Kubernetes
Coverage of Kubernetes in the Nexus archive.
- Show HN: Nightwatch, The open-source, read-only AI SRE
Nightwatch is an open-source, read-only AI SRE tool designed to enhance monitoring systems by grouping alert storms into incidents, flagging noisy checks, and using an agent to investigate live systems. Developed after a Kubernetes upgrade incident, it emphasizes local-first deployment, self-hosting, and data security through masked secrets during remote LLM interactions.
- Gigabyte packs 40 Intel Lunar Lake PCs in a pizza box
Gigabyte unveiled a high-density server platform at COMPUTEX 2026 that houses 40 Intel Core Ultra 7 258V-powered compute nodes in a compact 'pizza box' chassis. Each node includes 32 GB of LPDDR5x memory, Arc 140V graphics, and a 48 TOPS NPU, with the system offering 320 cores and 1.28 TB of memory. The platform targets microservices and cloud-based workloads like Kubernetes and Microsoft 365 cloud PCs.
- Show HN: Mercek – A Desktop IDE for AWS ECS
Mercek is a newly developed desktop IDE for AWS ECS, created by a user who found it tedious to log into the AWS console repeatedly. The tool is open source and available on GitHub, addressing a gap in the ecosystem similar to Lens for Kubernetes.
- Self-hosted dev sandboxes with preview URLs (Docker, Go, no K8s)
The article introduces a self-hosted development sandbox solution using Docker and Go, without Kubernetes. It provides preview URLs for testing and is hosted on GitHub by Tastyeffectco.
- TypeScript devs no longer need to tangle with C# to use Aspire dev stack after Microsoft update
Microsoft released Aspire 13.4, making TypeScript first-class in the Aspire dev stack, eliminating the need for C#. New integrations include Go, Bun, Blazor/WebAssembly, and enhanced Kubernetes deployment features.
- Launch HN: Expanse (YC P26) – Unlock Wasted GPU Capacity
Expanse, a company founded by Ismaeel, Eren, Yafet, and Nikodem, offers a solution to optimize GPU cluster utilization by predicting resource needs and reducing waste. Datacenters typically operate at 30-40% efficiency due to over-requesting resources, but Expanse's machine learning models improve accuracy, potentially saving millions in compute costs.
- Google, Canonical team up to certify Ubuntu images for TPU VMs
Google Cloud and Canonical have collaborated to release certified Ubuntu images for Tensor Processing Unit (TPU) VMs, making them the default for TPU instances. The certified images, including Ubuntu 22.04 LTS and 24.04 LTS, offer enhanced support and security, with Ubuntu Pro services set to be available in Q3.
- Bare metal cloud servers now cheaper and more readily available than on-prem hardware, says Nutanix CEO
Nutanix CEO Rajiv Ramaswami claims cloud bare metal servers are now cheaper and easier to acquire than on-prem hardware due to hyperscalers' bulk purchasing power. He highlights persistent high memory/storage prices, growing on-prem AI adoption for cost predictability, and Nutanix's Q3 2026 results showing 730 new clients and $703 million revenue. The company shifted to support external storage, securing deals with Everpure and Dell.
- HackerOne takes an axe to its bug bounty rewards
HackerOne has drastically reduced bug bounty rewards through its Internet Bug Bounty (IBB) program, cutting payouts by 68-88% across all severity levels. The program remains paused while the platform evaluates adjustments, leaving security researchers waiting for payments on previously submitted vulnerabilities.
- Worm rubs out competitor's malware, then takes control
A mysterious worm called PCPJack is removing TeamPCP infections from cloud instances and taking control, harvesting credentials and spreading to new targets. The worm was discovered by SentinelOne's SentinelLabs researchers in late April. It targets various services including Docker, Kubernetes, and MongoDB.
- Show HN: A Mutating Webhook to automatically strip PII from K8s logs
The article discusses a mutating webhook to automatically strip personally identifiable information from Kubernetes logs. The project is hosted on GitHub and has received comments on Y Combinator. The solution aims to enhance security and privacy.
- VMware claims Cloud Foundation on track for world domination
VMware has announced an update to its Cloud Foundation private cloud suite, adding features that allow users to run with less hardware. The update includes improved memory tiering tech and next-generation storage compression for AI data pipelines. VMware claims this will help reduce hardware costs and improve efficiency.
- K3k: Kubernetes in Kubernetes
K3k is a new lightweight Kubernetes distribution developed by Rancher, designed for simplified deployments and running Kubernetes inside Kubernetes. The article highlights its potential for developers seeking streamlined Kubernetes management.
- Our agent found a bug with WireGuard in Google Kubernetes Engine
An agent discovered a bug in WireGuard's implementation on Google Kubernetes Engine. The article details the process of identifying and analyzing the issue within Kubernetes networking.
- The most severe Linux threat to surface in years catches the world flat-footed
A critical local privilege escalation vulnerability named CopyFail (CVE-2026-31431) has been publicly exploited, allowing root access to nearly all Linux versions. Theori, a security firm, disclosed the flaw after notifying the Linux kernel security team, but many distributions had not yet applied patches, leaving systems vulnerable to breaches in data centers and personal devices.
- Kubereboot/Kured: Kubernetes Reboot Daemon
Kubereboot/Kured is an open-source Kubernetes reboot daemon designed to manage node reboots in clusters. The project is hosted on GitHub, with a Hacker News thread tracking community engagement, though currently no comments exist.
- Copy-fail-destroyer: K8s remediation for CVE-2026-31431
Norsk Helsenett has released a Kubernetes remediation tool named 'copy-fail-destroyer' to address the security vulnerability CVE-2026-31431. The tool automates mitigation for this critical flaw in Kubernetes environments.
- Show HN: Kloak, A secret manager that keeps K8s workload away from secrets
Kloak is a new secret manager designed to isolate Kubernetes workloads from secrets, enhancing security by keeping sensitive data away from application processes. It was showcased on Hacker News with 15 points and 7 comments.
- Kubernetes sets a new standard for release notes with Japanese poetry, also kills Ingress NGINX
Kubernetes released version 1.36, codenamed 'Haru,' which incorporates Japanese poetry into its release notes and establishes a thematic link to the classic print 'The Great Wave off Kanagawa.' The update also marks the deprecation of Ingress NGINX.
- Show HN: A memory database that forgets, consolidates, and detects contradiction
YantrikDB is a cognitive memory engine designed to address limitations in vector databases by consolidating memories, detecting contradictions, and enabling temporal decay. It offers features like Rust-based deployment, HA clustering, and advanced testing frameworks, with a focus on improving AI agent reliability through memory management.
- Call your existing automation ‘zero-token architecture’ to become an instant agentic AI wiz
Kelsey Hightower suggests IT professionals rebrand existing automations as 'zero-token architecture' to leverage agentic AI capabilities. This approach positions IT teams as key players in adopting deep tech amid growing interest in productivity-enhancing AI solutions.