L
New on LearnKube: Microservice authentication with Kubernetes Service Accounts.Service Accounts are usually described as identities used to call the Kubernetes API.
But you can also use them to authenticate requests between services inside the cluster.
The article walks through:
- how an API service can pass its Service Account token to a data store- how the data store can validate the token with the TokenReview API- why accepting any valid token is not enough- how projected Service Account tokens let you bind a token to a specific audience
Thanks to Gulcan for putting together the full walkthrough with diagrams, manifests, Go snippets, TokenReview examples, and projected Service Account tokens.
Read the full guide:https://learnkube.com/microservices-authentication-kubernetes
Amine Hilaly, Software Development Engineer at Amazon Web Services (AWS), shares his vision for Kubernetes 2.0 and what the next decade should bring to the platform.
Working on the EKS team, he identifies Custom Resource Definitions (CRDs) as a critical area that needs improvement, particularly in terms of better support and enhancements to the conversion webhook ecosystem.
Watch the full interview: https://ku.bz/Gq1-34ZN0
Working on the EKS team, he identifies Custom Resource Definitions (CRDs) as a critical area that needs improvement, particularly in terms of better support and enhancements to the conversion webhook ecosystem.
Watch the full interview: https://ku.bz/Gq1-34ZN0
Tanat Lokejaroenlarb, Staff Site Reliability Engineer at Adevinta, explains how his team built a metrics-based system to track and manage Kubernetes API deprecations during cluster upgrades.
He describes their approach to monitoring deprecated resource sets and API calls by creating a thin wrapper around the open-source tool Pluto to generate Prometheus metrics. These metrics power dashboards that visualize which objects would be impacted by upcoming version upgrades, helping both platform engineers and application teams prepare for changes. The solution combines custom metrics with Kubernetes' built-in deprecation annotations and log analysis through Grafana Loki.
Watch the full episode: https://kube.fmhttps://ku.bz/VVHFfXGl_
He describes their approach to monitoring deprecated resource sets and API calls by creating a thin wrapper around the open-source tool Pluto to generate Prometheus metrics. These metrics power dashboards that visualize which objects would be impacted by upcoming version upgrades, helping both platform engineers and application teams prepare for changes. The solution combines custom metrics with Kubernetes' built-in deprecation annotations and log analysis through Grafana Loki.
Watch the full episode: https://kube.fmhttps://ku.bz/VVHFfXGl_
This case study shows how Palark migrated high-traffic Drupal 8 monoliths to Kubernetes to improve resilience, autoscaling, deployment automation, and DDoS handling while reducing infrastructure waste.
More: https://ku.bz/-t8tPTV8p
More: https://ku.bz/-t8tPTV8p
Kubernetes is open source. So is llm-d. So is Agent Sandbox. You don't have to use Google Cloud to use any of it.
Abdel Sghiouar from Google Cloud makes the case for the CNCF ecosystem model: components are modular and API-driven, so you can swap them in and out across platforms. llm-d works anywhere. Agent Sandbox works with Kata Containers or gVisor — not just GKE. The value of the CNCF isn't lock-in, it's the opposite.
Watch the announcement: https://ku.bz/4j667SVsN
Read the announcement: https://ku.bz/h5TV1mBsP
Abdel Sghiouar from Google Cloud makes the case for the CNCF ecosystem model: components are modular and API-driven, so you can swap them in and out across platforms. llm-d works anywhere. Agent Sandbox works with Kata Containers or gVisor — not just GKE. The value of the CNCF isn't lock-in, it's the opposite.
Watch the announcement: https://ku.bz/4j667SVsN
Read the announcement: https://ku.bz/h5TV1mBsP
This week on Learn Kubernetes Weekly 187:
Applying Kubernetes Patterns to LLM Workloads Why Your Grafana is Slow on Kubernetes (and 3 Replicas Won't Fix It) Observability at Albert Heijn Vibe Coding a Kubernetes Media Server: What I Learned About AI-First Engineering Installing Kong Gateway Custom Plugins on Kubernetes using Helm Charts
Read it now: https://kube.today/issues/187
️ This newsletter is brought to you by WeAreDevelopers World Congress — The World’s Largest Event for Developers, AI Builders & Tech Leaders https://ku.bz/cwnthSpPK
Applying Kubernetes Patterns to LLM Workloads Why Your Grafana is Slow on Kubernetes (and 3 Replicas Won't Fix It) Observability at Albert Heijn Vibe Coding a Kubernetes Media Server: What I Learned About AI-First Engineering Installing Kong Gateway Custom Plugins on Kubernetes using Helm ChartsRead it now: https://kube.today/issues/187
️ This newsletter is brought to you by WeAreDevelopers World Congress — The World’s Largest Event for Developers, AI Builders & Tech Leaders https://ku.bz/cwnthSpPK
This operator automates provisioning and operating Redis in standalone, cluster, replication, or sentinel mode on Kubernetes with support for TLS, monitoring (via Redis Exporter), dynamic PVCs, and failover management.
More: https://ku.bz/JX2wSX0PZ
More: https://ku.bz/JX2wSX0PZ
Metalbear is hosting a live technical session on self-correcting AI agents in Kubernetes.
Watch Arsh Sharma and Aviram Hassan run a Cursor agent against a real Kubernetes environment as it writes code, tests, and iterates on its own.
June 18, 2026 11am ET / 8am PT 45 min + Q&A Online
Register: https://ku.bz/6V5Lmsblf
Watch Arsh Sharma and Aviram Hassan run a Cursor agent against a real Kubernetes environment as it writes code, tests, and iterates on its own.
June 18, 2026 11am ET / 8am PT 45 min + Q&A OnlineRegister: https://ku.bz/6V5Lmsblf
This article describes how Red Hat's Konflux team built an AI-powered "finally task" for Tekton pipelines that automatically distills 170,000-line failure logs into a 10-line diagnosis.
More: https://ku.bz/Zt_KHg85B
More: https://ku.bz/Zt_KHg85B