Docs
Curated Kubernetes content from AKS, EKS, GKE, OpenShift, Rancher/K3s and more—auto‑aggregated daily.
- 2026-01-29Digital Ocean
Technical Deep Dive: How we Created a Security-hardened 1-Click Deploy Moltbot
Technical Deep Dive: How we Created a Security-hardened 1-Click Deploy Moltbot Delivering an Image with Safe Defaults Keeping deployments consistent (DevOps) TLS (Keep communications safe and auditable) Authz (Gateway Key + Pairing) Sandboxing (keep safe from Agents) Safe Defaults Deployment Constraints and Upcoming Features After deploy (make it yours!) Get started with the 1-Click Deploy MoltBot About the author Related Articles Technical Deep Dive: How DigitalOcean and AMD Delivered a 2x Production Inference Performance Increase for Character. ai DoTs SDK Development: Automating TypeScript Client Generation How startups scale on DigitalOcean Kubernetes: Best Practices Part VI - Security By Freddie Rice Updated: January 29, 2026 5 min read Moltbot, an open source AI assistant , has exploded in popularity over the last few days, and at DigitalOcean we immediately wondered “how can we enable more people to try this new technology safely and easily?” We noticed that there was a lot of interest by folks looking to use this software, but also that there was concern around the security of the open source software, especially when connecting it directly to users’ own machines.
#kubernetes - 2026-01-29Nirmata Blog
Kubernetes nodes/proxy GET → RCE: how “telemetry” permissions can compromise a cluster
Kubernetes nodes/proxy GET → RCE: how “telemetry” permissions can compromise a cluster References What’s happening (in plain English) The key idea Why nodes/proxy is especially risky Why platform teams should care: observability is a common blast-radius multiplier Prevention with Kyverno: make “dangerous RBAC” unshippable Policy 1: Block nodes/proxy (and nodes/* ) when verbs include get or * Defense-in-depth best practices (don’t skip these) 1) Inventory who already has nodes/proxy 2) Prefer Metrics API and fine-grained subresources 3) Network containment: reduce kubelet reachability 4) Audit logging (know what your audit can see) 5) Keep privileged landing zones small A short “how-to” using nctl ai : generate the Kyverno policy + tests, then iterate fast Step 1: Generate policy + tests with one prompt Step 2: Save files into a tiny test harness Step 3: Run tests locally Step 4: Iterate using real RBAC from your cluster Step 5: Roll out safely (Audit → Enforce) Conclusion A subtle (and frankly surprising) Kubernetes authorization behavior has resurfaced as a practical cluster-compromise path : an identity granted nodes/proxy with get can be leveraged to execute commands in Pods across the cluster—effectively turning what many teams treat as “read-only node telemetry access” into remote code execution (RCE). This isn’t being treated like a traditional CVE you can patch away.
#nirmata #kubernetes - 2026-01-29Digital Ocean
Introducing Moltbot on DigitalOcean: One-Click Deploy, Security-hardened, Production-Ready Agentic AI
Introducing Moltbot on DigitalOcean: One-Click Deploy, Security-hardened, Production-Ready Agentic AI From local agents to always-on systems One-Click Deploy: Safe Defaults, Built for Production Get Started in Minutes About the author Related Articles Introducing Multiple Registry Support on DigitalOcean Container Registry Powering the Next Leap in AI: GPU Droplets accelerated by NVIDIA HGX™ B300 are coming soon to DigitalOcean Evaluate your AI agents faster and more effectively By DigitalOcean Updated: January 29, 2026 4 min read We’re excited to announce 1-Click deployment for Moltbot on DigitalOcean Droplet® servers, making it faster to run always-on, agentic AI in a security-hardened cloud environment. Moltbot’s rapid adoption is a powerful example of developer-led innovation.
#kubernetes - 2026-01-29VMware Cloud Foundation Blog
VCF Breakroom Chats Episode 82 – Beyond DevOps: What is Platform Engineering?
VCF Breakroom Chats Episode 82 About the VCF Breakroom Chat Series Discover more from VMware Cloud Foundation (VCF) Blog Related Articles VCF Breakroom Chats Episode 82 – Beyond DevOps: What is Platform Engineering? Better Together: Modernizing Access Management with Symantec SiteMinder and VMware vSphere Kubernetes Service Building an AI Ready Factory: How Software Defined Production Is Transforming Manufacturing Welcome to the next episode of the VCF Breakroom Chats. Today, we are happy to present this vLog with Jad El-Zein , Principal Technologist at Broadcom.
