Join us

ContentUpdates and recent posts about Kata Containers..
Link
@varbear shared a link, 1 month, 2 weeks ago
FAUN.dev()

Why I'm leaving GitHub for Forgejo

The Dutch Ministry of the Interior launched code.overheid.nl, a self-hosted Forgejo instance for government source code. This move was driven by the need to own and control the platform where code is published. Forgejo was chosen over GitLab for its open-source nature and alignment with the ministry.. read more  

Link
@varbear shared a link, 1 month, 2 weeks ago
FAUN.dev()

Making your own programming language is easier than you think (but also harder)

A game developer explains how he built a low-level modding language, including sandbox constraints, an AArch64 JIT, and a small C++ compiler... read more  

Making your own programming language is easier than you think (but also harder)
Link
@kaptain shared a link, 1 month, 2 weeks ago
FAUN.dev()

Mirantis has entered into an agreement to be acquired by IREN

Mirantis has agreed to an acquisition by IREN. The companies have announced no customer-facing product changes... read more  

Mirantis has entered into an agreement to be acquired by IREN
Link
@kaptain shared a link, 1 month, 2 weeks ago
FAUN.dev()

Extending AI gateways with Rust

Every gateway ships with a set of built-in policies. Authentication. Rate limiting. Request routing. Prompt guards. These cover most use cases. But what about the ones they don’t cover? What if you need to add a custom header based on a database lookup? What if you need to transform a request body i.. read more  

Extending AI gateways with Rust
Link
@kaptain shared a link, 1 month, 2 weeks ago
FAUN.dev()

When AI agents become contributors: How KubeStellar reached 81% PR acceptance

The KubeStellar Console team learned that AI coding agents improve after engineers build deterministic feedback loops into the codebase. Engineers who grant more autonomy give agents more room to guess, with no new correction signal... read more  

When AI agents become contributors: How KubeStellar reached 81% PR acceptance
Link
@kaptain shared a link, 1 month, 2 weeks ago
FAUN.dev()

What kubectl debug doesn’t tell you: The silent evidence gap

kubectl debugsessions leave almost no forensic trace: by design,EphemeralContainerStatushas nolastStateorrestartCount, so the exit code, session duration, target container, and debugger logs disappear from the Kubernetes API the moment anything else updates the pod. That breaks incident handoffs (th.. read more  

What kubectl debug doesn’t tell you: The silent evidence gap
Link
@kaptain shared a link, 1 month, 2 weeks ago
FAUN.dev()

v1.36: Deprecation and removal of Service ExternalIPs

Kubernetes v1.36 deprecatesService.spec.externalIPsand starts the removal path, finally closing CVE-2020-8554, the trust-everyone hole the field has carried since the early days. The project has recommended disabling it via theDenyServiceExternalIPsadmission controller since v1.21, but SIG Network h.. read more  

Link
@kala shared a link, 1 month, 2 weeks ago
FAUN.dev()

Create Custom MCP Catalogs and Profiles

Docker made Custom Catalogs and Profiles available for MCP servers. Admins can distribute server catalogs they approve, and teams can package per-developer configurations as OCI artifacts... read more  

Create Custom MCP Catalogs and Profiles
Link
@kala shared a link, 1 month, 2 weeks ago
FAUN.dev()

AI Is Doing the Testing Now

Brijesh Deb's third "comfortable lie" of software testing is that AI is now doing the testing: coverage dashboards hit 80%+, regression suites maintain themselves, and leadership concludes that risk is handled, while the experienced testers who knew the domain quietly get redeployed or made redundan.. read more  

Link
@kala shared a link, 1 month, 2 weeks ago
FAUN.dev()

Tokenomics: the 62.5-minute rule for Claude's cache

Ryan Skidmore works out the tokenomics of Anthropic's prompt cache and lands on a single rule: if you expect to need a cached prefix again within 62.5 minutes, keep refreshing it with cheap reads; past that, let it expire and rewrite, because a 5-minute cache write costs 1.25x base input and a read .. read more  

Tokenomics: the 62.5-minute rule for Claude's cache
Kata Containers is a Cloud Native Computing Foundation (CNCF) project designed to close the security gap between traditional Linux containers and virtual machines. Instead of sharing a single host kernel like standard containers, Kata Containers launches each pod or container inside its own lightweight virtual machine using hardware virtualization.

This approach dramatically reduces the attack surface and prevents container escape vulnerabilities, making Kata ideal for multi-tenant, untrusted, or sensitive workloads. Despite using VMs under the hood, Kata is optimized for fast startup times and integrates seamlessly with Kubernetes through the Container Runtime Interface (CRI), allowing it to be used alongside runtimes like containerd and CRI-O.

Kata Containers is commonly used in scenarios such as multi-tenant Kubernetes clusters, confidential computing, sandboxed AI workloads, serverless platforms, and agent execution environments where strong isolation is mandatory. It supports multiple hypervisors, including QEMU, Firecracker, and Cloud Hypervisor, and continues to evolve toward faster boot times, lower memory overhead, and better hardware acceleration support.