Kai Scheduler: Kubernetes Native scheduler for AI workloads at large scale
(github.com/NVIDIA)
KAI Scheduler is a robust, efficient, and scalable Kubernetes scheduler that optimizes GPU resource allocation for AI and machine learning workloads.
KAI Scheduler is a robust, efficient, and scalable Kubernetes scheduler that optimizes GPU resource allocation for AI and machine learning workloads.
Building a Firecracker-Powered Course Platform to Learn Docker and Kubernetes
(iximiuz.com)
This is a long overdue post on iximiuz Labs' internal kitchen. It'll cover why I decided to build my own learning-by-doing platform for DevOps, SRE, and Platform engineers, how I designed it, what technology stack chose, and how various components of the platform were implemented.
This is a long overdue post on iximiuz Labs' internal kitchen. It'll cover why I decided to build my own learning-by-doing platform for DevOps, SRE, and Platform engineers, how I designed it, what technology stack chose, and how various components of the platform were implemented.
Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
(wiz.io)
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover. This attack vector has been assigned a CVSS v3.1 base score of 9.8.
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover. This attack vector has been assigned a CVSS v3.1 base score of 9.8.
RCE Vulnerabilities in K8s Ingress Nginx (9.8 CVE for ingress-Nginx)
(wiz.io)
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover. This attack vector has been assigned a CVSS v3.1 base score of 9.8.
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover. This attack vector has been assigned a CVSS v3.1 base score of 9.8.
Multiple vulnerabilities in ingress-Nginx (Score 9.8)
(groups.google.com)
Multiple issues have been discovered in ingress-nginx that can result in arbitrary code execution in the context of the ingress-nginx controller.
Multiple issues have been discovered in ingress-nginx that can result in arbitrary code execution in the context of the ingress-nginx controller.
Understanding DNS Resolution on Linux and Kubernetes
(jpetazzo.github.io)
I recently investigated a warning message on Kubernetes that said: DNSConfigForming ... Nameserver limits were exceeded, some nameservers have been omitted. This was technically a Kubernetes event with type: Warning, and these usually indicate that there’s something wrong, so I wanted to investigate it.
I recently investigated a warning message on Kubernetes that said: DNSConfigForming ... Nameserver limits were exceeded, some nameservers have been omitted. This was technically a Kubernetes event with type: Warning, and these usually indicate that there’s something wrong, so I wanted to investigate it.
Google Cloud, Azure and AWS "collaborating" on a new OSS project
(cloud.google.com)
We are thrilled to announce the collaboration between Google Cloud, AWS, and Azure on Kube Resource Orchestrator, or kro (pronounced “crow”). kro introduces a Kubernetes-native, cloud-agnostic way to define groupings of Kubernetes resources. With kro, you can group your applications and their dependencies as a single resource that can be easily consumed by end users.
We are thrilled to announce the collaboration between Google Cloud, AWS, and Azure on Kube Resource Orchestrator, or kro (pronounced “crow”). kro introduces a Kubernetes-native, cloud-agnostic way to define groupings of Kubernetes resources. With kro, you can group your applications and their dependencies as a single resource that can be easily consumed by end users.
Migrating from AWS to a European Cloud – How We Cut Costs by 62%
(hopsworks.ai)
In Q4 2024, we completed the migration from AWS, seamlessly transitioning thousands of users to a resilient Kubernetes-based infrastructure on OVHCloud.
In Q4 2024, we completed the migration from AWS, seamlessly transitioning thousands of users to a resilient Kubernetes-based infrastructure on OVHCloud.
xlskubectl – a spreadsheet to control your Kubernetes cluster
(github.com/learnk8s)
xlskubectl integrates Google Spreadsheet with Kubernetes.
xlskubectl integrates Google Spreadsheet with Kubernetes.
Zero-Downtime Kubernetes Deployments on AWS with EKS
(glasskube.dev)
I am Jakob—an engineer working at Glasskube, which helps companies distribute their application to customer-controlled environments. We build an Open Source Software Distribution platform called Distr (github.com/glasskube/distr), the hosted version of which is running on AWS EKS.
I am Jakob—an engineer working at Glasskube, which helps companies distribute their application to customer-controlled environments. We build an Open Source Software Distribution platform called Distr (github.com/glasskube/distr), the hosted version of which is running on AWS EKS.
Kubernetes Home – what do you do if your ISP changes your IP addresses?
