Daniel Neumann

An experiment – Enable Cilium native routing on Azure Kubernetes Service BYOCNI – Part 3 www.danielstechblog.io/an-experimen... #Azure #AKS #Kubernetes #Cilium

How can we securelty contain #AI?. In this live discussion, experts will explore why traditional container isolation falls short for agent-based systems & what changes when agents have persistent memory, filesystem access, GPUs, or external execution authority

www.youtube.com/watch?v=WM5p...

An experiment – Enable Cilium native routing on Azure Kubernetes Service BYOCNI – Part 2 www.danielstechblog.io/an-experimen... #Azure #AKS #Kubernetes #Cilium

An experiment – Enable Cilium native routing on Azure Kubernetes Service BYOCNI – Part 1 www.danielstechblog.io/an-experimen... #Azure #AKS #Kubernetes #Cilium

Introducing Node Readiness Controller In the standard Kubernetes model, a node’s suitability for workloads hinges on a single binary "Ready" condition. However, in modern Kubernetes environments, nodes require complex infrastructure dependencies—such...

Introducing Node Readiness Controller-

Scaling DNS on AKS with Cilium: NodeLocal DNSCache, LRP, and FQDN Policies | Microsoft Community Hub Why Adopt NodeLocal DNSCache? The primary drivers for adoption are usually: Eliminating Conntrack Pressure: In high-QPS UDP DNS scenarios, conntrack...

Scaling DNS on #AzureKubernetesService with Cilium: NodeLocal DNSCache, LRP, and FQDN Policies by Simone Rodigari techcommunity.microsoft.com/t5/linux-and...

Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8554 | Datadog Security Labs A look at how Kubernetes CVE-2020-8554 works

"Additionally, it's worth noting that if you're using Cilium as a cluster CNI with its "kube-proxy replacement," you're not affected by this CVE"

Can't be vulnerable to something that isn't there 🤔

securitylabs.datadoghq.com/articles/unp...

🐝 eCHO News 99 🐝

#CiliumCon Schedule Out
XDP Load Balancer Lab

cs.co/echo-news-99

#Cilium #eBPF

Use Azure Log Alerts with Azure Data Explorer www.danielstechblog.io/use-azure-lo... #Azure #AzureDataExplorer #AzureLogAlerts

Kubernetes 1.35: Enhanced Debugging with Versioned z-pages APIs-

Kubernetes v1.35: Fine-grained Supplemental Groups Control Graduates to GA-

Azure Data Explorer network access restrictions www.danielstechblog.io/azure-data-e... #AzureDataExplorer #Azure

CVE-2025-14269: Credential caching in Headlamp with Helm enabled · Issue #135798 · kubernetes/kubernetes Original tracking issue: kubernetes-sigs/headlamp#4282 CVSS Rating: High (8.8) CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Description of vulnerability A security issue was discovered in the in-cl...

CVE-2025-14269: Credential caching in Headlamp with Helm enabled -

Default #PostgreSQL logging often hides the critical signals you need when errors or performance issues occur.

We wrote a guide on bringing Postgres logs up to modern #observability standards with structured output, a clearer signal, and better integration.

👉 Full guide: dash0.link/postgresql-l...

Promotional image for Open Source Friday featuring Bill Mulligan with the Cilium logo.

Today on Open Source Friday, we’re spotlighting @cilium.io!

Powered by eBPF, it brings modern networking, security, and observability to your cloud-native environments. 🐝

Set a reminder for when we go live. 🔔
https://gh.io/cilium

State of Kubernetes Networking Report 2025 The State of Kubernetes Networking Report 2025 is now available. Based on hundreds of real-world responses, the report reveals how organizations are building and securing their Kubernetes networks tod...

The new State of Kubernetes Networking report is basically a condensed version of every hallway track conversation I had at KubeCon Atlanta. Here are my takeaways of what everyone is quietly wrestling with:

🐝 eCHO News 93 🐝

eBPF on GPUs
Ingress NGINX to Cilium

cs.co/echo-news-95

Ingress NGINX Retirement: What You Need to Know To prioritize the safety and security of the ecosystem, Kubernetes SIG Network and the Security Response Committee are announcing the upcoming retirement of Ingress NGINX. Best-effort maintenance will...

Ingress NGINX Retirement: What You Need to Know-

Blog: Ingress NGINX Retirement: What You Need to Know-

Use node initialization taints on Azure Kubernetes Service with Cilium www.danielstechblog.io/use-node-ini... #Azure #AzureKubernetesService #Kubernetes #Cilium

The official home of the Python Programming Language

TLDR; The PSF has made the decision to put our community and our shared diversity, equity, and inclusion values ahead of seeking $1.5M in new revenue. Please read and share. pyfound.blogspot.com/2025/10/NSF-...
🧵

Cilium’s new Hubble flow policy log field www.danielstechblog.io/ciliums-new-... #Kubernetes #Cilium #AzureKubernetesService #AzureDataExplorer

🥳 CNS Munich 2026 edition takes place on 29 - 30 June! 🎉

📢 Our call for sponsors is open; check out all the information and updated sponsor options here: cnsmunich.de#sponsors

Stay tuned for the early-bird tickets and call for papers!

We cannot wait to meet you all in June 2026! 🚀

Still relying on raw text #logs and grep to debug distributed systems?

We wrote a guide on how structured logging turns noisy strings into real #visibility across #clouds and #services, adding the context you need to #debug faster.

👉 Read the full guide: dash0.link/logging-best...

Container Security: Fundamental Technology Concepts That Protect Cloud Native Applications Fundamental Technology Concepts That Protect Cloud Native Applications

📚 The 2nd edition of 🔒Container Security 🔒 is out now! 📚
bookshop.org/p/books/cont...

Introducing Headlamp Plugin for Karpenter - Scaling and Visibility Headlamp is an open‑source, extensible Kubernetes SIG UI project designed to let you explore, manage, and debug cluster resources. Karpenter is a Kubernetes Autoscaling SIG node provisioning project...

Introducing Headlamp Plugin for Karpenter - Scaling and Visibility-

CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU · Issue #101493 · kubernetes/kubernetes CVSS Rating: Low (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N) A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes contr...

CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU -

Azure DDoS Protection now supports QUIC protocol — Securing the future of HTTP/3 traffic | Microsoft Community Hub The internet’s transport layer is undergoing one of its most significant evolutions in decades. QUIC (Quick UDP Internet Connections) — the protocol...

Azure #AzureDDoSProtection now supports QUIC protocol — Securing the future of HTTP/3 traffic by Shabaz Shaik techcommunity.microsoft.com/t5/azure-net...

Release 0.36.0 · kubernetes-sigs/headlamp ✨ Enhancements: Add support for EndpointSlice resources. Add memory for table sorting column and direction across navigation. Thanks to @krrish-sehgal Enhance global search to support searching by...

🎉 Headlamp 0.36.0 is out! Highlights are:
- EndpointSlice support
- Persistent table sorting
- Label-based search improvements
... And many other improvements. Check it out at github.com/kubernetes-s...

Introducing Image Customizer for Azure Linux | Microsoft Community Hub We are excited to release Image Customizer, an open-source tool, built and maintained by the Azure Linux team. Image Customizer lets you customize...

Introducing Image Customizer for Azure Linux by Kavya Nagalakunta #Azure techcommunity.microsoft.com/t5/linux-and...