Public to Private Traffic ☁️, Copilot and LSP ✨, EKS Auto Mode 🚗

Cloudflare launched a closed beta that lets Enterprise customers apply WAF, bot management, rate limiting, caching, Workers, and other services ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR DevOps 2026-06-17 Cut observability costs without sacrificing visibility (Sponsor) Caught between a rock and a hard place? Cloud-native engineering teams are often asked to do two contradictory things at once: reduce costs... and improve observability.  In this on-demand webinar, Chronosphere (a Palo Alto Networks Company) will walk you through the real-world ROI frameworks that help you navigate the tightrope. Topics include: Investing in the right observability tools for your business Leveraging observability tools to increase ROI Gaining customer trust through faster incident resolution Taking advantage of AI to improve business outcomes Watch now 📱 News & Trends Route public traffic to private applications with Cloudflare (6 minute read) Cloudflare launched a closed beta that lets Enterprise customers apply WAF, bot management, rate limiting, caching, Workers, and other application services to private origins without public IP exposure, firewall exceptions, or connector software on the origin. It extends Cloudflare's private networking layer across DNS, Spectrum, and Workers VPC, with GA targeted for Q4 2026 and future support planned for private-to-private traffic flows. HCP Terraform adds project-level run tasks (6 minute read) HCP Terraform now supports project-level run tasks, allowing security, compliance, and operational controls to be enforced automatically across groups of workspaces. The feature reduces manual configuration, improves governance consistency, and scales more effectively as infrastructure grows. 🚀 Opinions & Tutorials From data residency to digital sovereignty: Architectural patterns for cloud native platforms (9 minute read) Digital sovereignty requirements have shifted from policy discussions to practical platform engineering challenges, with EU regulations like the Data Act and NIS-2 now pushing organizations to demonstrate control over not just data location but also infrastructure operation, encryption keys, and administrative access. Tenant clusters—where each regulated workload gets its own Kubernetes control plane running as pods on a shared underlying cluster—offer a more effective sovereignty model than single shared clusters, enabling operators to create jurisdiction-specific boundaries that are declared in code, audited independently, and portable across infrastructure providers. Give GitHub Copilot CLI real code intelligence with language servers (5 minute read) GitHub Copilot CLI's LSP Setup skill automates installing and configuring language servers, replacing brittle text and binary searches with semantic code intelligence for accurate type resolution, definitions, references, and documentation across 14 supported languages. The skill detects the OS, installs the appropriate LSP server, generates or merges configuration files, verifies setup, and enables the agent to understand code with IDE-like precision. 🧑‍💻 Resources & Tools Turn business process into test automation with Cycle Intelligence (Sponsor) Cycle Intelligence ingests your business process documentation and system configs from ERP workflows to supply chain systems and automatically generates executable test cases. It continuously maintains coverage, pinpoints root causes when tests fail, and cuts the manual effort of validating complex enterprise systems. Explore Cycle Intelligence and see how it works → Iroh (GitHub Repo) Iroh is a Rust-based networking library that enables direct peer-to-peer connections by dialing public keys instead of IP addresses, automatically finding the fastest route through hole-punching or fallback relay servers. The open-source project uses the QUIC protocol for authenticated encryption and includes pre-built protocols like iroh-blobs and iroh-gossip. FFI bindings are available for non-Rust languages. pyinfra (Tool) pyinfra is a python-native, agentless automation tool that runs commands over SSH concurrently, idempotently, and 6x faster than Ansible. 🎁 Miscellaneous How attackers are jailbreaking LLMs with CTF framing and how to catch them (9 minute read) Multiple attackers have been discovered successfully jailbreaking AI models to generate working exploit code by disguising their requests as legitimate "capture-the-flag" challenges or CVE security research, then deploying that code against real targets, including PraisonAI, LiteLLM, FastGPT, and Open-WebUI. The technique leaves distinctive fingerprints across 10+ source IPs, with CVE identifiers and "CTF" labels bleeding into user-agent strings, passwords, and AWS session names because the AI models baked the prompt framing into every field they generated—making these AI-assisted attacks ironically easier to detect than human-crafted ones. Finding the Needle: Taming 150,000+ Backstage Entities with a Type-Safe Search and Command Palette (9 minute read) Commander is a ⌘+K command palette for Backstage that solves search and discoverability issues across 150,000+ catalog entities using a stack-based router architecture and IndexedDB caching for sub-millisecond response times. The tool leverages advanced TypeScript techniques, including discriminated unions and Zod schema inference, to create a fully type-safe, configuration-driven system where developers can search services, trigger deployments, and access AI assistance without leaving their current page. Better Together: Amazon EKS Auto Mode and Istio Ambient Mesh (7 minute read) Amazon EKS Auto Mode automates Kubernetes compute management, including provisioning, scaling, and patching using managed EC2 and Karpenter, while Istio Ambient Mesh delivers sidecarless service-to-service mTLS, L4 and L7 authorization, and traffic control via ztunnel and waypoint proxies. ⚡ Quick Links Evolving from vibe coding to agentic engineering (Sponsor) Vibe coding brought AI into development quickly, but production needs more structure. Agentic engineering embeds AI into workflows with oversight, helping developers build, review and ship software at scale. Dive deeper into the shift AWS WAF adds AI traffic monetization capability to help content owners charge AI bots for content access (6 minute read) AWS WAF launched an AI traffic monetization capability that lets digital content publishers charge AI bots per request for accessing their content at the network edge. Docker joins the Athena coalition: a cross-industry collaboration for supply chain security (4 minute read) Docker is joining Athena, a new industry coalition focused on defending open source software against AI-accelerated vulnerability discovery. Report: GKE Inference Gateway delivers up to 92% faster AI responses (5 minute read) GKE Inference Gateway improves LLM serving by using prefix-cache-aware model-aware routing to send requests to pods with matching KV cache, reducing recomputation and latency versus round-robin load balancing. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/3b85ceef/10 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of devops professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here, create your own role or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! TLDR is one of Inc.'s Best Bootstrapped businesses of 2025. If you have any comments or feedback, just respond to this email! Thanks for reading, Kunal Desai & Martin Hauskrecht Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR DevOps isn't for you, please unsubscribe.