(priv.no)
In my last blog post I described external-DNS, which is a way to have Kubernetes create and update DNS entries for its services. But as I mentioned, it got me thinking a bit on ways to extend this concept to handle other external aspects of my Kubernetes environment.
In my last blog post I described external-DNS, which is a way to have Kubernetes create and update DNS entries for its services. But as I mentioned, it got me thinking a bit on ways to extend this concept to handle other external aspects of my Kubernetes environment.
Nvidia GPU on bare metal NixOS Kubernetes cluster explained
(fangpenlin.com)
Since the last time I published the second MAZE (Massive Argumented Zonal Environments) article, I realized that the framework is getting more mature, but I need a solution to run it on a large scale.
Since the last time I published the second MAZE (Massive Argumented Zonal Environments) article, I realized that the framework is getting more mature, but I need a solution to run it on a large scale.
Yoke: Infrastructure as code, but actually
(xeiaso.net)
Yoke is a project that takes this basic idea to the next level. With Yoke, you write your infrastructure definitions in Go or Rust, compile it to WebAssembly, and then you take input and output Kubernetes manifests that get applied to the cluster.
Yoke is a project that takes this basic idea to the next level. With Yoke, you write your infrastructure definitions in Go or Rust, compile it to WebAssembly, and then you take input and output Kubernetes manifests that get applied to the cluster.
The Kubernetes Mirage: When Scaling Up Becomes Your Greatest Downfall
(medium.com)
It’s 3 AM when your phone erupts. Production is down. Your “fault-tolerant” Kubernetes cluster has become a digital Ouija board — pods vanishing, nodes collapsing, logs whispering nonsense. By sunrise, you’ve burned a lifetime supply of cloud credits and aged three years. Welcome to the Kubernetes paradox: the tool meant to save you now owns you.
It’s 3 AM when your phone erupts. Production is down. Your “fault-tolerant” Kubernetes cluster has become a digital Ouija board — pods vanishing, nodes collapsing, logs whispering nonsense. By sunrise, you’ve burned a lifetime supply of cloud credits and aged three years. Welcome to the Kubernetes paradox: the tool meant to save you now owns you.
Skill Path to Run Any Databases on Kubernetes
(iximiuz.com)
Master database management on Kubernetes with Get Started with KubeBlocks! This skill path guides you through five tutorials—from setup to auto-tuning—showing how KubeBlocks runs any database with ease and production-grade power. Learn to deploy, upgrade, back up, monitor, and optimize databases, aligned with Operator Capability levels. By the end, you’ll wield KubeBlocks to streamline operations and boost performance. Let’s get started!
Master database management on Kubernetes with Get Started with KubeBlocks! This skill path guides you through five tutorials—from setup to auto-tuning—showing how KubeBlocks runs any database with ease and production-grade power. Learn to deploy, upgrade, back up, monitor, and optimize databases, aligned with Operator Capability levels. By the end, you’ll wield KubeBlocks to streamline operations and boost performance. Let’s get started!
Replace Docker Compose with Quadlet and Systemd
(matduggan.com)
So for years I've used Docker Compose as my stepping stone to k8s. If the project is small, or mostly for my own consumption OR if the business requirements don't really support the complexity of k8s, I use Compose.
So for years I've used Docker Compose as my stepping stone to k8s. If the project is small, or mostly for my own consumption OR if the business requirements don't really support the complexity of k8s, I use Compose.
KubeVPN: Revolutionizing Kubernetes Local Development
(github.com/kubenetworks)
KubeVPN offers a Cloud-Native Dev Environment that seamlessly connects to your Kubernetes cluster network.
KubeVPN offers a Cloud-Native Dev Environment that seamlessly connects to your Kubernetes cluster network.
AWS paywalling select knowledge base articles, requiring Premium Support plan
(repost.aws)
I use kubectl commands to connect to the Amazon Elastic Kubernetes Service (Amazon EKS) API server. I received the message "error: You must be logged in to the server (Unauthorized)".
I use kubectl commands to connect to the Amazon Elastic Kubernetes Service (Amazon EKS) API server. I received the message "error: You must be logged in to the server (Unauthorized)".
What Comes After Kubernetes? (2023)
(mattrickard.com)
Few projects are ever “finished”, but the Kubernetes APIs have reached a steady state. Core APIs are well into v1 and the extensibility model (custom resource definitions) is stable.
Few projects are ever “finished”, but the Kubernetes APIs have reached a steady state. Core APIs are well into v1 and the extensibility model (custom resource definitions) is stable.
