Look for any podcast host, guest or anyone
Showing episodes and shows of

KubeFM

Shows

KubeFM
KubeFMThe Making of Flux: The Future, a KubeFM Original SeriesIn this closing episode, Bryan Ross (Field CTO at GitLab), Jane Yan (Principal Program Manager at Microsoft), Sean O’Meara (CTO at Mirantis) and William Rizzo (Strategy Lead, CTO Office at Mirantis) discuss how GitOps evolves in practice.How enterprises are embedding Flux into developer platforms and managed cloud services.Why bridging CI/CD and infrastructure remains a core challenge—and how GitOps addresses it.What leading platform teams (GitLab, Microsoft, Mirantis) see as the next frontier for GitOps.SponsorJo...
2025-10-2026 minKubeFM
KubeFMThe Making of Flux: The Future, a KubeFM Original SeriesIn this closing episode, Bryan Ross (Field CTO at GitLab), Jane Yan (Principal Program Manager at Microsoft), Sean O’Meara (CTO at Mirantis) and William Rizzo (Strategy Lead, CTO Office at Mirantis) discuss how GitOps evolves in practice.How enterprises are embedding Flux into developer platforms and managed cloud services.Why bridging CI/CD and infrastructure remains a core challenge—and how GitOps addresses it.What leading platform teams (GitLab, Microsoft, Mirantis) see as the next frontier for GitOps.SponsorJo...
2025-10-2026 minKubeFM
KubeFMThe Making of Flux: The Scale, a KubeFM Original SeriesIn this episode, Philippe Ensarguet, VP of Software Engineering at Orange, and Arnab Chatterjee, Global Head of Container & AI Platforms at Nomura, share how large enterprises are adopting Flux to drive reliable, compliant, and scalable platforms.How Orange uses Flux to manage bare-metal Kubernetes through its SYLVR project.Why FSIs rely on GitOps to balance agility with governance.How Flux helps enterprises achieve resilience, compliance, and repeatability at scale.SponsorJoin the Flux maintainers and community at FluxCon, November 11th in...
2025-10-1323 minKubeFM
KubeFMThe Making of Flux: The Scale, a KubeFM Original SeriesIn this episode, Philippe Ensarguet, VP of Software Engineering at Orange, and Arnab Chatterjee, Global Head of Container & AI Platforms at Nomura, share how large enterprises are adopting Flux to drive reliable, compliant, and scalable platforms.How Orange uses Flux to manage bare-metal Kubernetes through its SYLVR project.Why FSIs rely on GitOps to balance agility with governance.How Flux helps enterprises achieve resilience, compliance, and repeatability at scale.SponsorJoin the Flux maintainers and community at FluxCon, November 11th in...
2025-10-1323 minKubeFM
KubeFMThe Making of Flux: The Rewrite, a KubeFM Original SeriesIn this episode, Michael Bridgen (the engineer who wrote Flux's first lines) and Stefan Prodan (the maintainer who led the V2 rewrite) share how Flux grew from a fragile hack-day script into a production-grade GitOps toolkit.How early Flux addressed the risks of manual, unsafe Kubernetes upgradesWhy the complete V2 rewrite was critical for stability, scalability, and adoptionWhat the maintainers learned about building a sustainable, community-driven open-source projectSponsorJoin the Flux maintainers and community at FluxCon...
2025-10-0644 minKubeFM
KubeFMThe Making of Flux: The Rewrite, a KubeFM Original SeriesIn this episode, Michael Bridgen (the engineer who wrote Flux's first lines) and Stefan Prodan (the maintainer who led the V2 rewrite) share how Flux grew from a fragile hack-day script into a production-grade GitOps toolkit.How early Flux addressed the risks of manual, unsafe Kubernetes upgradesWhy the complete V2 rewrite was critical for stability, scalability, and adoptionWhat the maintainers learned about building a sustainable, community-driven open-source projectSponsorJoin the Flux maintainers and community at FluxCon...
2025-10-0644 minKubeFM
KubeFMThe Making of Flux: The Origin, a KubeFM Original SeriesThis episode unpacks the technical and governance milestones that secured Flux's place in the cloud-native ecosystem, from a 45-minute production outage that led to the birth of GitOps to the CNCF process that defines project maturity and the handover of stewardship after Weaveworks' closure.You will learn:How a single incident pushed Weaveworks to adopt Git as the source of truth, creating the foundation of GitOps.How Flux sustained continuity after Weaveworks shut down through community governance.Where Flux is heading next with...
