Learn Kubernetes Weekly issue 149

More DevOps Than I Bargained for, MariaDB Cluster on a $150 cluster, Ceph on NVMe, Egress with Istio, Break out of the Python Sandbox

17 Sept 2025

This newsletter is brought to you by Tigera, the Creators of Project Calico — Learn how Calico uses eBPF for high performance, low latency, & enhanced networking

Articles

1. More devops than I bargained for

   Amos Wenger

   A simple server migration from x86 to ARM64 spiraled into a full Kubernetes debugging saga.

   That familiar 'this should be simple' turning into 'why am I debugging IPv6 routing at 4 AM?' experience.

2. Is It Time to Migrate? A Practical Look at Kubernetes Ingress vs. Gateway API

   Tired of brittle Ingress setups? Learn how the Envoy-based Calico Ingress Gateway (v3.30) leverages the Kubernetes Gateway API for standardized, secure, TLS-automated ingress, eliminating vendor-specific annotations.

   sponsored

3. Testing to See if You Can Run a MariaDB Cluster on a $150 Kubernetes Lab

   Alejandro Duarte

   This article experiments with running a MariaDB Galera cluster on a $150 Kubernetes lab built from Orange Pi boards.

   It details installing K3s, deploying the MariaDB Kubernetes Operator, tuning resource limits for small SBCs.

4. Ceph on NVMe Made No Sense to Us—So We Built a 40x Better Alternative

   Chris Engelbert

   This article benchmarks Simplyblock vs Ceph on NVMe infrastructure, showing that Simplyblock delivers over 4× higher IOPS with only ~25% of Ceph’s NVMe drives.

5. Observing Egress Traffic with Istio

   Kai Burjack

   This article explains how to configure Istio to observe encrypted and unencrypted egress traffic in Kubernetes using TLS termination, origination, and certificate management.

6. Trying to break out of the Python REPL sandbox in a Kubernetes environment: a practical journey

   Nazarii Zavada

   This article demonstrates a breakout of the Python REPL sandbox in Kubernetes, bypassing container restrictions by leveraging object subclasses and global functions.

Articles worth checking out:

• How We Cut Our Azure Cloud Costs by 3×

• Kubernetes 1.33: Resizing Pods Without the Drama (Finally!)

• Mastering Kubernetes Security: A Deep Dive into SecurityContext

• How to run AI model inference with GPUs on Amazon EKS Auto Mode

Secure Kubernetes Traffic the Easy Way

No more vendor-specific annotations!

Discover how Calico Ingress Gateway brings consistency, automation, and stronger security to Kubernetes ingress.

→ Secure your traffic

Tutorials

1. A Hands-on Guide to Kubernetes Observability with Whisker

   In this interactive lab, you will learn how to quickly spot network policy issues and troubleshoot easily, using Whisker, an open source observability tool.

   sponsored

2. AI-Assisted GitOps with Flux MCP Server

   Stefan Prodan

   This tutorial teaches how to use the Flux MCP Server to connect AI assistants to Kubernetes, using natural language to manage and troubleshoot GitOps pipelines.

3. Mastering Kubernetes StatefulSets: Expanding PVCs Without Downtime or GitOps Drift

   Trayan Simeonov

   This tutorial teaches how to expand PVCs for StatefulSets without downtime and resolve ArgoCD sync errors by manually editing PVCs and using cascade orphan deletion.

4. Cost-optimized ml on production: autoscaling GPU nodes on Kubernetes to zero using keda

   CodeLink

   This tutorial teaches how to reduce ML deployment costs using Kubernetes and KEDA to autoscale GPU nodes from zero based on message queue length.

Kubernetes jobs

1. • 🔥 Platform Engineer with Informatik Aargau

   • Salary: CHF 103.48K to CHF 144.87K a year

   • Location: based in the office (and remote from home) in Switzerland

   • Tech stack: Kubernetes, Terraform, Gitlab, Grafana, Prometheus, Loki

2. • 🔥 Software Engineer with Sumo Logic

   • Salary: ₹41L to ₹62L a year

   • Location: based in the office (and remote from home) in Delhi / Noida / Bangalore

   • Tech stack: Kubernetes, Helm, Docker, Go, Java, Scala, C++, Terraform, GitHub Actions, OTEL

3. • Site Reliability Engineer with Multi Media LLC

   • Salary: $161K to $180K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, Data center, Helm, ArgoCD, Docker, Go, Shell, Python, Java, Rust

4. • Platform Engineer with Defense Unicorns

   • Salary: $148.75K to $201.25K a year

   • Location: remote from the United States

   • Tech stack: Kubernetes, Bare-metal, AWS, Azure, GCP, On-premise, Kustomize, Helm, Go, Shell

5. • DevOps Engineer with Veri MedTech Holdings

   • Salary: $80K to $90K a year

   • Location: based in the office (and remote from home) in Denver, CO, USA

   • Tech stack: Kubernetes, AWS, Azure, GCP, Docker, PHP, MySQL, Terraform, Cloudformation, Jenkins

Discover more Kubernetes jobs on Kube Careers →

Code & tools

1. HAMi – Heterogeneous AI Computing Virtualization Middleware

   Project-HAMi

   HAMi enables sharing and isolation of heterogeneous AI computing devices (GPU, NPU, MLU, etc.) in Kubernetes.

