Xe Iaso shares their journey in building a "compute as a faucet" home lab where infrastructure becomes invisible and tasks can be executed without manual intervention. The discussion covers everything from operating system selection to storage architecture and secure access patterns. You will learn: How to evaluate operating systems for your home lab — from Rocky Linux to Talos Linux, and why minimal, immutable operating systems are gaining traction. How to implement a three-tier storage...

If you're trying to make sense of when to use Kubernetes and when to avoid it, this episode offers a practical perspective based on real-world experience running production workloads. Paul Butler, founder of Jamsocket, discusses how to identify necessary vs unnecessary complexity in Kubernetes and explains how his team successfully runs production workloads by being selective about which features they use. You will learn: The three compelling reasons to use Kubernetes are managing multiple...

This episode explores Admission Controllers and Webhooks with Gordon Myers, who shares his experience implementing webhook solutions in production. Gordon explains the lifecycle of Kubernetes API requests and how webhooks can intercept and modify resources before they are stored in etcd. You will learn: How the Kubernetes API processes requests through authentication, authorization, and Admission Controllers. The difference between Validating and Mutating webhooks and how to implement them...

Are you facing challenges with pre-production environments in Kubernetes? This KubeFM episode shows how to implement efficient deployment previews and solve data seeding bottlenecks. Nick Nikitas, Senior Platform Engineer at Blueground, shares how his team transformed their static pre-production environments into dynamic previews using ArgoCD Application Sets, Wave and Velero. He explains their journey from managing informal environment sharing between teams to implementing a scalable preview...

Discover how a seemingly simple 502 error in Kubernetes can uncover complex interactions between Go and containerized environments. Emin Laletović, a solution architect at Hybird Technologies, shares his experience debugging a production issue in which a specific API endpoint failed due to out-of-memory errors. He walks through the systematic investigation process, from initial log checks to uncovering the root cause in Go's memory management within Kubernetes. You will learn: How Go's...

This episode offers a rare glimpse into the design decisions that shaped the world's most popular container orchestration platform. Brian Grant, CTO of ConfigHub and former tech lead on Google's Borg team discusses the Kubernetes Resource Model (KRM) and its profound impact on the Kubernetes ecosystem. He explains how KRM's resource-centric API patterns enable Kubernetes' flexibility and extensibility and influence the entire cloud native landscape. You will learn: How the Kubernetes API...

Dive into the world of GitOps and compare two of the most popular tools in the CNCF landscape: Argo CD and Flux CD. Andrei Kvapil, CEO and Founder of Aenix, breaks down the strengths and weaknesses of Argo CD and Flux CD, helping you understand which tool might best fit your team's needs. You will learn: The different philosophies behind the tools. How they handle access control and deployment restrictions. Their trade-offs in usability and conformance to infrastructure as code. Why there is...

Eric Jalal, an independent consultant and Kubernetes developer, explains how Kubernetes is fundamentally built on familiar Linux features. He discusses why understanding Linux is crucial for working with Kubernetes and how this knowledge can simplify your approach to cloud-native technologies. You will learn: Why Eric considers Kubernetes to be "just Linux" and how it wraps existing Linux technologies. The importance of understanding Linux fundamentals (file systems, networking, storage). How...

Alexandre Souza, a senior platform engineer at Getir, shares his expertise in managing large-scale environments and configuring requests, limits, and autoscaling. He explores the challenges of over-provisioning and under-provisioning and discusses strategies for optimizing resource allocation using tools like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA). You will learn: How to set appropriate resource requests and limits to balance application performance and...

In this KubeFM episode, Kensei Kanada discusses Tortoise, an open-source project he developed at Mercari to tackle Kubernetes resource optimization challenges. He explains the limitations of existing solutions like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA), and how Tortoise aims to provide a more comprehensive and automated approach to resource management in Kubernetes clusters. You will learn: The complexities of resource optimization in Kubernetes, including the...

In this KubeFM episode, Ángel Barrera discusses Adidas' strategic shift to a GitOps-based container platform management system, initiated in May 2022, and its impact on their global infrastructure. You will learn: The initial state and challenges: Understand the complexities and inefficiencies of Adidas' pre-GitOps infrastructure. The transition process: Explore the steps and strategies used to migrate to a GitOps-based system, including tool changes and planning. Technical advantages: Learn...

In this KubeFM episode, Miguel Luna discusses the intricacies of Observability in Kubernetes, including its components, tools, and future trends. You will learn: The fundamental components of Observability: metrics, logs, and traces, and their roles in understanding system performance and health. Key tools and projects: insights into Keptn and OpenTelemetry and their significance in the Observability ecosystem. The integration of AI technologies: how AI is shaping the future of Observability...

