ContentPosts from @foof..
Link
@faun shared a link, 1 month, 1 week ago

Pooling Connections with RDS Proxy at Klaviyo

Klaviyo replaced ProxySQL on EC2 and moved toAWS RDS Proxy. Why? Less overhead. Simpler failovers. Smarter pooling. RDS Proxy handlesmultiplexing, packing thousands of client queries into way fewer DB connections. IAM access and built-in failover routing sweeten the deal...

Pooling Connections with RDS Proxy at Klaviyo
Link
@faun shared a link, 1 month, 1 week ago

Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more

A fresh CVE (2025-55305) just put Electron apps in the hot seat. The bug? Chromium-based apps fail to treatV8 heap snapshot filesas potential attack vectors. That crack lets unsigned JavaScript slip past code signing and run inside heavyweight targets like Slack, 1Password, and Signal. The heart of..

Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and more
Link
@faun shared a link, 1 month, 1 week ago

Lucidity turns spotlight onto Kubernetes storage costs

Lucidity has upgraded itsAutoScaler. It now handles persistent volumes on AWS-hosted Kubernetes, automatically scaling storage and reducing waste. The upgrade bringspod-level isolation,fault tolerance, andbulk Linux onboarding. Azure and GCP are next on the list...

Lucidity turns spotlight onto Kubernetes storage costs
Link
@faun shared a link, 1 month, 1 week ago

Rethinking Efficiency for Cloud-Native AI Workloads

AI isn’t just burning compute—it's torching old-school FinOps. Reserved Instances? Idle detection? Cute, but not built for GPU bottlenecks and model-heavy pipelines. What’s actually happening:Infra teams are ditching cost-first playbooks for something smarter—business-aligned orchestrationthat chas..

Rethinking Efficiency for Cloud-Native AI Workloads
Link
@faun shared a link, 1 month, 1 week ago

Kubernetes DNS Exploit Enables Git Credential Theft from ArgoCD

A new attack chain messes withKubernetes DNS resolutionandArgoCD’s certificate injectionto swipe GitHub credentials. With the right permissions, a user inside the cluster can reroute GitOps traffic to a fake internal service, sniff auth headers, and quietly walk off with tokens. What’s broken:GitOp..

Kubernetes DNS Exploit Enables Git Credential Theft from ArgoCD
Link
@faun shared a link, 1 month, 1 week ago

The Quiet Revolution in Kubernetes Security

Nigel Douglas discusses the challenges of security in Kubernetes, particularly with traditional base operating systems. Talos Linux offers a different approach with a secure-by-default, API-driven model specifically for Kubernetes. CISOs play a critical role in guiding organizations through the shif..

Link
@faun shared a link, 1 month, 1 week ago

Kubernetes VPA: Limitations, Best Practices, and the Future of Pod Rightsizing

Kubernetes'Vertical Pod Autoscaler (VPA)tries to be helpful by tweaking CPU and memory requests on the fly. Problem is, it needs to bounce your pods to do it. And if you're also runningHorizontal Pod Autoscaler (HPA)on the same metrics? Now they're fighting over control. VPA sees a narrow slice of ..

Kubernetes VPA: Limitations, Best Practices, and the Future of Pod Rightsizing
Link
@faun shared a link, 1 month, 1 week ago

Dynamic Kubernetes request right sizing with Kubecost

Kubecost’s Amazon EKS add-on now handlesautomated container request right-sizing. That means teams can tweak CPU and memory requests based on actual usage—once or on a recurring schedule. Optimization profiles are customizable, and resizing can be baked into cluster setup using Helm. Yes, that mean..

Dynamic Kubernetes request right sizing with Kubecost
Link
@faun shared a link, 1 month, 1 week ago

Kubernetes Primer: Dynamic Resource Allocation (DRA) for GPU Workloads

Kubernetes 1.34 brings serious heat for anyone juggling GPUs or accelerators. MeetDynamic Resource Allocation (DRA)—a new way to schedule hardware like you mean it. DRA addsResourceClaims,DeviceClasses, andResourceSlices, slicing device management away from pod specs. It replaces the old device plu..

Kubernetes Primer: Dynamic Resource Allocation (DRA) for GPU Workloads
Link
@faun shared a link, 1 month, 1 week ago

Amazon EKS Enables Ultra-Scale AI/ML Workloads with Support for 100K Nodes per Cluster

Amazon EKS just cranked its Kubernetes cluster limit to100,000 nodes—a 10x jump. The secret sauce? A reworkedetcdwith an internaljournalsystem andin-memorystorage. Toss in tightAPI server tuningand network tweaks, and the result is wild: 500 pods per second, 900K pods, 10M+ objects, no sweat—even un..

Amazon EKS Enables Ultra-Scale AI/ML Workloads with Support for 100K Nodes per Cluster