2025-09-1522 minKubeFM
KubeFMThe Making of Flux: The Origin, a KubeFM Original SeriesThis episode unpacks the technical and governance milestones that secured Flux's place in the cloud-native ecosystem, from a 45-minute production outage that led to the birth of GitOps to the CNCF process that defines project maturity and the handover of stewardship after Weaveworks' closure.You will learn:How a single incident pushed Weaveworks to adopt Git as the source of truth, creating the foundation of GitOps.How Flux sustained continuity after Weaveworks shut down through community governance.Where Flux is heading next with...
2025-09-1522 minKubeFM
KubeFMTopology-aware routing: balancing cost savings and reliability, with William MorganIn this episode, William Morgan, CEO of Buoyant, explores the complex trade-offs between cost optimization and reliability in Kubernetes networking. The discussion focuses on Topology-aware routing and why its implementation might not be the silver bullet for managing cross-zone traffic costs.William shares practical insights from real-world implementations and explains why understanding these trade-offs is crucial for platform teams managing multi-zone Kubernetes clusters.You will learn:How Topology-aware routing attempts to reduce cross-zone traffic costs but can compromise reliability by limiting inter-zone communication...
2025-01-2144 minKubeFM
KubeFMTopology-aware routing: balancing cost savings and reliability, with William MorganIn this episode, William Morgan, CEO of Buoyant, explores the complex trade-offs between cost optimization and reliability in Kubernetes networking. The discussion focuses on Topology-aware routing and why its implementation might not be the silver bullet for managing cross-zone traffic costs.William shares practical insights from real-world implementations and explains why understanding these trade-offs is crucial for platform teams managing multi-zone Kubernetes clusters.You will learn:How Topology-aware routing attempts to reduce cross-zone traffic costs but can compromise reliability by limiting inter-zone communication...
2025-01-2144 minKubeFM
KubeFMWhich Kubernetes PostgreSQL operator should you choose?, with David PechAre you running PostgreSQL on Kubernetes and need to choose the right operator? In this episode, David Pech, Staff Cloud Ops Engineer, shares his experience implementing database platforms on Kubernetes and guides teams through operator selection and platform requirements.You will learn:The core requirements for a PostgreSQL platform on Kubernetes, including autopilot capabilities, security practices, and observabilityHow to evaluate PostgreSQL operators based on their architecture — from single-instance deployments to cloud-native implementationsWhat teams should consider before building their own ...
2025-01-1449 minKubeFM
KubeFMWhich Kubernetes PostgreSQL operator should you choose?, with David PechAre you running PostgreSQL on Kubernetes and need to choose the right operator? In this episode, David Pech, Staff Cloud Ops Engineer, shares his experience implementing database platforms on Kubernetes and guides teams through operator selection and platform requirements.You will learn:The core requirements for a PostgreSQL platform on Kubernetes, including autopilot capabilities, security practices, and observabilityHow to evaluate PostgreSQL operators based on their architecture — from single-instance deployments to cloud-native implementationsWhat teams should consider before building their own ...
2025-01-1449 minKubeFM
KubeFMExploring multi-tenancy for my Kubernetes learning platform, with Stefan RomanStefan Roman shares his experience building Labs4Grabs, a platform that gives students root access to Kubernetes clusters. He discusses the journey from evaluating simple namespace-based isolation to implementing full VM-based isolation with KubeVirt.You will learn:Why namespace isolation isn't sufficient for untrusted users and the limitations of tools like vCluster when running privileged workloads.How to use KubeVirt to achieve complete workload isolation and the trade-offs.Practical approaches to implementing network security with NetworkPolicies and managing resource allocation across...
2024-12-1046 minKubeFM
KubeFMExploring multi-tenancy for my Kubernetes learning platform, with Stefan RomanStefan Roman shares his experience building Labs4Grabs, a platform that gives students root access to Kubernetes clusters. He discusses the journey from evaluating simple namespace-based isolation to implementing full VM-based isolation with KubeVirt.You will learn:Why namespace isolation isn't sufficient for untrusted users and the limitations of tools like vCluster when running privileged workloads.How to use KubeVirt to achieve complete workload isolation and the trade-offs.Practical approaches to implementing network security with NetworkPolicies and managing resource allocation across...
2024-12-1046 minKubeFM
KubeFMOptimize the Kubernetes dev experience by creating silos, with Michael LevanMichael Levan explains how specialized teams and smart abstractions can lead to better outcomes. Drawing from cognitive science and his experience in platform engineering, Michael presents practical strategies for building effective engineering organizations.You will learn:Why specialized teams (or "silos") can improve productivity and why the real enemy is ego, not specialization.How to use Internal Developer Platforms (IDPs) and abstractions to empower teams without requiring everyone to be a Kubernetes expert.How to balance specialization and collaboration using platform engineering practices...
