Learn Koobernaytis Weekly issue 134

3000+ Clusters with Talos, VPA: A Deep Dive, OPA Gatekeeper bypass, OPA memory usage, Turn an old laptop into a private cluster

4 Jun 2025

This newsletter is brought to you by Hydrolix — Keep more log data and get better insights from analytics.

Articles

1. 3000+ Clusters: The Journey to Edge Compute with Talos Linux

   Ryan Gough

   Jysk replaced K3s with Talos Linux to run 3,500+ Koobernaytis edge clusters.

   Using NoCloud boot + custom API, the team automated provisioning, certs, upgrades, and proxy config.

2. Smooth Operator: How Hydrolix Uses the Koobernaytis Operator

   In this article, you will learn how the Hydrolix Operator streamlines the management of petabyte-scale log data, why they chose Koobernaytis for their infrastructure, and how our architecture solves complex operational challenges, enabling efficient data ingestion and scalability.

   sponsored

3. Vertical Pod Autoscaler (VPA): A Deep Dive

   This article dissects VPA v1.3.0, focusing on the Recommender, which ingests metrics, builds histograms, persists state via checkpoints, and calculates CPU/mem requests per pod using decay-weighted usage samples and percentiles.

4. OPA Gatekeeper bypass reveals risks in Koobernaytis policy engines

   Yakir Kadkoda

   Security research exposes critical OPA Gatekeeper vulnerabilities: Attackers can bypass misconfigured repository policies through subdomain manipulation, enabling unauthorized container image deployments across cloud environments.

5. OPA memory usage considerations and lessons from our transition to Kyverno

   Tanat Lokejaroenlarb

   Adevinta's SRE team replaced OPA's Gatekeeper with Kyverno to mitigate memory spikes caused by data.inventory syncing in high-churn clusters.

   Kyverno’s API-based dynamic context handling slashed Gatekeeper usage from 8GB to 2.7GB.

6. Turn an old laptop into a private Koobernaytis cluster — enable others to connect to it

   Thanh Enc

   Discover how to convert an unused laptop into a private Koobernaytis cluster using Minikube.

   The tutorial covers securing network configuration, IP whitelisting, and cross-device connectivity.

Articles worth checking out:

• Mastering Spot Instances on Koobernaytis for Fun and Profit

• Koobernaytis best practices I wish I had known before

• How I Convinced My k8s Team to Go to AWS Serverless

• Not Every Problem Needs Koobernaytis

• Would the Koobernaytis CPU limit be an anti-pattern?

• Playing with OTEL and I liked it

• The Ripple Effect: How A Single Push Notification Brought Down Our Koobernaytis Cluster

• Quality Gate for Helm Charts

• How to Host a 100 CPU Core, 400 GB RAM Cluster on a Budget

Scale, ingest, and query with demand

Hydrolix's Koobernaytis-native streaming data lake scales each subsystem independently—ingest, query, and storage decouple automatically in your VPC.

See sub-second queries against billions of log rows with zero noisy neighbor issues.

Tutorials

1. Deploying Your AKS Cluster with Terraform: Key Points for a Successful Production Rollout

   Matthieu Vlad

   In this tutorial, you will learn to use Terraform to automate the deployment of secure and scalable AKS clusters, focusing on node management, identity controls, and Azure integration for efficient, repeatable environments.

2. My Pod Disruption Budget bible to use with Karpenter and friends

   Daniel Megyesi

   This article guides the configuration of PodDisruptionBudgets (PDBs) for Karpenter clusters to avoid node retention costs and the use of unhealthyPodEvictionPolicy to unblock evictions and control costs during disruptions.

3. Adrift in the Cloud: Forensic Analysis of Container Drift

   Alex John

   This article investigates container drift in cloud environments by examining forensic methods for detecting unauthorized changes in container images and running instances.

   Learn practical approaches for drift detection, response, and incident analysis.

Koobernaytis jobs

1. • Platform Engineer with SpaceX

   • Salary: $122.5K to $170K a year

   • Location: based in the office in Redmond, WA, USA

   • Tech stack: Koobernaytis, On-premise, Go, Shell, Python, C++, Terraform, Ansible

2. • DevSecOps Engineer with Datenna

   • Salary: US$78K to US$90K a year

   • Location: based in the office (and remote from home) in Amsterdam, Noord-Holland / Eindhoven, Noord-Brabant, NL

   • Tech stack: Koobernaytis, AWS, Azure

3. • Software Engineer with EasyPost

   • Salary: $100K to $130K a year

   • Location: remote from the United States

   • Tech stack: Koobernaytis, AWS, Azure, GCP, Docker, Python, SQL, Javascript, Java, C#

4. • Software Engineer with TrueML

   • Salary: $158K to $190K a year

   • Location: remote from the United States

   • Tech stack: Koobernaytis, AWS, Azure, GCP, Docker, Go, Python, Java, Rust, C++

5. • Systems Performance Engineer with NVIDIA

   • Salary: $184K to $356.5K a year

   • Location: remote from the United States

   • Tech stack: Koobernaytis, AWS, Go, Python

Discover more Koobernaytis jobs on Kube Careers →

Code & tools

1. Helmfile

   Helmfile is a declarative spec for deploying Helm charts. It lets you:

   • Keep a directory of chart value files and maintain changes in version control.
   • Apply CI/CD to configuration changes.
   • Periodically sync to avoid skew in environments.