   It provides device virtualization, topology-aware scheduling, and resource isolation via a unified Kubernetes-native middleware.

2. CRIU: Checkpoint and Restore in Userspace for Linux Processes

   checkpoint-restore

   CRIU allows freezing and restoring live Linux processes or containers by dumping their runtime state to disk and rehydrating them later.

   It supports socket state, memory, file descriptors, and namespaces and integrates with Docker, LXC, and OpenVZ.

3. Awesome Kubernetes Architecture Diagrams – Tools and Frameworks for Visualizing K8s

   philippemerle

   This repo contains 20+ tools that auto-generate Kubernetes architecture diagrams from manifests, Helm charts, or cluster state.

4. Smesh: Lightweight Kubernetes-Integrated Sidecar Mesh Without Proxies

   thebsdbox

   smesh is a proof-of-concept service mesh for Kubernetes that utilizes eBPF to intercept and redirect pod traffic to a sidecar proxy.

5. Kubernetes Copilot

   feiskyer

   kube-copilot diagnoses pod issues and audits pod security with Trivy.

   It generates manifests from prompts, analyzes resource health, and executes kubectl tasks via LLMs.

Other interesting projects:

• Mantis: AI-first alternative to Helm

• Kubetail

• k8sgpt: Kubernetes analyzer

• kubeseal-convert

• kps-zeroexposure – Secure Prometheus Agent for Kube-Prometheus-Stack

• Grafana k8s-monitoring-helm: Scalable Observability Stack for Kubernetes

• OCI Registry As Storage (ORAS)

• K8z: the Kubernetes manager

Upcoming Kubernetes events

1. Sept

   18

   Kubernetes Community Days Sofia 2025

   In-person conference organized by KCD Sofia.

   • Location: Sofia, BG

   • This event requires an entrance fee

2. Sept

   18

   Advanced Kubernetes course

   Online workshop organized by Learnk8s.

   • This is a virtual event

   • This event requires an entrance fee

3. Sept

   20

   Kubernetes Community Days El Salvador

   In-person conference organized by KCD El Salvador.

   • Location: San Salvador, SV

   • This event requires an entrance fee

   • • Use KUBE10 to get 10% off

4. Sept

   23

   KubeCrash

   Online conference organized by KubeCrash.

   • This is a virtual event

   • This is a free event.

5. Sept

   17

   JVM, Kubernetes and High Load: A Criminal Case

   In-person meetup organized by tech&talk Frankfurt.

   • Location: Frankfurt am Main, DE

   • This is a free event.

Discover more Kubernetes events on Kube Events →

Kubernetes Call for Papers

1. 17

   days

   KubeCon + CloudNativeCon Europe 2026

   The Call For Paper is open until 12 October 2025 at UTC. More info →

   • Location: Amsterdam, NL

   • In-person conference organized by Linux Foundation.

   • The conference starts on the 23 March 2026.

   • Apply here

2. expired

   KCD Hangzhou + OpenInfra China Day 2025

   The Call For Paper was open until 21 September 2025 at UTC. More info →

   • Location: Hangzhou, CN

   • In-person conference organized by KCD Hangzhou.

   • The conference starts on the 15 November 2025.

   • Apply here

3. 38

   days

   Devopsdays Los Angeles

   The Call For Paper is open until 2 November 2025 at UTC. More info →

   • Location: Los Angeles, CA, USA

   • In-person conference organized by Devopsdays.

   • The conference starts on the 7 March 2025.

   • Apply here

4. 6

   days

   Devopsdays Wollongong

   The Call For Paper is open until 1 October 2025 at UTC. More info →

   • Location: Wollongong, AU

   • In-person conference organized by Devopsdays.

   • The conference starts on the 26 November 2025.

   • Apply here

5. 35

   days

   Devopsdays Porto Alegre

   The Call For Paper is open until 31 October 2025 at UTC. More info →

   • Location: Porto Alegre, BR

   • In-person conference organized by Devopsdays.

   • The conference starts on the 29 November 2025.

   • Apply here

6. 5

   days

   Devopsdays Recife

   The Call For Paper is open until 30 September 2025 at UTC. More info →

   • Location: Recife, BR

   • In-person conference organized by Devopsdays.

   • The conference starts on the 13 December 2025.

   • Apply here

7. expired

   Devopsdays Garanhuns

   The Call For Paper was open until 20 September 2025 at UTC. More info →

   • Location: Garanhuns, BR

   • In-person conference organized by Devopsdays.

   • The conference starts on the 20 October 2025.

   • Apply here

8. expired

   Africa DevOps Summit 2.0

   The Call For Paper was open until 20 September 2025 at UTC. More info →

   • Location: Nairobi, KE

   • In-person conference organized by Africa DevOps Summit.

   • The conference starts on the 1 November 2025.

   • Apply here

9. 4

   days

   Devopsdays Florianópolis

   The Call For Paper is open until 30 September 2025 at UTC. More info →

   • Location: Florianópolis, BR

   • In-person conference organized by Devopsdays.

   • The conference starts on the 6 December 2025.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Kubernetes news!