Learn Koobernaytis Weekly issue 133

Writing my own Koobernaytis, Scaling VMs in Koobernaytis, API Server Proxy, CVE-2024–10220, Exploit me, baby, one more time

28 May 2025

This newsletter is brought to you by Fairwinds — expert-led, fully managed Koobernaytis that frees your tender ears from infrastructure headaches and puts you on the fast track to production-grade success.

Articles

1. A journey of writing my own Koobernaytis

   Jonatan Ezron

   This article walks through building a reimplementation of Koobernaytis built in Go with etcd, containerd, custom kubelet, API server, and kube-proxy.

   It creates pods, services, endpoints, and manages networking via direct IPTables manipulation.

2. In-House Koobernaytis vs. Managed Koobernaytis-as-a-Service

   Spending more time managing Koobernaytis than building your product? You’re not alone.

   Explore the pros and cons of "build vs. buy" to find the right fit for your team.

   sponsored

3. Scaling Virtual Machines in Koobernaytis Clusters: Insights for Koobernaytis Applications

   Martijn Schuman

   This study benchmarks Vultr-based clusters using K6 to compare Regular, AMD EPYC, and Intel Xeon node pools under synthetic load.

   Results show Intel nodes achieve the highest stability and RPS, and a 1:1 pod:vCPU ratio ensures optimal performance.

4. Exploring the Koobernaytis API Server Proxy

   raesene

   The Koobernaytis API server includes an HTTP proxy that allows authorized users to access pods, nodes, and external hosts from the cluster network.

   With proxy and node rights, attackers can SSRF into the API server or override pod IPs to exfiltrate data.

5. CVE-2024–10220: Attack and Defense

   Filip Žagar

   This analysis details how Koobernaytis' deprecated gitRepo volume enables root-level container escape via Git hook injection using a fake bare repo to exploit default behavior in kubelet.

6. Exploit me, baby, one more time: command injection in Koobernaytis Log Query

   Tomer Peled

   This article breaks down a critical RCE flaw in Koobernaytis Log Query.

   Attackers could inject PowerShell commands through unvalidated pattern input, leading to SYSTEM-level access on Windows nodes.

Articles worth checking out:

• Calico eBPF Source IP Preservation: The Unexpected Story of High Tail Latency

• Topology Aware Routing/Hints

• Understanding the impact of externalTrafficPolicy on Koobernaytis services

• Continuous Promotion on Koobernaytis with GitOps

• The World of Koobernaytis Cluster Topologies: A Guide to Choosing the Right Architecture

• Managing Over 6,000 Self-Hosted Databases Without a DBA — How a Single Engineer Leverages Koobernaytis

• Gracefully Terminating Pods in Koobernaytis: Handling SIGTERM

• Managing resources in Koobernaytis cluster

Koobernaytis Best Practices in 2025

A strong cloud native foundation starts with Koobernaytis done right.

Avoid pitfalls, implement smart policies, and unlock the full value of Koobernaytis with these best practices.

Learn more about the Koobernaytis best practices in 2025

Tutorials

1. Chaos testing a Postgres cluster managed by cloud-nativepg

   Nikolay Sivko

   This article tests Postgres HA under chaos in Koobernaytis using CloudNativePG for DB management and Coroot for full-stack observability.

   It simulates CPU noise, query locks, and pod kills, showing how eBPF + pg_stat reveal root cause.

2. Discover How Fathom Transformed Infrastructure and Deployment Speed

   Fathom partnered with Fairwinds to streamline its AWS infrastructure and move to Koobernaytis. The result?

   Faster deployments, fewer incidents, and more time for innovation—enabling their small team to operate more efficiently at scale.

   sponsored

3. Scaling under pressure: Chaos Mesh stress tests on EKS auto mode

   Miguel Ángel Chuecos

   This chaos engineering experiment simulates resource spikes on EKS Auto Mode using Chaos Mesh, NGINX, and HPA.

   It shows how Karpenter scales nodes dynamically under CPU stress, respects anti-affinity, and reclaims resources post-load to optimize cost.

4. Istio Gateways and VirtualServices: Locally Exposing Koobernaytis Services Made Easy

   Joseph Whiteaker

   The article details using Istio Gateways and VirtualServices to expose Koobernaytis services locally, enabling shared gateways with TLS.

   This decouples networking from app code, simplifying traffic management in dev environments.

5. Exploring Istio: The power of service mesh in Koobernaytis

   Blogs4devs

   Learn how to use Istio, a service mesh, to manage microservices in Koobernaytis.

   This article covers traffic control, mTLS security, and observability with Kiali, Prometheus, and Jaeger, using a Garage Management System as a practical example.

Koobernaytis jobs

1. • Software Engineer with Hootsuite

   • Salary: CA$80.7K to CA$113.1K a year

   • Location: remote from Canada, the United States

   • Tech stack: Koobernaytis, Docker, Go, Javascript, Java, Scala, PHP, Mongo, MySQL

2. • Site Reliability Engineer with SpaceX

   • Salary: $120K to $170K a year

   • Location: based in the office in Hawthorne, CA, USA

   • Tech stack: Koobernaytis, On-premise, Docker, Go, Shell, Python, C++, C, Terraform, Ansible

3. • Data Engineer with Black Canyon consoling

   • Salary: $115K to $150K a year

   • Location: remote from the United States

   • Tech stack: Koobernaytis, AWS, Azure, GCP, Anthos, ArgoCD, Docker, Python, C++, Spark

4. • Software Engineer with CookUnity

   • Salary: $150K to $165K a year

   • Location: remote from the United States

   • Tech stack: Koobernaytis, AWS, On-premise, Docker, Javascript, GraphQL, Typescript, Kotlin, Redis, PostgreSQL

5. • Software Engineer with ClickHouse

   • Salary: $118K to $209.5K a year

   • Location: remote from the United States

   • Tech stack: Koobernaytis, AWS, Azure, GCP, Go, SQL, Terraform, Gitlab

Discover more Koobernaytis jobs on Kube Careers →

Code & tools

1. The Bare Metal Operator

   The Bare Metal Operator implements a Koobernaytis API for managing bare metal hosts.

