Kyverno's apiCall feature is exactly the kind of capability platform teams end up wanting after the first wave of policy adoption. Static admission checks are useful, but real clusters are full of context. A namespace may need to be compared against an inventory system. A deployment may need
A moderate Kubernetes ecosystem CVE does not always deserve a full incident response. It does often deserve a design review. CVE-2026-44247, published through the GitHub advisory database for Volcano, is a good example. Volcano is a Kubernetes-native batch scheduling system. The advisory says its webhook server did not enforce a
If you've implemented SLO-based alerting, you've likely encountered these seemingly arbitrary numbers: burn rates of 14.4× and 6×, paired with windows of 1h/5m and 6h/30m respectively. The Google SRE Workbook presents these as proven values, but why these specific numbers? Where do they come from?
Showing 1 - 3 of 3 posts