2024-12-0347 minKubeFM
KubeFMOptimize the Kubernetes dev experience by creating silos, with Michael LevanMichael Levan explains how specialized teams and smart abstractions can lead to better outcomes. Drawing from cognitive science and his experience in platform engineering, Michael presents practical strategies for building effective engineering organizations.You will learn:Why specialized teams (or "silos") can improve productivity and why the real enemy is ego, not specialization.How to use Internal Developer Platforms (IDPs) and abstractions to empower teams without requiring everyone to be a Kubernetes expert.How to balance specialization and collaboration using platform engineering practices...
2024-12-0347 minKubeFM
KubeFMRebuilding my homelab: suffering as service, with Xe iasoXe Iaso shares their journey in building a "compute as a faucet" home lab where infrastructure becomes invisible and tasks can be executed without manual intervention. The discussion covers everything from operating system selection to storage architecture and secure access patterns.You will learn:How to evaluate operating systems for your home lab — from Rocky Linux to Talos Linux, and why minimal, immutable operating systems are gaining traction.How to implement a three-tier storage strategy combining Longhorn (replicated storage), NFS (bulk st...
2024-11-1942 minKubeFM
KubeFMRebuilding my homelab: suffering as service, with Xe iasoXe Iaso shares their journey in building a "compute as a faucet" home lab where infrastructure becomes invisible and tasks can be executed without manual intervention. The discussion covers everything from operating system selection to storage architecture and secure access patterns.You will learn:How to evaluate operating systems for your home lab — from Rocky Linux to Talos Linux, and why minimal, immutable operating systems are gaining traction.How to implement a three-tier storage strategy combining Longhorn (replicated storage), NFS (bulk st...
2024-11-1942 minKubeFM
KubeFMThe hater's guide to Kubernetes, with Paul ButlerIf you're trying to make sense of when to use Kubernetes and when to avoid it, this episode offers a practical perspective based on real-world experience running production workloads.Paul Butler, founder of Jamsocket, discusses how to identify necessary vs unnecessary complexity in Kubernetes and explains how his team successfully runs production workloads by being selective about which features they use.You will learn:The three compelling reasons to use Kubernetes are managing multiple services across machines, defining infrastructure as code, and leveraging built-in redundancy.
2024-11-1243 minKubeFM
KubeFMThe hater's guide to Kubernetes, with Paul ButlerIf you're trying to make sense of when to use Kubernetes and when to avoid it, this episode offers a practical perspective based on real-world experience running production workloads.Paul Butler, founder of Jamsocket, discusses how to identify necessary vs unnecessary complexity in Kubernetes and explains how his team successfully runs production workloads by being selective about which features they use.You will learn:The three compelling reasons to use Kubernetes are managing multiple services across machines, defining infrastructure as code, and leveraging built-in redundancy.
2024-11-1243 minKubeFM
KubeFMKubernetes webhooks explained and Aspect Oriented Programming, with Gordon MyersThis episode explores Admission Controllers and Webhooks with Gordon Myers, who shares his experience implementing webhook solutions in production. Gordon explains the lifecycle of Kubernetes API requests and how webhooks can intercept and modify resources before they are stored in etcd.You will learn:How the Kubernetes API processes requests through authentication, authorization, and Admission Controllers.The difference between Validating and Mutating webhooks and how to implement them using JSON Patch.Best practices...
2024-11-0526 minKubeFM
KubeFMKubernetes webhooks explained and Aspect Oriented Programming, with Gordon MyersThis episode explores Admission Controllers and Webhooks with Gordon Myers, who shares his experience implementing webhook solutions in production. Gordon explains the lifecycle of Kubernetes API requests and how webhooks can intercept and modify resources before they are stored in etcd.You will learn:How the Kubernetes API processes requests through authentication, authorization, and Admission Controllers.The difference between Validating and Mutating webhooks and how to implement them using JSON Patch.Best practices...
2024-11-0526 minKubeFM
KubeFM98% faster data imports in deployment previews, with Nick NikitasAre you facing challenges with pre-production environments in Kubernetes?This KubeFM episode shows how to implement efficient deployment previews and solve data seeding bottlenecks.Nick Nikitas, Senior Platform Engineer at Blueground, shares how his team transformed their static pre-production environments into dynamic previews using ArgoCD Application Sets, Wave and Velero.He explains their journey from managing informal environment sharing between teams to implementing a scalable preview system that reduced environment creation time from 19 minutes to 25 seconds.You will learn:How to implement ...