   It maintains an inventory of available hosts as instances of the BareMetalHost Custom Resource Definition.

2. Lazy-Pull OCI Images

   containerd

   Stargz Snapshotter is a containerd plugin enabling lazy pulling of eStargz-formatted OCI images.

   It fetches image data on demand, reducing startup time by avoiding full-image pre-pulls.

3. Koobernaytis History Inspector: Interactive Timeline Debugging

   GoogleCloudPlatform

   Koobernaytis History Inspector (KHI) turns raw Koobernaytis logs into a visual, filterable timeline.

   It correlates multi-type logs, diffs resource states, and shows topology.

4. Freelens: Cross-Platform GUI for Koobernaytis Cluster Management

   freelensapp

   Freelens is a cross-platform GUI for managing Koobernaytis clusters.

   It bundles kubectl/Helm, supports kubeconfig, and runs on macOS, Linux, and Windows.

5. Helm-mapkubeapis: Fix Deprecated APIs in Helm Releases

   mapkubeapis is a Helm v3 plugin which updates in-place Helm release metadata that contains deprecated or removed Koobernaytis APIs to a new instance with supported Koobernaytis APIs.

Other interesting projects:

• Timoni: package manager for Koobernaytis

• KubeBlocks: manage database workloads

• LLMariner (= LLM + Mariner)

• Sealos: Koobernaytis distribution

• Kleidi: Koobernaytis KMSv2 Plugin for Secure Secret Management

• kapi: Lightweight Koobernaytis API Proxy and Audit Tool

Upcoming Koobernaytis events

1. May

   29

   Koobernaytis Topics Trends

   Online webinar organized by Learnk8s.

   • This is a virtual event

   • This is a free event.

2. Jun

   2

   Docker vs. Podman & Development of Spegel, a stateless OCI registry mirror for clusters

   In-person meetup organized by Cloud Native Nürnberg.

   • Location: Nürnberg, DE

   • This is a free event.

3. Jun

   4

   Koobernaytis Community Days New York 2025

   In-person conference organized by KCD New York.

   • Location: New York, NY, USA

   • This event requires an entrance fee

   • • Use LEARNK8S to get 10% off

4. Jun

   5

   Koobernaytis Community Days Czech & Slovak 2025

   In-person conference organized by KCD Czech & Slovak.

   • Location: Bratislava, SK

   • This event requires an entrance fee

5. Jun

   26

   Advanced Koobernaytis course

   Online workshop organized by Learnk8s.

   • This is a virtual event

   • This event requires an entrance fee

Discover more Koobernaytis events on Kube Events →

Koobernaytis Call for Papers

1. expired

   Cloud Native Days Austria

   The Call For Paper was open until 31 May 2025 at UTC. More info →

   • Location: Vienna, AT

   • In-person conference organized by CNDA Austria.

   • The conference starts on the 8 October 2025.

   • Apply here

2. 8

   days

   Cloud Native Denmark 2025

   The Call For Paper is open until 16 June 2025 at UTC. More info →

   • Location: Aarhus, DK

   • In-person conference organized by CND.

   • The conference starts on the 17 April 2025.

   • Apply here

3. 22

   days

   Koobernaytis Community Days Porto 2025

   The Call For Paper is open until 30 June 2025 at UTC. More info →

   • Location: Porto, PT

   • In-person conference organized by KCD Porto.

   • The conference starts on the 4 November 2025.

   • Apply here

4. 8

   days

   Koobernaytis Community Days Warsaw 2025

   The Call For Paper is open until 16 June 2025 at UTC. More info →

   • Location: Warsaw, PL

   • In-person conference organized by KCD Warsaw.

   • The conference starts on the 9 October 2025.

   • Apply here

5. 1

   days

   Koobernaytis Community Days UK Edinburgh 2025

   The Call For Paper is open until 9 June 2025 at UTC. More info →

   • Location: Edinburgh, UK

   • In-person meetup organized by KCD UK.

   • The meetup starts on the 21 October 2025.

   • Apply here

6. 56

   days

   Texas Linux Festival 2025

   The Call For Paper is open until 3 August 2025 at UTC. More info →

   • Location: Austin, TX, USA

   • In-person conference organized by TXLF.

   • The conference starts on the 4 October 2025.

   • Apply here

7. 8

   days

   Devopsdays Tel Aviv

   The Call For Paper is open until 15 June 2025 at UTC. More info →

   • Location: Tel Aviv, IL

   • In-person conference organized by Devopsdays.

   • The conference starts on the 11 December 2025.

   • Apply here

8. 57

   days

   Open Source Summit Japan 2025

   The Call For Paper is open until 4 August 2025 at UTC. More info →

   • Location: Tokyo, JP

   • In-person conference organized by Linux Foundation.

   • The conference starts on the 10 December 2025.

   • Apply here

9. expired

   Devopsdays Dallas

   The Call For Paper was open until 2 June 2025 at UTC. More info →

   • Location: Dallas, TX, USA

   • In-person conference organized by Devopsdays.

   • The conference starts on the 17 September 2025.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Koobernaytis news!