Kube Architect

Mike Stefaniak, Head of Product, Kubernetes and Registries at Amazon Web Services (AWS), tackles a fundamental platform engineering question: how much Kubernetes knowledge should developers actually have? Mike advocates for a "middle ground" approach where platform teams build abstractions, paved paths, and best practices without completely hiding that applications run on Kubernetes. He argues that complete abstraction is a mistake because it cuts developers off from the rich Kubernetes ecosystem. Watch the full interview: https://ku.bz/NH_jwkNcR This interview is a reaction to Andrew Jeffree's episode https://ku.bz/Xvyp1_Qcv

📣 New on LearnKube: "The mechanics of Kubernetes RBAC and how it connects users to permissions." Kubernetes RBAC can feel confusing because the object names sound broader than the scope they actually grant. A ClusterRole does not always mean cluster-wide access. If you bind a ClusterRole with a RoleBinding, the permissions apply only in the namespace where the RoleBinding lives. The article walks through: - Why direct user-to-permission mappings do not scale - how Roles and ClusterRoles group permissions into reusable sets - how RoleBindings and ClusterRoleBindings connect identities to permissions - How to test access with kubectl auth can-i Read the full guide: https://learnkube.com/rbac-kubernetes

Ryan Brainard, Software Engineering PMTS @ Heroku by Salesforce, explains how GitOps serves as a crucial source of truth and addresses the configuration drift problems his team experienced with Helm-based pipelines. Ryan emphasizes that they avoid manual changes entirely and treat clusters as cattle, not pets - making them completely disposable and enabling seamless upgrades. This approach leverages their immutable and ephemeral workloads to maintain consistency and eliminate configuration drift at scale. Watch the full interview: https://ku.bz/WY43k-PBd This interview is a reaction to Andrew Jeffree's episode https://ku.bz/Xvyp1_Qcv

Swimmer is a native desktop Kubernetes GUI built for multi-cluster workflows, letting you browse 27+ resource types, compare clusters in split panels, and run terminal sessions per cluster, built with Tauri and Rust. More: https://ku.bz/mFQXr4w0h

Percona vs MongoDB Community vs KubeDB vs Atlas — which operator should you run for MongoDB on Kubernetes? Full breakdown + architecture + PITR guide → https://ku.bz/2n-smMsxC

Kubernetes cost optimization starts with Node Autoscaler and proper resource sizing. Amin Astaneh shares strategies: dynamically size clusters with Node Autoscaler and ensure workloads fit within resource requests. The combination of autoscaling and proper sizing prevents wasted capacity and unnecessary costs. Watch the full interview: https://ku.bz/p1RNM5ldZ This interview is a reaction to Marc Campora's episode https://ku.bz/5gMTkzLhV

Dave Masselink, Software Engineer and Founder at Compute Gardener, explains how carbon awareness can be integrated into Kubernetes scheduling decisions through workload shifting strategies. He breaks down the concept of temporal shifting (moving workloads to cleaner times) and spatial shifting (moving workloads to cleaner locations), with his current focus on the time-based approach. Watch the full episode: https://ku.bz/zk2xM1lfW

This week on Learn Kubernetes Weekly 185: 🔥 A One-Line Kubernetes Fix That Saved 600 Hours a Year 🔐 Why Kubernetes Has No Login — And How We Solved It for AuditRadar ⚙️ Durable Workflows Beyond Vercel: Version-Safe Orchestration for Kubernetes 🧩 The Missing Layers in Your Kubernetes Operator 🚨 Why Your KServe InferenceService Won't Become Ready: Four Production Failures and Fixes Read it now: https://kube.today/issues/185 ⭐️ This issue is brought to you by Qodo, the AI code integrity platform helping teams review, test, and ship reliable infrastructure code faster https://ku.bz/NvLHsnl-6

"CPUs are not real metrics." Nicholas Eberts explains why CPU and memory are tough metrics for accurate saturation. When you're scaling with HPA, you want to actually utilize the resources you're paying for — but CPU doesn't tell you if your pod is truly saturated. The easy button? Requests per second. Or implement custom metrics and export them from your application. You'll get way more efficiency than CPU and memory will ever give you. Watch the full interview: https://ku.bz/jlDL5XzCd