In this KubeFM episode, Harsha explores the intricacies of Kubernetes security, focusing on the benefits and misconceptions of Distroless container images and the broader aspects of container security. You will learn: The advantages and limitations of Distroless container images: understand why these images are smaller, have a reduced attack surface and are not inherently secure. Best practices for container security: gain insights into selecting base images, managing dependencies, and...

In this KubeFM episode, Yakir and Assaf from Aqua Security explore how a robust Kubernetes secrets strategy is necessary to prevent leaks and maintain a strong security posture. You will learn: How Kubernetes secrets are leaked, and what tools can you use to prevent that (Hint: Yakir and Assaf suggested using more than one.) How shadow IT is a more significant threat you might think and why companies should monitor personal Github repositories. What happens when a secret is leaked and how...

In this KubeFM episode, Stéphane shares his journey of migrating, optimizing and scaling Jenkins in Kubernetes. He discusses the technical challenges, solutions, and strategies employed. You will learn: How Jenkins on Kubernetes was scaled to handle 10,000 weekly builds. How they started their journey in 2015 and how the cluster has evolved in the past nine years. The challenges of managing builds in Jenkins: Docker in Docker, Docker out of Docker and KubeVirt. The lessons learned in created...

In this KubeFM episode, Hans, a Principal Cloud engineer, shares his experiences empowering teams to use, build and manage platforms built on Kubernetes. You will learn: How OpenTelemetry and Prometheus shape cluster management and observability. The role of tools like ArgoCD and Flux in enabling GitOps and streamlining deployment processes. The significance of governance tools such as Gatekeeper and OPA for secure and validated resource creation. The benefits of Custom Resource Definitions...

In this KubeFM episode, Hillai and Ronen, security researchers at Wiz, explore the intricacies of hacking Alibaba Cloud's Kubernetes cluster. They share their experiences and insights on identifying and exploiting vulnerabilities, mainly focusing on misconfigurations and their impact on cloud security. You will learn: How Hillai and Ronen gained access to a Kubernetes cluster through a Postgres database. How they moved laterally and managed to obtain push and pull rights to a private...

In this KubeFM episode, Faris shares his experience managing CoreDNS and scaling Kubernetes clusters with 900 nodes and 15k pods. He shares the challenges and solutions encountered during an incident, providing valuable insights into maintaining a robust Kubernetes environment. You will learn: The importance of scaling the Kubernetes control plane for large clusters. Strategies for optimizing CoreDNS to ensure efficient DNS resolution and prevent incidents. The pros and cons of using...

In this KubeFM episode, Mircea shares his journey of migrating a home lab to Kubernetes, specifically choosing Talos over other operating systems like Ubuntu, Flatcar, or Bottlerocket. Mircea also discusses his decision-making process and experiences in setting up and optimizing his Kubernetes home lab. You will learn: What is Talos Linux and how it compares to other operating systems. The challenges and considerations involved in migrating to Kubernetes, including selecting network plugins...

With a passion for security and a knack for troubleshooting, Jen discusses the critical role of network policies in Kubernetes security, the complexities involved in their implementation, and the balance between security and manageability. She also covers the importance of Custom Resource Definitions and shares her perspective on emerging Kubernetes tools. In this KubeFM episode, you will learn: The importance of observability in troubleshooting network policies and how it aids in debugging...

In this KubeFM episode, Alexander Block delves into the intricacies of Kubernetes templating and deployment tools, sharing his journey from frustration with existing solutions to creating his tool, kluctl. Alex also discusses the challenges and solutions in Kubernetes templating and deployment, emphasizing the need for more adaptable tools in the Kubernetes ecosystem. You will learn: The fundamental flaws of Helm and how they impact Kubernetes deployments and tools packaging. How tools such...

With the rapid pace of the cloud-native ecosystem, staying current with Kubernetes updates and managing upgrades becomes a daunting task for many organizations. In this KubeFM episode, Mat discusses the necessity of long-term support for Kubernetes and explores the intricacies of managing Kubernetes upgrades in a fast-evolving landscape. You will learn: The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release...

Ensuring the repeatability of your infrastructure is a crucial aspect of managing Kubernetes clusters. This allows you to swiftly tear down and set up a new one, a practice that is quite handy. However, there are exceptional circumstances when your cluster becomes more than a disposable tool. Dan shared, "A Kubernetes cluster will be treated as disposable until you deploy ingress, and then it becomes a pet." In this episode, you will delve into the concept of 'disposable' and 'pet' Kubernetes...

Service meshes and the community's opinion of them have changed drastically over the years. From being perceived as unnecessary, complicated and bloated, they matured into security and observability powerhouses (while still retaining much of their complexity). In this KubeFM episode, William deep dives into the world of service meshes and explains a few of the technical choices and trade-offs of service meshes in simple terms. You will learn: What is a service mesh and its design (i.e....