DevopsCube

Kubernetes Interview Question 🚀 How to fix conntrack exhaustion in Kubernetes? Conntrack is one of the most critical and overlooked parts of Kubernetes networking. The conntrack table on the nodes has a maximum size. Kubernetes generates huge amounts of NAT traffic because of ClusterIP Services, kube-proxy iptables mode, readiness/liveness probes, service mesh traffic etc.. So, in a busy cluster with hundreds of pods making thousands of connections, that table fills up fast. Many Linux systems default to values around 131072 entries, though the actual value depends on kernel and system memory. If conntrack is full, the following happens. - Random connection timeouts - Intermittent DNS failures - API calls that fail with no clear error - Works sometimes, fails sometimes behavior - Services that appear healthy but connections randomly drop There are several ways to mitigate and prevent the issue. We have explained all the solutions in our detailed conntrack guide. 𝗥𝗲𝗮𝗱 𝗶𝘁 𝗛𝗲𝗿𝗲: https://t.co/2BRSFodOHG ♻️ If you find it useful, share it with fellow DevOps and Cloud Engineers. #devops #kubernetes

DevOps Tool of the Week: Agentgateway 🛠️ As AI agents become part of production systems, managing how they connect to LLMs, tools, APIs, and MCP servers becomes difficult. Agentgateway solves this by acting as a central gateway for AI agents. Here is what it does 👇 - Routes traffic between agents, tools, APIs, and LLMs. - Provides a single endpoint for MCP servers and agent communication. - Adds authentication, security policies, and rate limiting. - Gives visibility into agent requests, failures, and usage. Think of it as an API Gateway for Agentic AI systems. 👉𝗚𝗶𝘁𝗵𝘂𝗯 𝗥𝗲𝗽𝗼: https://t.co/QSLUtSNPj1 #devops #aiops #mlops

Free Claude Courses 🚀 If you are a DevOps engineer trying to understand how AI fits into infrastructure and automation these Claude courses are worth checking out. Anthropic has structured learning paths around: - AI Fluency and prompt engineering - Claude API development - Claude Code for engineering workflows - MCP (Model Context Protocol) - AI agent workflows and integrations 👉 𝗦𝘁𝗮𝗿𝘁 𝗛𝗲𝗿𝗲: https://t.co/UnkqcYoZgN ♻️ P.S. Dont forget to repost and share with the DevOps community. #devops #aiops #PlatformEngineering

How Conntrack Powers Kubernetes Services 🚀 In this guide, You will understand conntrack through real Kubernetes networking scenarios and see why it plays a critical role behind Kubernetes Services, kube-proxy, NAT, and DNS traffic. You will learn, - What conntrack is and why it exists - Why Kubernetes Services depend on it - How to inspect the conntrack table - What happens when the table gets full - How to troubleshoot and fix conntrack exhaustion in production 𝗗𝗲𝘁𝗮𝗶𝗹𝗲𝗱 𝗚𝘂𝗶𝗱𝗲: https://t.co/2BRSFodOHG ♻️ P.S. Repost and share with the DevOps community. #devops #kubernetes

What is NOTES.txt in Helm Chart? In this guide, you will learn about: - What is Helm Notes.txt - How it works and its use cases - How to view notes before and after chart installation. - Simple hands-on guide to show the Notes.txt functionality. - How to suppress notes output Detailed Blog: https://t.co/7z4Qdud7Dr ♻️ P.S. Repost and share with the DevOps community.

