Learn Kubernetes Weekly issue 144

Can we replace Helm?, Smarter with Karpenter, Saved 80% on Observability Bill, Hot-Patching Pods in Kubernetes 1.33, ECR to OCIR

13 Aug 2025

Sponsored by Testkube, because if your app is Kubernetes-native, your testing should be too. Run any kind of test automation with the help of the platform built for it. Learn more

Articles

1. Modern Kubernetes: can we replace Helm?

   David Desmarais-Michaud

   This post explores how Yoke is trying to do the impossible: introducing a complete alternative to Helm Charts, while bringing Helm along for the ride.

2. When to Adopt Kubernetes: The "Pay Now or Pay Later" Dilemma

   Should you adopt Kubernetes now or later?

   This guide breaks down the hidden costs, strategic tradeoffs, and timing considerations for startups, scaleups, and enterprises, plus a decision framework to help your team adopt Kubernetes wisely.

   sponsored

3. How We Saved 80% on Our Observability Bill!

   Bruno Teixeira

   This post reverse-engineers an 80% cost reduction across a Kubernetes observability stack by replacing Prometheus/Thanos with VictoriaMetrics, enforcing OTEL standards, right-sizing workloads via VPA and bin-packing via MostAllocated.

4. Offensive Container Security: Techniques, Misconfigurations, and Attack Paths

   Rushikesh Patil

   This article explains how to use offensive container security techniques for Docker and Kubernetes, covering misconfigurations, attack paths, and defenses.

5. Scaling Kubernetes Smarter with Karpenter

   Freshworks Engineering

   This case study shows how Freshworks optimized Kubernetes scaling using Karpenter with real workload scenarios for cost and performance improvements.

   It covers testing Karpenter response to EC2 spot interruptions and high pod/node counts.

6. What to do when Pods are partying too hard for a node

   Jeremy Castle

   Prevent Kubernetes evictions by setting resource requests/limits and understanding QoS.

   Learn how to isolate critical workloads, monitor resource usage, and use quotas to avoid memory overcommitment and ensure stability.

Articles worth checking out:

• ECR to OCIR: Event-driven Docker Image Updates

• Why Kube-State-Metrics Matters for Kubernetes Observability

• Hot-Patching Pods in Kubernetes 1.33: What Breaks, What Works, and How We're Making It Usable

Empowering teams to scale Test Automation

Don't let testing slow down your launch velocity.

Break free from CI/CD.

Testkube scales any type of automated testing for Developers, Testers, DevOps, and Platform teams.

→ Learn more

Tutorials

1. Cost-optimized ML on production: autoscaling GPU nodes on Kubernetes to zero using KEDA

   CodeLink

   This tutorial teaches how to reduce ML deployment costs using Kubernetes and KEDA to autoscale GPU nodes from zero based on message queue length.

2. Unify testing across Dev, QA, and SRE with a Kubernetes-native orchestration platform

   The Aspen Group unified QA, Dev, and SRE teams, replacing manual workflows with a scalable, Kubernetes-native testing platform.

   Now, testing is automated, versioned, and shared, powering faster releases and stronger cross-team collaboration.

   sponsored

3. Service Mesh Explained: Building a Proxy Injector in Rust

   Lorenzo Tettamanti

   This tutorial demonstrates how to build a Kubernetes mutating webhook in Rust using Axum and Rustls.

   It creates an HTTP server that processes AdmissionReview requests and injects a sidecar proxy via JSONPatch.

4. Using Kubernetes Secrets Store CSI Driver with HashiCorp Vault

   Yash Patil

   This guide will teach you how to integrate HashiCorp Vault with Kubernetes Secrets CSI Driver, configure Kubernetes authentication, and create SecretProviderClass resources for secure secret management.

Kubernetes jobs

1. • Site Reliability Engineer with xAI

   • Salary: $180K to $440K a year

   • Location: based in the office in Palo Alto, CA, USA

   • Tech stack: Kubernetes, On-premise, ArgoCD, Terraform, Pulumi, Grafana, Prometheus

2. • Engineering Manager with Robinhood

   • Salary: $179K to $210K a year

   • Location: based in the office in Toronto, ON, CA

   • Tech stack: Kubernetes, AWS, Terraform, Istio

3. • Infrastructure Architect with GitLab

   • Salary: $157.9K to $236.9K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, On-premise, ArgoCD, Docker, Go, Python, Ruby, PostgreSQL, Airflow, Gitlab

4. • Data Engineer with MediaRadar

   • Salary: $130K to $160K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, Azure, Docker, Python, SQL, Spark, Azure DevOps

5. • DevOps Engineer with CrowdStrike, Inc.

   • Salary: $125K to $190K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, AWS, Azure, GCP, On-premise, Helm, Docker, Go, Shell, Python

Discover more Kubernetes jobs on Kube Careers →

Code & tools

1. Kubernetes Resource Recommender

   Kubernetes Resource Recommender is a CLI tool for optimizing resource allocation in Kubernetes clusters.