WASM-Native Orchestration
(wasmcloud.com)
wasmCloud is an open source project from the Cloud Native Computing Foundation (CNCF) that enables teams to build polyglot applications composed of reusable Wasm components and run them—resiliently and efficiently—across any cloud, Kubernetes, datacenter, or edge.
wasmCloud is an open source project from the Cloud Native Computing Foundation (CNCF) that enables teams to build polyglot applications composed of reusable Wasm components and run them—resiliently and efficiently—across any cloud, Kubernetes, datacenter, or edge.
Canonical announces 12 year Kubernetes LTS
(canonical.com)
Canonical’s Kubernetes LTS (Long Term Support) will support FedRAMP compliance and receive at least 12 years of committed security maintenance and enterprise support on bare metal, public clouds, OpenStack, Canonical MicroCloud and VMware.
Canonical’s Kubernetes LTS (Long Term Support) will support FedRAMP compliance and receive at least 12 years of committed security maintenance and enterprise support on bare metal, public clouds, OpenStack, Canonical MicroCloud and VMware.
Running ArchiveTeam's Warrior in Kubernetes
(gabrielsimmer.com)
The "officially endorsed" way of running the ArchiveTeam Warrior project is using one of the available appliance virtual machine images, which keeps itself up to date and "just works".
The "officially endorsed" way of running the ArchiveTeam Warrior project is using one of the available appliance virtual machine images, which keeps itself up to date and "just works".
Ask HN: Is software engineering just patching APIs and wrangling Kubernetes?
(ycombinator.com)
Does anyone else feel disillusioned with the modern software engineering job? It often feels like it's just stitching together APIs, wrestling with React state, and managing Kubernetes clusters rather than building something truly exciting.
Does anyone else feel disillusioned with the modern software engineering job? It often feels like it's just stitching together APIs, wrestling with React state, and managing Kubernetes clusters rather than building something truly exciting.
Has the Helm Killer Finally Arrived?
(tryparity.com)
The recent joint announcement of the open-source Kubernetes Resource Orchestrator (kro, pronounced “crow”) by AWS, Google Cloud, and Azure could represent the most significant shift in Kubernetes application and package management since Helm’s debut in 2016.
The recent joint announcement of the open-source Kubernetes Resource Orchestrator (kro, pronounced “crow”) by AWS, Google Cloud, and Azure could represent the most significant shift in Kubernetes application and package management since Helm’s debut in 2016.
Kubestatus: Open source tool to easily add status page to your K8s cluster
(github.com/soub4i)
Kubestatus is an free and open-source tool to easily add status page to your Kubernetes cluster that currently display the status (operational, degraded or DOWN) of services.It is written in Go and uses the Kubernetes API to fetch information about the clusters and resources checck the kubestatus-operand image.
Kubestatus is an free and open-source tool to easily add status page to your Kubernetes cluster that currently display the status (operational, degraded or DOWN) of services.It is written in Go and uses the Kubernetes API to fetch information about the clusters and resources checck the kubestatus-operand image.
So you wanna write Kubernetes controllers?
(ahmet.im)
Any company using Kubernetes eventually starts looking into developing their custom controllers. After all, what’s not to like about being able to provision resources with declarative configuration: Control loops are fun, and Kubebuilder makes it extremely easy to get started with writing Kubernetes controllers. Next thing you know, customers in production are relying on the buggy controller you developed without understanding how to design idiomatic APIs and building reliable controllers.
Any company using Kubernetes eventually starts looking into developing their custom controllers. After all, what’s not to like about being able to provision resources with declarative configuration: Control loops are fun, and Kubebuilder makes it extremely easy to get started with writing Kubernetes controllers. Next thing you know, customers in production are relying on the buggy controller you developed without understanding how to design idiomatic APIs and building reliable controllers.
Zork: The Great Inner Workings (2020)
(medium.com)
Roughly a year ago, during the summer of 2019, I got an idea. I was setting up a Kubernetes cluster, and as I usually do, I set up a mock web server using Nginx to test out Ingress, SSL, and domain settings. Then it hit me, wouldn’t it be great if instead of a boring webserver I would use a web game as my testing service and then leave it in the cluster as sort of a calling card.
Roughly a year ago, during the summer of 2019, I got an idea. I was setting up a Kubernetes cluster, and as I usually do, I set up a mock web server using Nginx to test out Ingress, SSL, and domain settings. Then it hit me, wouldn’t it be great if instead of a boring webserver I would use a web game as my testing service and then leave it in the cluster as sort of a calling card.