#vmware #cloud-foundation #kubernetes - 2026-01-29CNCF
From global stages to a local landmark: Organizing KCD Sri Lanka 2025
Learning from the global cloud native community Bringing KubeCon level energy to KCD Sri Lanka Introducing the breakout room concept A strong CFP and an exceptional lineup A lively and crowded booth area Battle of DevOps: A first for the community KCD arena and the Sri Lankan jam Challenges and lessons learned Looking back What’s next for KCD Sri Lanka Posted on January 29, 2026 by Chamod Perera, KCD Organizer and CNCF Ambassador Before KCD Sri Lanka 2025, our organizing team received an incredible opportunity to attend and speak at KubeCon events for the very first time. Our organizers Chamod Perera , Kemila De Silva , and Suresh attended KubeCon India 2024, experiencing firsthand the scale, energy, and community spirit of a global CNCF event.
#cncf - 2026-01-29Redhat Blog
Context as architecture: A practical look at retrieval-augmented generation
Context as architecture: A practical look at retrieval-augmented generation From conversation to context RAG as a system, not a feature Why retrieval is harder than it looks Why enterprises adopt RAG anyway Where RAG stops Looking ahead The adaptable enterprise: Why AI readiness is disruption readiness About the authors Frank La Vigne Robbie Jerrom More like this Sovereign AI architecture: Scaling distributed training with Kubeflow Trainer and Feast on Red Hat OpenShift AI AI quickstarts: An easy and practical way to get started with Red Hat AI Technically Speaking | Build a production-ready AI toolbox Technically Speaking | Platform engineering for AI agents Keep exploring Browse by channel Automation Artificial intelligence Open hybrid cloud Security Edge computing Infrastructure Applications Virtualization Share In a previous article, The strategic choice: Making sense of LLM customization , we explored AI prompting as the first step in adapting large language models (LLMs) to real-world use. Prompting changes how an AI model responds in terms of tone, structure, and conversational behavior without changing what the model knows.
#kubernetes - 2026-01-29Redhat Blog
From if to how: A year of post-quantum reality
From if to how: A year of post-quantum reality The victory: RHEL is the anchor The reality check: Apps and hardware are the brake The unexpected win: Skeleton hunting 2026: From discovery to standardization Take a page from our book 1. Inventory is archaeology, not just a scanning effort 2.
#kubernetes - 2026-01-29Redhat Blog
How Banco do Brasil uses hyperautomation and platform engineering to drive efficiency
How Banco do Brasil uses hyperautomation and platform engineering to drive efficiency Scalability through capabilities and hyperautomation Driving sustainability with FinOps and GreenOps Transforming the developer experience Accelerating the journey with artificial intelligence Start your own automation journey 5 steps to automate your business About the author Debbie Margulies More like this 2025 Red Hat Ansible Automation Platform: A year in review New observability features in Red Hat OpenShift 4.20 and Red Hat Advanced Cluster Management 2.15 Technically Speaking | Taming AI agents with observability You Can’t Automate Cultural Change | Code Comments Keep exploring Browse by channel Automation Artificial intelligence Open hybrid cloud Security Edge computing Infrastructure Applications Virtualization Share At the recent OpenShift Commons gathering in Atlanta, we had the opportunity to hear from Gustavo Fiuza, IT leader, and Welton Felipe, DevOps engineer, about the remarkable digital transformation at Banco do Brasil. As the second-largest bank in Latin America, they manage a massive scale, serving 87 million customers and processing over 900 million business transactions daily.
#kubernetes - 2026-01-29Kubernetes Blog
Ingress NGINX: Statement from the Kubernetes Steering and Security Response Committees
Ingress NGINX: Statement from the Kubernetes Steering and Security Response Committees In March 2026, Kubernetes will retire Ingress NGINX, a piece of critical infrastructure for about half of cloud native environments. The retirement of Ingress NGINX was announced for March 2026, after years of public warnings that the project was in dire need of contributors and maintainers.
#kubernetes - 2026-01-28Tigera
Why Kubernetes Flat Networks Fail at Scale—and Why Your Cluster Needs a Security Hierarchy
The Limits of Flat Networking Change Gridlock and Compliance Gaps Bringing Order with Tiers and Staged Policies 1. Calico Tiers: Hierarchical Policy Management 2.
#tigera