Agent Sandbox 📦, Postgres Internals 🌐, Kubernetes Contexts ☁️

Google's Agent Sandbox is a new Kubernetes primitive designed for secure, scalable agent code execution with strong isolation ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR DevOps 2025-11-14 Disjointed tech stack = blind spots. Close yours with the ITOps -SecOps convergence checklist (Sponsor) Legacy tools create silos, slow response, and weaken resilience. As ITOps and SecOps converge, your stack must work in harmony—not isolation. Use this N-able checklist to uncover inefficiencies like delayed onboarding, fragmented reporting, disconnected patching, and limited threat visibility. Score your stack on: ✅ Endpoint automation ✅ Dynamic risk grouping ✅ Intelligent vulnerability & patch management ✅ Proactive alerting & response Get the checklist now 📱 News & Trends Introducing Agent Sandbox: Strong guardrails for agentic AI on Kubernetes and GKE (4 minute read) Google's Agent Sandbox is a new Kubernetes primitive designed for secure, scalable agent code execution with strong isolation built on gVisor and Kata Containers. Integrated with GKE, it improves AI agent performance through features like pre-warmed sandboxes and Pod Snapshots, enabling faster startup times and efficient compute utilization for AI and reinforcement learning workloads. Docker Desktop 4.50: Indispensable for Daily Development (2 minute read) Docker Desktop 4.50 enhances development productivity with free debugging tools, deeper IDE integration, seamless Kubernetes deployment, and enterprise-grade security controls that do not slow workflows. It also simplifies AI-native development through accessible Model Context Protocol integrations, dynamic MCPs, and guided onboarding, enabling teams to build, test, and deploy applications efficiently at scale. Helm Marks 10 Years With Release of Version 4 (2 minute read) Helm 4, released on Helm's 10th anniversary, simplifies and secures Kubernetes application deployment with improved SDKs, a modern plugin system, and support for multi-cluster and CI/CD workflows. It retains familiar interfaces while enabling future chart features, enhancing performance and developer flexibility across cloud-native environments. 🚀 Opinions & Tutorials Postgres Internals Hiding in Plain Sight (9 minute read) Postgres exposes a rich set of internal catalogs—accessible through psql commands like \d, \di, and \dx, and views such as pg_stat_activity, pg_stat_statements, and pg_locks—that reveal live activity, performance stats, locks, configuration, and role information. Beneath these views are core catalog tables (pg_class, pg_attribute, pg_type, pg_proc, and pg_stats) that store the database's own metadata. Using psql -E or ECHO_HIDDEN lets you see the exact SQL behind psql commands to explore these internals more deeply. Wrangling Kubernetes contexts (3 minute read) Kubernetes contexts are dangerously easy to overlook because a single hidden line in ~/.kube/config controls which cluster every kubectl command targets, making accidental production changes far too easy. A safer pattern is to keep only the development config as the default and switch explicitly to production by setting KUBECONFIG via shell aliases, so every risky action must be intentionally prefixed rather than relying on a global context. Why keep your index set lean (8 minute read) Extra indexes in Postgres slow down writes (every INSERT/UPDATE must update all of them), increase planner overhead, and compete for cache, hurting read performance. They also waste disk space, add autovacuum work, and generate more WAL. Unused or redundant indexes should be dropped and bloated ones rebuilt to keep databases fast and healthy. 🧑‍💻 Resources & Tools One platform. Scalable AI agents. Real results. See why OutSystems is the #1 AI-powered low-code platform (Sponsor) OutSystems Agent Workbench simplifies agentic AI development for companies around the world with the speed and flexibility of a low-code approach. Trusted by Axos Bank, Thermo Fisher Scientific, and The Arch Company, it provides a single, unified platform for scaling complex agentic systems. Deploy agents across dev, test, and production with one-click publishing. Schedule your demo Ingress NGINX Retirement: What You Need to Know (3 minute read) Due to maintenance challenges and security concerns, Kubernetes SIG Network and the Security Response Committee are retiring Ingress NGINX, with best-effort maintenance until March 2026. Users are advised to migrate to alternatives like Gateway API, as no further bug fixes or security updates will be provided after the retirement date, though existing deployments will continue to function. Strix (GitHub Repo) Strix is open-source AI agent that emulates hackers by dynamically running code to identify and validate vulnerabilities, providing fast security testing for developers. GPT-5 and Claude Sonnet 4.5 are recommended for optimal use. Strix can be integrated into CI/CD pipelines. 🎁 Miscellaneous Redis Critical Remote Code Execution Vulnerability Discovered after 13 Years (3 minute read) CVE-2025-49844 is a critical use-after-free vulnerability in Redis' Lua scripting engine that allows authenticated attackers to escape the Lua sandbox and execute arbitrary code on affected Redis and Valkey instances. The flaw, originating from a 13-year-old memory corruption bug, was patched in recent releases. Homebrew 5.0.0 (3 minute read) Homebrew 5.0.0 introduces default parallel downloads, official Linux ARM64 support, and a multi-year deprecation path for Intel macOS and non-codesigned casks. It also adds numerous improvements to brew commands, tighter macOS security alignment, and a new internal JSON API (opt-in). The update consolidates all external commands into Homebrew's primary repositories. ⚡ Quick Links You can't fix siloed thinking with siloed tools (Sponsor) You're delivering software - but are you delivering value? To answer, you need a single overview of planning, execution, and business impact. See how Planview unifies the entire product development cycle. Amazon S3 now supports tags on S3 Tables (1 minute read) Amazon S3 now allows tagging on S3 Tables to enable attribute-based access control and cost allocation. GPU Observability: Get Deeper Insights into Your Droplets and DOKS Clusters (2 minute read) DigitalOcean has rolled out new, free observability metrics for all GPU Droplets and DOKS clusters, providing users with real-time insights into GPU performance factors like utilization, temperature, and power consumption. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/3b85ceef/10 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of devops professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Kunal Desai & Martin Hauskrecht Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR DevOps isn't for you, please unsubscribe.