KubeFM

What happens when an AI agent stops generating Kubernetes YAML and starts operating the cluster directly?
Mike Solomon, software engineer at AIATELLA, explains how his team moved from a sprawling Helm setup to Markdown-driven infrastructure specs that Claude Code can execute, test, and refine.
You will learn
Why Helm became hard to maintain for a fast-moving medical infrastructure repo

How Claude debugged Argo, TLS conflicts, kubectl patches, and private registry credentials

How runbooks plus agent memory files capture failures so deployments become reproducible.

It is a practical look at where Kubernetes automation may be heading: less hand-written YAML, more precise intent, and a sharper definition of when the human must stay in the loop.
Sponsor
This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person or remote training.
More info
Find all the links and info for this episode here: https://ku.bz/y70mLvWNs

Interested in sponsoring an episode? Learn more.

A single Kubernetes CRD for every service request turns small changes into full-platform reconciliations.
Alexander Held, former platform engineer at Mercedes-Benz Tech Innovation, describes a production refactor from a 2,000-line CRD to purpose-built resources and controllers. He shows how teams can model business workflows as Kubernetes APIs and then use owner references, finalizers, and events to keep platform operations predictable.
You will learn:
Why monolithic CRDs create performance and troubleshooting problems

How controllers turn database provisioning and backups into reconciliation loops

How finalizers clean up external resources such as S3 backups

Why Kubernetes events make platform workflows easier to debug

Sponsor
This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person or remote training.
More info
Find all the links and info for this episode here: https://ku.bz/TGy4Qn7Qs

Interested in sponsoring an episode? Learn more.

Kelsey Hightower, Eric Abercrombie, and Julius Payne II reflect on life after achievement, entering the Kubernetes world for the first time, and how music, creativity, and lived experience shape the way they think about technology.
In this interview:
Why fundamentals, patience, and repetition still matter more than shortcuts

How Kubernetes, community, and confidence intersect for people entering cloud-native work

What hip-hop, production, and storytelling can teach us about ownership, authenticity, and finding your voice

Sponsor
This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person or remote training.
More info
Find all the links and info for this episode here: https://ku.bz/czrCCXSLt

Interested in sponsoring an episode? Learn more.

You're running gRPC services in Kubernetes, load balancing looks fine on the dashboard — but some pods are burning at 80% CPU while others sit idle, and adding more replicas only partially helps.
Rohit Agrawal, a Staff Software Engineer on the traffic platform team at Databricks, explains why this happens and how his team replaced Kubernetes's default networking with a proxy-less, client-side load-balancing system built on the xDS protocol.
In this episode:
Why KubeProxy's Layer 4 routing breaks down under high-throughput gRPC: it picks a backend once per TCP connection, not per request

How Databricks built an Endpoint Discovery Service (EDS) that watches Kubernetes directly and streams real-time pod metadata to every client

How zone-aware spillover cut cross-availability-zone costs without sacrificing availability

Why CPU-based routing failed (monitoring lag creates oscillation) and what signals to use instead

The system has been running in production for three years across hundreds of services, handling millions of requests.
Sponsor
This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person or remote training.
More info
Find all the links and info for this episode here: https://ku.bz/y803JMhBk

Interested in sponsoring an episode? Learn more.

You're integrating HashiCorp Vault into your Kubernetes cluster and adding a temporary debug log line to check whether the ServiceAccount token is being passed correctly. Three months later, that log line is still in production — and the token it prints has a 1-year expiry with no audience restrictions.
Vincent von Büren, a platform engineer at ipt in Switzerland, lived through exactly this incident. In this episode, he breaks down why default Kubernetes ServiceAccount tokens are a quiet security risk hiding in plain sight.
You will learn:
What's actually inside a Kubernetes ServiceAccount JWT (issuer, subject, audience, and expiry)

Why tokens with no audience scoping enable replay attacks across internal and external systems

How Vault's Kubernetes auth method and JWT auth method compare, and when to choose each

What projected tokens are, why they dramatically reduce blast radius, and what's holding teams back from using them

Practical steps for auditing which pods actually need API access and disabling auto-mounting everywhere else

Sponsor
This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person or remote training.
More info
Find all the links and info for this episode here: https://ku.bz/LTnB_Ntbc

Interested in sponsoring an episode? Learn more.