GitHub Actions + AWS Without Long-Lived Secrets? 🚀 Modern DevOps pipelines should not depend on hardcoded AWS access keys. Because leaked CI/CD credentials are still one of the biggest cloud security risks. That is where OIDC helps. Instead of storing AWS secrets in GitHub, your workflow gets short-lived, temporary credentials directly from AWS at runtime. - No static keys. - No secret rotation headaches. - Less blast radius if something goes wrong. In this blog, We will look at GitHub Actions OIDC AWS Integration using a step-by-step example that secures access to the AWS cloud. By the end of this guide, you will understand: - Why OIDC is a secure way to connect GitHub Actions with AWS - How GitHub’s OIDC integration works with AWS - A step-by-step method to set up OIDC using IAM roles - How to test the setup using AWS CLI and deploy to EKS with GitHub Actions workflows 𝗗𝗲𝘁𝗮𝗶𝗹𝗲𝗱 𝗕𝗹𝗼𝗴: https://t.co/cf8j1fSDZU 𝗡𝗼𝘁𝗲: A fully private GitHub Enterprise Server setup cannot use AWS OIDC unless AWS can access the GHES OIDC metadata endpoint over HTTPS #devops #GithubActions #OIDC #aws

This Kubernetes feature changes how containers handle root privileges 👇 User Namespaces is security feature that maps user and group IDs inside a container to a different set of IDs on the host (Rootless Isolation) Here is the key idea. A process running as root (UID 0) inside the container runs an unprivileged user (eg, UID 100000) on the host. Without user namespaces, when a container runs as root uses the same root identity as the host. So If an attacker breaks out of the container, they get full host privileges. I have published a hands-on guide convering the following. - What are User Namespaces - How kernel does the root to non-root user mapping - What changes when you set hostUsers: false - Limiting host UID ranges using /etc/subuid file - Hands on deployment to understand User Namespace - User Namespace limitations 𝗥𝗲𝗮𝗱 𝗶𝘁 𝗛𝗲𝗿𝗲: https://t.co/F6HmkliHvS Have you tried this feature it? ♻️ PS: Repost and share this with the community! #devops #kubernetes

What is the Difference Between Self-Managed vs Public SSL/TLS Certificates? 🚀 DevOps Engineers often work with TLS certificates, and understanding the difference between self-managed and paid certificates is very important. So lets understand the basics. 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗮 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲 𝗔𝘂𝘁𝗵𝗼𝗿𝗶𝘁𝘆? Certificate Authority (CA) is usually a company or organization that issues digital certificates. Here's how to request a TLS certificate from a well-known Certificate Authority (CA) like Verisign, LetsEncrypt or Comodo: - Create a Certificate Signing Request (CSR) with a private key. The CSR includes details about your location, organization, and FQDN (Fully Qualified Domain Name). - Send the CSR to the trusted CA. - The CA validates the request and sends back a TLS certificate signed using the CA’s private key. - Validate and use this TLS certificate with your applications. Most browsers and operating systems 𝘀𝘁𝗼𝗿𝗲 𝗿𝗼𝗼𝘁 𝗖𝗔 𝗰𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲𝘀 from all the trusted CAs. You can view them from the browser settings. That is why browsers don’t show security messages when visiting websites using TLS from a trusted and well-known commercial CA. Each browser has its own set of criteria and processes for accepting and trusting CAs. 𝗦𝗼, 𝘄𝗵𝗼 𝗱𝗲𝗰𝗶𝗱𝗲𝘀 𝗶𝗳 𝗮 𝗖𝗔 𝗰𝗮𝗻 𝗯𝗲 𝘁𝗿𝘂𝘀𝘁𝗲𝗱? Well, they are vetted by independent audit organizations like webtrust. The results of these audits are important for a CA to be trusted by web browsers and operating systems. Now let’s look at self-managed certificates. For internal applications, organizations often run their own private CA (PKI infrastructure). The workflow looks like this: - Create your own Root CA certificate and CA private key - Generate a server private key and CSR - Use the CA private key to sign the CSR and generate the TLS certificate - Install the Root CA certificate in browsers or operating systems to avoid HTTPS warnings Without installing the Root CA certificate, browsers will show security warnings because the CA is not publicly trusted. For public endpoints, organizations always use certificates from well-known CAs (LetsEncrypt or paid ones) We share deep dives on Kubernetes, DevOps,MLOps, Cloud and GitOps → 𝗝𝗼𝗶𝗻 𝗛𝗲𝗿𝗲 (𝟭𝟬𝟬% 𝗳𝗿𝗲𝗲): https://t.co/CE4L4ioJQS ♻️ PS: Repost and share it with the DevOps community. Got any tips? ⬇️ Discuss in the comments below! ⬇️ #devops #devopscommunity