2024-10-2919 minKubeFM
KubeFM98% faster data imports in deployment previews, with Nick NikitasAre you facing challenges with pre-production environments in Kubernetes?This KubeFM episode shows how to implement efficient deployment previews and solve data seeding bottlenecks.Nick Nikitas, Senior Platform Engineer at Blueground, shares how his team transformed their static pre-production environments into dynamic previews using ArgoCD Application Sets, Wave and Velero.He explains their journey from managing informal environment sharing between teams to implementing a scalable preview system that reduced environment creation time from 19 minutes to 25 seconds.You will learn:How to implement ...
2024-10-2919 minKubeFM
KubeFMWhen Kubernetes and Go don't work well together, with Emin LaletovićDiscover how a seemingly simple 502 error in Kubernetes can uncover complex interactions between Go and containerized environments.Emin Laletović, a solution architect at Hybird Technologies, shares his experience debugging a production issue in which a specific API endpoint failed due to out-of-memory errors.He walks through the systematic investigation process, from initial log checks to uncovering the root cause in Go's memory management within Kubernetes.You will learn:How Go's garbage collector interacts with Kubernetes resource limits, potentially leading to unexpected OOMKilled errors.The importance o...
2024-10-2225 minKubeFM
KubeFMWhen Kubernetes and Go don't work well together, with Emin LaletovićDiscover how a seemingly simple 502 error in Kubernetes can uncover complex interactions between Go and containerized environments.Emin Laletović, a solution architect at Hybird Technologies, shares his experience debugging a production issue in which a specific API endpoint failed due to out-of-memory errors.He walks through the systematic investigation process, from initial log checks to uncovering the root cause in Go's memory management within Kubernetes.You will learn:How Go's garbage collector interacts with Kubernetes resource limits, potentially leading to unexpected OOMKilled errors.The importance o...
2024-10-2225 minKubeFM
KubeFMDeclarative configuration and the Kubernetes Resource Model, with Brian GrantThis episode offers a rare glimpse into the design decisions that shaped the world's most popular container orchestration platform.Brian Grant, CTO of ConfigHub and former tech lead on Google's Borg team discusses the Kubernetes Resource Model (KRM) and its profound impact on the Kubernetes ecosystem.He explains how KRM's resource-centric API patterns enable Kubernetes' flexibility and extensibility and influence the entire cloud native landscape.You will learn:How the Kubernetes API evolved from inconsistency to a uniform structure, enabling support for thousands of resource types.
2024-10-1552 minKubeFM
KubeFMDeclarative configuration and the Kubernetes Resource Model, with Brian GrantThis episode offers a rare glimpse into the design decisions that shaped the world's most popular container orchestration platform.Brian Grant, CTO of ConfigHub and former tech lead on Google's Borg team discusses the Kubernetes Resource Model (KRM) and its profound impact on the Kubernetes ecosystem.He explains how KRM's resource-centric API patterns enable Kubernetes' flexibility and extensibility and influence the entire cloud native landscape.You will learn:How the Kubernetes API evolved from inconsistency to a uniform structure, enabling support for thousands of resource types.
2024-10-1552 minKubeFM
KubeFMComparing GitOps: Argo CD vs Flux CD, with Andrei KvapilDive into the world of GitOps and compare two of the most popular tools in the CNCF landscape: Argo CD and Flux CD.Andrei Kvapil, CEO and Founder of Aenix, breaks down the strengths and weaknesses of Argo CD and Flux CD, helping you understand which tool might best fit your team's needs.You will learn:The different philosophies behind the tools.How they handle access control and deployment restrictions.Their trade-offs...
2024-10-0830 minKubeFM
KubeFMComparing GitOps: Argo CD vs Flux CD, with Andrei KvapilDive into the world of GitOps and compare two of the most popular tools in the CNCF landscape: Argo CD and Flux CD.Andrei Kvapil, CEO and Founder of Aenix, breaks down the strengths and weaknesses of Argo CD and Flux CD, helping you understand which tool might best fit your team's needs.You will learn:The different philosophies behind the tools.How they handle access control and deployment restrictions.Their trade-offs...
2024-10-0830 minKubeFM
KubeFMKubernetes is simple: it's just Linux, with Eric JalalEric Jalal, an independent consultant and Kubernetes developer, explains how Kubernetes is fundamentally built on familiar Linux features. He discusses why understanding Linux is crucial for working with Kubernetes and how this knowledge can simplify your approach to cloud-native technologies.You will learn:Why Eric considers Kubernetes to be "just Linux" and how it wraps existing Linux technologies.The importance of understanding Linux fundamentals (file systems, networking, storage).How Kubernetes provides a standard and consistent interface for managing Linux-based infrastructure.
