. Learn to deploy, upgrade, back up, monitor, and optimize databases, aligned with Operator Capability levels. By the end, you’ll wield KubeBlocks to streamline operations and boost performance. Let’s get started!
Replace Docker Compose with Quadlet and Systemd (matduggan.com)
So for years I've used Docker Compose as my stepping stone to k8s. If the project is small, or mostly for my own consumption OR if the business requirements don't really support the complexity of k8s, I use Compose.
KubeVPN: Revolutionizing Kubernetes Local Development (github.com/kubenetworks)
KubeVPN offers a Cloud-Native Dev Environment that seamlessly connects to your Kubernetes cluster network.
AWS paywalling select knowledge base articles, requiring Premium Support plan (repost.aws)
I use kubectl commands to connect to the Amazon Elastic Kubernetes Service (Amazon EKS) API server. I received the message "error: You must be logged in to the server (Unauthorized)".