☕ This Week in DevOpsCube Here’s the TLDR 👇 • Feature Store explained for DevOps Engineers • Deploy a ML Feature Store on Kubernetes • Reducing Kubeflow image size from 3.17 GB to 354 MB • Real Kubernetes CNI troubleshooting scenario on AWS • How Uber runs 60,000 AI agent tasks • Free Claude courses & learning resources 𝗥𝗲𝗮𝗱 𝗶𝘁 𝗛𝗲𝗿𝗲: https://t.co/5kRPqMlmvM ♻️ PS: If you find these resources useful, share this with your network. #devops #mlops

You won't see this 65% Discount again until Cyber Monday👇 Use code MM26CCCT at https://t.co/5VBbRF75mQ to get flat 50% discount on Individual certifications like CKA, CKAD etc. Using code MM26BUNCT you can save up to 60% on the following k8s certification bundles. - CKA + CKAD: https://t.co/PcLv6wrgWE - CKA + CKS Bundle: https://t.co/Q0oftVhejG - CKA + CKAD + CKS Exam bundle: https://t.co/FpGH7sCu8Z - KCNA + CKA: https://t.co/gTh4V3UPl9 - KCSA + CKS Exam Bundle: https://t.co/ugSKJ2EjWg - KCNA + KCSA Exam Bundle: https://t.co/zvSxZti8QZ You can save up to 65% off on Kubestronaut Bundle as compare to individual purchase. Use code MM26K8BUNCT for the following Kubestronaut Bundle - KCNA + KCSA + CKA + CKAD + CKS: https://t.co/RCvKl8lwt4 Kubestronaut Benefits Includes the following. - Five 50%-off certification coupons each year to use or share - 20% off select CNCF events - Exclusive Kubestronaut community access - The iconic blue Kubestronaut jacket Grab these offers before it end. ♻️ P.S. Don’t forget to repost and share it with the DevOps community and your friends! #kubernetes #devops #cka #ckad #cks

DevOps Tool of the Week: Kafbat UI ⚒️ Running Kafka in production is great until you need to actually look inside it. Kafbat UI is a free, open-source web UI to monitor and manage Apache Kafka clusters. It gives you a single pane of glass for your Kafka clusters. Brokers, topics, partitions, consumer groups, schema registry, Kafka Connect, all in one dashboard. You can browse messages in JSON, Avro, or Protobuf, filter live streams with CEL expressions, check consumer lag per partition, and create or reconfigure topics without touching a CLI. 𝗚𝗶𝘁𝗛𝘂𝗯 𝗥𝗲𝗽𝗼: https://t.co/mrM1WEUu7q #devops #devopstool

Setup a ML feature Store on Kubernetes 🚀 If you are learning MLOps as a DevOps engineer, You need to know how an ML feature store works. The best way to understand a ML feature store is by setting it up and manage features yourself. We have a detailed hands-on guide that covers the open-source Feature Store called Feast. In this guide, you will learn: - What is Feast? - Key Feast components - Feast Operator setup on Kubernetes - Configure offline and online stores. - Use a simple Python script to verify feature serving - How to measure feature serving latency metrics like p50, p95, and p99 𝗗𝗲𝘁𝗮𝗶𝗹𝗲𝗱 𝗕𝗹𝗼𝗴: https://t.co/1L8zNanycN #devops #mlops

Learn this Kubernetes Troubleshooting Scenario 🚀 When deploying Kubeadm based kubernetes cluster on AWS with Calico CNI, You may encounter a connection timed out issue between Pods and CoreDNS. We encountered this issue and we have created a detailed blog that explains, - Why the issue happens - How to troubleshoot it step by step - The actual root cause - How AWS networking interacts with Calico - How to fix it properly 𝗥𝗲𝗮𝗱 𝘁𝗵𝗲 𝗕𝗹𝗼𝗴: https://t.co/sQSnpVYGHl Over to you! Have you faced any Kubernetes networking issue in production? Comment below. #devops #kubernetes

