⎈ Inside a Pod’s Birth, Cut Cross-AZ Traffic Costs, allowPrivilegeEscalation: false, Streaming List responses, HPA tolerance, Helm in prod
This issue is brought to you by vCluster Labs — get the free eBook "GPU-enabled Platforms on Kubernetes". Learn GPU isolation, security patterns, and production architectures for AI infrastructure.
📕 Six months ago, I couldn't explain how Kubernetes exposes GPUs. Now I'm writing a book about it.
I've spent the past months studying this topic deeply. Thanks to vCluster sponsoring my time and effort, and with Saiyam's help, I've compiled my findings into an ebook. Here's what I'm covering:
🤔 Why GPUs fundamentally resist Kubernetes' containerization model
🔝 A detailed explanation of how GPUs are exposed—tracing every layer from kernel drivers through kubelet to the scheduler
👏 Why GPU sharing isn't as simple as applying cgroups to containers (spoiler: GPUs weren't designed for this)
🔪 The million-dollar question: how you should actually share your GPUs across workloads
The book isn't quite ready, but I'm getting closer to the finish line. I'll publish it on September 8th—you can get notified when it's published here.
📚 Articles
🔥 Inside a Pod’s Birth: Veth Pairs, IPAM, and Routing with Kindnet CNI
How We Cut Cross-AZ Traffic Costs Between Kubernetes Services in AWS Using Istio
allowPrivilegeEscalation: false: The Kubernetes Security Flag With a Hidden Catch
Helm Charts in Production: Essential Plugins and Features for Reliable Kubernetes Deployments
MIG on AKS: Run More, Spend Less, and Actually Use Your Damn GPU
🌟 [EBOOK] GPU-Enabled Platforms on Kubernetes
Learn why GPU sharing fundamentally differs from CPU sharing, how to architect for security and performance, and which patterns work in real-world multi-tenant environments.
(free) eBook launches September 8: Reserve yours
![[EBOOK] GPU-Enabled Platforms on Kubernetes](https://substackcdn.com/image/fetch/$s_!-fwt!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd0688847-8a83-44ff-a219-3db9a49e9517_1200x1200.png "[EBOOK] GPU-Enabled Platforms on Kubernetes")
📖 Tutorials
📺 This week on the KubeFM podcast
Solving Cold Starts: Uses Istio to Warm Up Java Pods
💼 Kubernetes jobs
Platform Engineer 💰 $186.62K to $252.49K a year · 🏢 based in the office (and remote from home) in San Francisco, CA, USA
DevOps Engineer 💰 $50K to $60K a year · 🌎 remote from the United Kingdom
Software Engineer 💰 £100K to £121K a year · 🌎 remote from the United Kingdom
DevSecOps Engineer 💰 $125K to $145K a year · 🏢 based in the office (and remote from home) in East Coast, USA
Software Engineer 💰 $24K to $36K a year · 🌎 remote from Argentina, Brazil, Chile, Colombia
👉 Discover more opportunities on Kube Careers.
🛠 Tools and libraries
Kubernetes Prometheus Analyzer: CLI for Resource Optimization
Kgateway – An amazing tool to simplify traffic management using Kubernetes API Gateway
Pangolin: Self-Hosted Zero Trust Tunnel with Identity and Access Control
📅 Upcoming Kubernetes events
How we used Crossplane for the things we should not have 📅 Sep 4
🔥 ContainerDays 📅 Sep 9
🔥 Kubernetes Community Days San Francisco Bay Area 📅 Sep 9
🔥 CloudCon Sydney 2025 📅 Sep 9
🔥 GPU Enabled Platforms Overview 📅 Sep 10
🔥 Advanced Kubernetes course 📅 Sep 18
🔥 Teaching Claude to be Your Migration Engineer: A Stateful Kubernetes Story 📅 Oct 2
👉 You can find more events on Kube Events.
📢 Call for papers closing soon
GitOpsCon North America ⏳ closes Sep 14
KubeCon + CloudNativeCon Europe 2026 ⏳ closes Oct 12
CozySummit Virtual 2025 ⏳ closes Sep 14
🔥 Devopsdays Los Angeles ⏳ closes Nov 2
Devopsdays Bogotá ⏳ closes Sep 16
Devopsdays Wollongong ⏳ closes Oct 1
Women in Tech Summit Kenya 2025 ⏳ closes Sep 14
Devopsdays Porto Alegre ⏳ closes Oct 31
Devopsdays Recife ⏳ closes Sep 30
👉 You can find more Call for Papers on Kube Events.
Until next time!
— Dan