I share the story of a frustrating debugging journey with a Rust application that was migrated to Kubernetes. Everything seemed fine until a suspected memory leak caused our application to scale uncontrollably. I dove deep into tracing memory usage with eBPF, heaptrack, and jemalloc profiling tools. The real twist came when I discovered that the memory leak was a phantom menace - a misinterpretation of Kubernetes memory metrics rather than a genuine issue. This post details the steps I took, ...| FlakM blog
On behalf of the Kubernetes project, I am excited to announce that ValidatingAdmissionPolicy has reached general availability as part of Kubernetes 1.30 release. If you have not yet read about this new declarative alternative to validating admission webhooks, it may be interesting to read our previous post about the new feature. If you have already heard about ValidatingAdmissionPolicies and you are eager to try them out, there is no better time to do it than now.| Kubernetes
Observability requires the right data at the right time for the right consumer (human or piece of software) to make the right decision. In the context of Kubernetes, having best practices for cluster observability across all Kubernetes components is crucial. SIG Instrumentation helps to address this issue by providing best practices and tools that all other SIGs use to instrument Kubernetes components-like the API server, scheduler, kubelet and kube-controller-manager. In this SIG Instrumenta...| www.kubernetes.dev
With Kubernetes 1.27, we (SIG Auth) are moving Key Management Service (KMS) v2 API to beta. What is KMS? One of the first things to consider when securing a Kubernetes cluster is encrypting etcd data at rest. KMS provides an interface for a provider to utilize a key stored in an external key service to perform this encryption. KMS v1 has been a feature of Kubernetes since version 1.10, and is currently in beta as of version v1.| Kubernetes