Announcing Kyverno Release 1.15! (4 minute read)
Kyverno 1.15 enhances Kubernetes policy management with new CEL-based policy types. It introduces MutatingPolicy, GeneratingPolicy, and DeletingPolicy, all of which convert automatically to Kubernetes admission controllers. The update shows significant performance improvements when using ValidatingPolicy over traditional ClusterPolicy for Pod Security Standards (PSS) enforcement.
|
Kubernetes v1.34: Finer-Grained Control Over Container Restarts (4 minute read)
Kubernetes 1.34 introduced a new alpha feature, "Container Restart Policy and Rules," allowing users to define restart policies for individual containers within a Pod. This feature, enabled behind the ContainerRestartRules feature gate, provides granular control over container restarts based on exit codes, addressing limitations of the previous Pod-level restart policy. It can be useful for long-running AI/ML workloads where in-place restarts of failed containers with retriable exit codes are needed for better resource utilization.
|
|
Airbnb Executes Istio Upgrades at Massive Scale (7 minute read)
Airbnb has developed a zero-downtime Istio upgrade pipeline that coordinates workloads across Kubernetes and VMs using dual-version control planes, automated mutation frameworks, and a VM-specific rollout system. Other major companies like Netflix, LinkedIn, and Uber pursue different service mesh upgrade strategies, but all emphasize safe rollouts and reducing operational risk.
|
How we accelerated Secret Protection engineering with Copilot (17 minute read)
GitHub's Secret Protection team used Copilot to accelerate the expansion of validity checks, a feature that verifies whether leaked credentials are active. By integrating Copilot into their repeatable framework-driven workflow, they scaled coverage from 32 to nearly 120 token types in weeks, while engineers focused on research, review, and nuanced decisions.
|
Jujutsu for Everyone (7 minute read)
Jujutsu is a Git-compatible but simpler and more powerful version control system designed to be easier for beginners while still supporting advanced workflows. The learning path is structured into progressive levels, starting with solo basics and collaboration essentials, and building up to problem-solving, history rewriting, and productivity features, offering a complete progression that evolves alongside both the tool and the learner's needs.
|
|
DevOps, Bridge Your Kubernetes Management Gap! (Sponsor)
Battling Kubernetes complexity, security, and unexpected costs as critical applications scale? This IDC Spotlight paper offers crucial insights. Learn how to unify application, storage, and data management for robust, simplified large-scale deployments. Automate and secure your cloud-native estate. Read the full report to optimize resources and ensure uptime!
|
Paddler (GitHub Repo)
Paddler, an open-source LLMOps platform, enables organizations to host and scale AI models within their own infrastructure, offering privacy, reliability, and cost control. Featuring a self-contained binary with balancer and agent components, Paddler uses a built-in llama.cpp engine for inference and provides a web admin panel for monitoring, model management, and testing.
|
Automating threat analysis and response with Cloudy (Tool)
Cloudflare has integrated its AI agent, Cloudy, with its security analytics, creating a conversational interface for faster root cause analysis of traffic anomalies. Since its launch in March, 54,000 users have tried Cloudy for custom rule creation, with 31% deploying suggested rules. It can now offer contextual data about threats observed across Cloudflare's global network.
|
|
Replacing a cache service with a database (4 minute read)
Caches provide pre-computed data at ultra-low latencies and offer fine-grained control, eviction policies, and lightweight scaling that databases cannot yet match. While partial replicas, incremental view maintenance, and advanced structures may narrow the gap, caches remain indispensable because databases are still too heavy, costly, and connection-limited for typical cache workloads.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
|
Track your referrals here.
|
|
Want to advertise in TLDR? π°
If your company is interested in reaching an audience of devops professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? πΌ
Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Kunal Desai & Martin Hauskrecht
|
|
|
|