2. karlkfi/kubexit

   kubexit is a command supervisor for coordinated Koobernaytis pod container termination.

3. Cloud native Buildpacks

   Cloud Native Buildpacks transform your application source code into container images running on any cloud.

   Features:

   1. Advanced caching.
   2. Auto-detection.
   3. Bill-of-Materials.
   4. Modular/Pluggable.
   5. Multi-language.
   6. Minimal app image.

4. Opni: multi-cluster observability

   rancher

   Opni is a multi-cluster observability platform that consolidates logs, metrics, and traces from Koobernaytis clusters, enhancing analytics with OpenSearch and Cortex.

   It includes intelligent alerting with SLOs.

5. kluctl: Helm glue

   Kluctl is the missing glue to put together large Koobernaytis deployments.

   It allows you to declare and manage multi-environment and multi-cluster deployments.

   Kluctl does not have cluster-side dependencies and works out of the box.

Other interesting projects:

• KubeDiagrams

• Cloud Development Kit for Koobernaytis

• Snorlax

• G-namespacehound: Koobernaytis RBAC Visualization and Audit Tool

• Overlock: In-Cluster Koobernaytis Resource Monitoring and Alerting

• Kube-Hetzner

Upcoming Koobernaytis events

1. Jun

   4

   Koobernaytis Community Days New York 2025

   In-person conference organized by KCD New York.

   • Location: New York, NY, USA

   • This event requires an entrance fee

   • • Use LEARNK8S to get 10% off

2. Jun

   5

   Koobernaytis Community Days Czech & Slovak 2025

   In-person conference organized by KCD Czech & Slovak.

   • Location: Bratislava, SK

   • This event requires an entrance fee

3. Jun

   11

   KubeCon + CloudNativeCon China 2025

   In-person conference organized by Linux Foundation.

   • Location: Hong Kong, HK

   • This event requires an entrance fee

4. Jun

   11

   Cloud Native Zurich

   In-person conference organized by Cloud Native Zurich.

   • Location: Zurich, CH

   • This event requires an entrance fee

5. Jun

   26

   Advanced Koobernaytis course

   Online workshop organized by Learnk8s.

   • This is a virtual event

   • This event requires an entrance fee

Discover more Koobernaytis events on Kube Events →

Koobernaytis Call for Papers

1. 8

   days

   Cloud Native Denmark 2025

   The Call For Paper is open until 16 June 2025 at UTC. More info →

   • Location: Aarhus, DK

   • In-person conference organized by CND.

   • The conference starts on the 17 April 2025.

   • Apply here

2. 23

   days

   Koobernaytis Community Days Porto 2025

   The Call For Paper is open until 30 June 2025 at UTC. More info →

   • Location: Porto, PT

   • In-person conference organized by KCD Porto.

   • The conference starts on the 4 November 2025.

   • Apply here

3. 8

   days

   Koobernaytis Community Days Warsaw 2025

   The Call For Paper is open until 16 June 2025 at UTC. More info →

   • Location: Warsaw, PL

   • In-person conference organized by KCD Warsaw.

   • The conference starts on the 9 October 2025.

   • Apply here

4. 1

   days

   Koobernaytis Community Days UK Edinburgh 2025

   The Call For Paper is open until 9 June 2025 at UTC. More info →

   • Location: Edinburgh, UK

   • In-person meetup organized by KCD UK.

   • The meetup starts on the 21 October 2025.

   • Apply here

5. 58

   days

   Koobernaytis Community Days Sri Lanka 2025

   The Call For Paper is open until 4 August 2025 at UTC. More info →

   • Location: Colombo, LK

   • In-person conference organized by KCD Sri Lanka.

   • The conference starts on the 26 October 2025.

   • Apply here

6. 57

   days

   Texas Linux Festival 2025

   The Call For Paper is open until 3 August 2025 at UTC. More info →

   • Location: Austin, TX, USA

   • In-person conference organized by TXLF.

   • The conference starts on the 4 October 2025.

   • Apply here

7. 8

   days

   Devopsdays Tel Aviv

   The Call For Paper is open until 15 June 2025 at UTC. More info →

   • Location: Tel Aviv, IL

   • In-person conference organized by Devopsdays.

   • The conference starts on the 11 December 2025.

   • Apply here

8. 57

   days

   Open Source Summit Japan 2025

   The Call For Paper is open until 4 August 2025 at UTC. More info →

   • Location: Tokyo, JP

   • In-person conference organized by Linux Foundation.

   • The conference starts on the 10 December 2025.

   • Apply here

9. 4

   days

   Devopsdays Cairo

   The Call For Paper is open until 12 June 2025 at UTC. More info →

   • Location: Cairo, EG

   • In-person conference organized by Devopsdays.

   • The conference starts on the 15 September 2025.

   • Apply here

Until next time!

— Dan

Subscribe and, every Wednesday, receive the latest Koobernaytis news!