Mac Chaffee explains the critical decision point where teams should reconsider adopting Kubernetes after initially rejecting it. He distinguishes between informed rejection - where teams understand both Kubernetes and their application needs - and uninformed rejection that creates significant risks. Mac emphasizes that teams who truly understand Kubernetes and consciously choose alternatives aren't constantly second-guessing their decision. However, teams that reject Kubernetes without understanding the problems it solves may discover they need auto-scaling, service discovery, or failover capabilities at the worst possible moment - like during Black Friday traffic spikes for e-commerce companies. Watch the full episode: https://ku.bz/9nFPmG85f

🚀 New on LearnKube: “User and workload identities in Kubernetes.” The Kubernetes API server must identify the caller before it can check permissions. The article follows that identity through the request path: external users, in-cluster workloads, service account tokens, projected volumes, JWT claims, TokenReview, and AWS IAM federation. You will learn: - how authentication differs from authorization - why human users usually come from OIDC, certificates, webhooks, proxies, or static token files - how pods authenticate with service accounts - why TokenRequest and projected volumes replaced automatic long-lived token secrets - what sub, aud, iss, and exp tell you inside a JWT - how EKS IRSA uses projected tokens to federate with AWS IAM - how TokenReview validates Kubernetes-issued tokens inside the cluster Read the full article: https://learnkube.com/authentication-kubernetes

Helm and YAML often look safe because they are templates, not running systems. Pronomita Dey breaks down why that assumption is dangerous. Application code gets linting, tests, and static analysis, while Helm configuration is typically checked only for logic or policy, not for the runtime implications a service will actually experience in production. If your review stops at template correctness, you may miss the operational failure entirely. Watch the full interview: https://ku.bz/lm5jTjdVN

Calin Florescu, DevOps Engineer, discusses implementing a robust testing strategy for unified Helm charts. His approach combines two methods: automated validation with the helm-unittest plugin to verify template rendering, and practical testing against the Kubernetes API using dummy repositories. This dual approach ensures templates are both technically correct and practically viable before reaching development teams. Watch the full episode: https://kube.fmhttps://ku.bz/mcPtH5395

We have 10 free tickets for Kubernetes Community Days New York 2026. A one-day Kubernetes and cloud native conference for engineers, with technical talks, hands-on workshops, and time to meet other practitioners. Date: June 10, 2026 Venue: Convene One Liberty Plaza, NYC https://ku.bz/JkjmffBzw Claim yours: 📧 hello@kube.events

In this tutorial, you'll learn how to set up event-driven, trace-based testing in Kubernetes using Tracetest and Testkube. More: https://tracetest.io/blog/event-driven-kubernetes-testing-with-testkube-and-tracetest

zeropod is a tool that automatically checkpoints containers to disk after a certain amount of time of the last TCP connection, allowing for fast and seamless scaling down to zero. More: https://ku.bz/pCGwlKG-3

Yoke is an IaC tool inspired by Helm that leverages WebAssembly and Go to dynamically deploy Kubernetes packages with executable runtime capabilities. It supports revision tracking, rollback, and inspection. More: https://ku.bz/b_m98W4sF

YAML and Helm changes often look simple until one small value in values.yaml changes the final manifest in a big way. Koray Oksay explains why large Helm charts are difficult to review, why templating hides real production impact, and why teams need production-like environments to test changes before rollout. Watch the full interview: https://ku.bz/yrtRLM

In this article, you'll learn how to implement an Event-Driven Architecture on Kubernetes with Argo Events and a NATS EventBus. More: https://blog.devops.dev/event-driven-architecture-on-kubernetes-with-argo-events-75b9115bb1fc

Marc Campora analyzes a deployment with over 500 microservices across test and production environments, revealing how traffic patterns fundamentally determine cost-effectiveness. Marc explains the core pricing difference: containers require paying for provisioned infrastructure time regardless of usage, while Lambda uses a pay-per-invocation model where you pay nothing when functions aren't called. His customer analysis showed dramatic results - the test environment could achieve 3x cost reduction with Lambda due to idle periods during nights, weekends, and low daytime traffic. Production presented a more complex picture: 80% of services were mostly idle (making them Lambda-friendly), while the remaining 20% processed consistent daily traffic where containers proved more economical. The overall production cost comparison was balanced between both approaches. Watch the full episode: https://ku.bz/5gMTkzLhV