I have been teaching Kubernetes for a long time and one of My old Kubernetes workshops has crossed 1.7 million views so I decided to create a fresh course covering the cool topics like CRI, CNI, CSI, kube-proxy, Kubernetes networking, coreDNS, all types of services - externalname, headless, clusterip, nodeport, LB and much more with a project based learning. If you are new to Kubernetes or want to level up your Kubernetes game then this course is for you - its FREE.
Did you here the news about the critical vulnerability NVIDIAScape? Wiz Research discovered the NVIDIAScape vulnerability (CVE-2025-23266), it exposed a container escape path via the NVIDIA Container Toolkit. The easy answer? Patch ASAP (upgrade NVIDIA Container Toolkit > v1.17.8). But the incident kicked off a bigger debate: Do we really need to run all our AI infra inside VMs just for better isolation?
We replicated the full exploit chain (malicious image + LD_PRELOAD + privileged hook) and saw that:
Without vNode: Exploit lands you on the host. Game over.
With vNode: Exploit gets stuck in a minimal, locked-down sandbox. Host is untouched.
Here’s where things get interesting:
We took a deep dive and tested vNode a Kubernetes-native sandbox runtime for exactly this scenario. Unlike VMs (which bring extra complexity and performance hit), vNode adds a secure isolation layer at the container level, trapping breakouts before they ever reach the host.
If you’re running AI workloads, especially with GPUs, and worried about these breakout risks but don’t want VM overhead, vNode might be worth a look.
Full walkthrough, YAMLs, and exploit PoC is mentioned in the blog
Would love to hear how others are approaching runtime isolation for GPU clusters! Anyone else using vNode, gVisor, Kata Containers, or similar? What’s your tradeoff between security and performance?
In this course, you'll learn :
Kubernetes architecture, CRI/CNI/CSI
kube-proxy, CoreDNS
Pods, Deployments, Services, ConfigMaps, Secrets
Scheduler, StatefulSet
RBAC
All the concepts to deploy an application on Kubernetes
How to deploy microservices (Auth, Frontend, Game service)
How to Expose them using Kubernetes Services
How to Set up CloudNativePG for postgres database
How to Secure your app using cert-manager and Kubernetes Gateway API
How Monitor everything using kube-prometheus-stack and Grafana dashboard
Kube mentor is a custom GPT that is curated by me to help you prepare for CKA certification.
It is fine tuned to give you good practice scenarios for CKA.