Feature Store Explained for DevOps Engineers 🚀 If you want to level up in MLOps, Feature Store is a must know concept. It is one of the core building blocks of MLOps. In our latest MLOPs newsletter edition, we covered the following. - What is a feature store actually - Offline vs Online features (very important) - What is feature registry. - Feast feature store architecture - Role of DevOps engineers in feature management. - Hands on Feast Feature Store setup on Kubernetes 𝗥𝗲𝗮𝗱 𝗶𝘁 𝗛𝗲𝗿𝗲: https://t.co/83sJ9Z5Nsh We have published 9 editions so far in this MLOps series. This week, newsletter subscribers will receive a detailed edition on Kubeflow. It is one of the key open-source platforms for building ML workflows on Kubernetes. ♻️ PS: Repost and share this with DevOps engineers who want to expand into MLOps. #mlopsfordevops #mlops #devops

From 3.17 GB to 354 MB Docker Image 🚀 A image used in a Kubeflow pipeline project was 3.17 GB. In this blog, you will learn how the image was optmized to 354 MB (an 89% reduction) and the reasoning behind every change. 𝗥𝗲𝗮𝗱 𝘁𝗵𝗲 𝗕𝗹𝗼𝗴: https://t.co/j8MZxoQU2T In ML projects, Image optimization is not just a infra problem. Image optimization is a colloaborative effort between Data Scientists, Developers and a DevOps engineer. It is because, each role owns a different layer of the bloat. For example, a DevOps engineer can't safely remove a library without asking the data scientist if the model actually needs it. The reduction only happens when all relevant teams sit down and answer, 𝘸𝘩𝘢𝘵 𝘥𝘰𝘦𝘴 𝘵𝘩𝘪𝘴 𝘪𝘮𝘢𝘨𝘦 𝘢𝘤𝘵𝘶𝘢𝘭𝘭𝘺 𝘯𝘦𝘦𝘥 𝘢𝘵 𝘳𝘶𝘯𝘵𝘪𝘮𝘦? If you have any inputs, drop it in the comment below. #devops #mlops

65% OFF Linux Foundation sale is live now 🚀 Use code MM26CCCT at https://t.co/5VBbRF75mQ to get flat 50% discount on Individual certifications like CKA, CKAD etc. Using code MM26BUNCT you can save up to 60% on the following k8s certification bundles. - CKA + CKAD: https://t.co/PcLv6wrgWE - CKA + CKS Bundle: https://t.co/Q0oftVhejG - CKA + CKAD + CKS Exam bundle: https://t.co/FpGH7sCu8Z - KCNA + CKA: https://t.co/gTh4V3UPl9 - KCSA + CKS Exam Bundle: https://t.co/ugSKJ2EjWg - KCNA + KCSA Exam Bundle: https://t.co/zvSxZti8QZ You can save up to 65% off on Kubestronaut Bundle as compare to individual purchase. Use code MM26K8BUNCT for the following Kubestronaut Bundle - KCNA + KCSA + CKA + CKAD + CKS: https://t.co/RCvKl8lwt4 If you bundle Your Certs with THRIVE Annual Subscription you can get 65% off certifications along with, - 100+ educational products - 45+ e-learning courses with hand-on labs - 8+ SkillCreds ♻️ P.S. Don’t forget to repost and share it with the DevOps community and your friends! --- Always approach certification preparation the right way with thorough research and hands-on practice. Focus on learning and building real skills, as certification is just the validation of your knowledge and effort! #kubernetes #devops #cka #ckad #cks

Helm _helpers tpl file. What is it? If you are working with Helm charts, You might have seen a _helpers file inside the /templates folder. Most people ignore it without understanding what it is used for while deploying a chart. In our guide, we have covered, - What _helpers tpl is and how it works. - What are named template/partial - Hands-on example demonstrating its usage. - When not to use it 𝗥𝗲𝗮𝗱 𝗶𝘁 𝗛𝗲𝗿𝗲: https://t.co/578p1QITdB Have you used _helpers in your charts? #devops #kubernetes