   It gathers pod usage data from Prometheus and recommends requests and limits for CPU and memory.

   This reduces costs and improves performance.

2. Kubernetes Controller Sharding

   timebertt

   Kubernetes Controller Sharding introduces a generic mechanism for distributing reconciliation tasks across multiple active controller instances, reducing watch-cache load through distinct sharding and labeling.

3. Opsmate: LLM copilot

   jingkaihe

   Opsmate's SRE-powered LLM copilot helps users troubleshoot production issues using natural language commands.

4. Smesh: Lightweight Kubernetes-Integrated Sidecar Mesh Without Proxies

   thebsdbox

   smesh is a proof-of-concept service mesh for Kubernetes that utilizes eBPF to intercept and redirect pod traffic to a sidecar proxy.

5. Reloader: controller to watch changes and restart

   Reloader is a Kubernetes controller that monitors changes in ConfigMap and Secrets and triggers rolling upgrades on Pods with their associated Deployment, StatefulSet or DaemonSet.

Other interesting projects:

• Kwatcher: config watcher

• Ctrlplane: deployment orchestration tool

• k8sgpt: Kubernetes analyzer

• argoproj-labs/argocd-vault-plugin

• kube-advisor: Real-Time Kubernetes Best Practices Scanner

• Blixt: Experimental Rust-Based eBPF Load Balancer

• kubean-io/kubean

• LoxiLB: eBPF-Based Cloud-Native Load Balancer for Kubernetes

• kvaps/kubectl-node-shell

Upcoming Kubernetes events

1. Aug

   13

   Devopsdays Kansas City

   In-person conference organized by Devopsdays.

   • Location: Kansas City, MO, USA

   • This event requires an entrance fee

2. Aug

   14

   Kubernetes Community Days Nigeria 2025

   In-person conference organized by KCD Nigeria.

   • Location: Lagos, NG

   • This is a free event.

3. Aug

   16

   Devopsdays Rio de Janeiro

   In-person conference organized by Devopsdays.

   • Location: Rio de Janeiro, BR

   • This event requires an entrance fee

4. Aug

   17

   Kubernetes in Production: What They Don’t Tell You

   Online meetup organized by CoderRange.

   • This is a virtual event

   • This is a free event.

5. Aug

   20

   Devopsdays Lima

   In-person conference organized by Devopsdays.

   • Location: Lima, PE

   • This event requires an entrance fee

6. Sept

   18

   Advanced Kubernetes course

   Online workshop organized by Learnk8s.

   • This is a virtual event

   • This event requires an entrance fee

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

1. 18

   days

   Kubernetes Community Days Suisse Romande

   The Call For Paper is open until 1 September 2025 at UTC. More info →

   • Location: Geneva, CH

   • In-person conference organized by KCD Suisse Romande.

   • The conference starts on the 4 December 2025.

   • Apply here

2. 80

   days

   Devopsdays Los Angeles

   The Call For Paper is open until 2 November 2025 at UTC. More info →

   • Location: Los Angeles, CA, USA

   • In-person conference organized by Devopsdays.

   • The conference starts on the 7 March 2025.

   • Apply here

3. 2

   days

   Devopsdays Detroit

   The Call For Paper is open until 16 August 2025 at UTC. More info →

   • Location: Detroit, MI, USA

   • In-person conference organized by Devopsdays.

   • The conference starts on the 22 October 2025.

   • Apply here

4. 33

   days

   Devopsdays Bogotá

   The Call For Paper is open until 16 September 2025 at UTC. More info →

   • Location: Bogotá, CO

   • In-person conference organized by Devopsdays.

   • The conference starts on the 14 October 2025.

   • Apply here

5. 1

   days

   Devopsdays Ljubljana

   The Call For Paper is open until 14 August 2025 at UTC. More info →

   • Location: Ljubljana, SI

   • In-person conference organized by Devopsdays.

   • The conference starts on the 13 September 2025.

   • Apply here

6. 48

   days

   Devopsdays Wollongong

   The Call For Paper is open until 1 October 2025 at UTC. More info →

   • Location: Wollongong, AU

   • In-person conference organized by Devopsdays.

   • The conference starts on the 26 November 2025.

   • Apply here

7. 18

   days

   Open Source Observability Day 2025

   The Call For Paper is open until 1 September 2025 at UTC. More info →

   • This is a virtual event

   • Online conference organized by Open Source Observability Day.

   • The conference starts on the 23 October 2025.

   • Apply here

8. 31

   days

   Women in Tech Summit Kenya 2025

   The Call For Paper is open until 14 September 2025 at UTC. More info →

   • Location: Nairobi, KE

   • In-person conference organized by WIT.

   • The conference starts on the 22 November 2025.

   • Apply here

9. 78

   days

   Devopsdays Porto Alegre

   The Call For Paper is open until 31 October 2025 at UTC. More info →

   • Location: Porto Alegre, BR

   • In-person conference organized by Devopsdays.

   • The conference starts on the 29 November 2025.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!