2024-10-0148 minKubeFM
KubeFMKubernetes is simple: it's just Linux, with Eric JalalEric Jalal, an independent consultant and Kubernetes developer, explains how Kubernetes is fundamentally built on familiar Linux features. He discusses why understanding Linux is crucial for working with Kubernetes and how this knowledge can simplify your approach to cloud-native technologies.You will learn:Why Eric considers Kubernetes to be "just Linux" and how it wraps existing Linux technologies.The importance of understanding Linux fundamentals (file systems, networking, storage).How Kubernetes provides a standard and consistent interface for managing Linux-based infrastructure.
2024-10-0148 minKubeFM
KubeFMConfiguring requests & limits with the HPA at scale, with Alexandre SouzaAlexandre Souza, a senior platform engineer at Getir, shares his expertise in managing large-scale environments and configuring requests, limits, and autoscaling.He explores the challenges of over-provisioning and under-provisioning and discusses strategies for optimizing resource allocation using tools like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA).You will learn:How to set appropriate resource requests and limits to balance application performance and cost-efficiency in large-scale Kubernetes environments.Strategies for implementing and configuring Horizontal Pod Autoscaler (HPA), including scaling policies...
2024-09-2452 minKubeFM
KubeFMConfiguring requests & limits with the HPA at scale, with Alexandre SouzaAlexandre Souza, a senior platform engineer at Getir, shares his expertise in managing large-scale environments and configuring requests, limits, and autoscaling.He explores the challenges of over-provisioning and under-provisioning and discusses strategies for optimizing resource allocation using tools like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA).You will learn:How to set appropriate resource requests and limits to balance application performance and cost-efficiency in large-scale Kubernetes environments.Strategies for implementing and configuring Horizontal Pod Autoscaler (HPA), including scaling policies...
2024-09-2452 minKubeFM
KubeFMTortoise: outpacing the optimization challenges in Kubernetes, with Kensei NakadaIn this KubeFM episode, Kensei Kanada discusses Tortoise, an open-source project he developed at Mercari to tackle Kubernetes resource optimization challenges. He explains the limitations of existing solutions like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA), and how Tortoise aims to provide a more comprehensive and automated approach to resource management in Kubernetes clusters.You will learn:The complexities of resource optimization in Kubernetes, including the challenges of managing HPA, VPA, and manual tuning of resource requests and limitsHow Tortoise automates resource optimization by...
2024-09-1758 minKubeFM
KubeFMTortoise: outpacing the optimization challenges in Kubernetes, with Kensei NakadaIn this KubeFM episode, Kensei Kanada discusses Tortoise, an open-source project he developed at Mercari to tackle Kubernetes resource optimization challenges. He explains the limitations of existing solutions like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA), and how Tortoise aims to provide a more comprehensive and automated approach to resource management in Kubernetes clusters.You will learn:The complexities of resource optimization in Kubernetes, including the challenges of managing HPA, VPA, and manual tuning of resource requests and limitsHow Tortoise automates resource optimization by...
2024-09-1758 minKubeFM
KubeFMHow we are managing a container platform with Kubernetes, with Ángel Barrera SánchezIn this KubeFM episode, Ángel Barrera discusses Adidas' strategic shift to a GitOps-based container platform management system, initiated in May 2022, and its impact on their global infrastructure.You will learn:The initial state and challenges: Understand the complexities and inefficiencies of Adidas' pre-GitOps infrastructure.The transition process: Explore the steps and strategies used to migrate to a GitOps-based system, including tool changes and planning.Technical advantages: Learn about the benefits of the pull mechanism, unified configuration, and improved visibility into cluster states.D...
2024-09-1049 minKubeFM
KubeFMHow we are managing a container platform with Kubernetes, with Ángel Barrera SánchezIn this KubeFM episode, Ángel Barrera discusses Adidas' strategic shift to a GitOps-based container platform management system, initiated in May 2022, and its impact on their global infrastructure.You will learn:The initial state and challenges: Understand the complexities and inefficiencies of Adidas' pre-GitOps infrastructure.The transition process: Explore the steps and strategies used to migrate to a GitOps-based system, including tool changes and planning.Technical advantages: Learn about the benefits of the pull mechanism, unified configuration, and improved visibility into cluster states.D...
2024-09-1049 minKubeFM
KubeFMThe basics of observing Kubernetes: a bird-watcher's perspective, with Miguel LunaIn this KubeFM episode, Miguel Luna discusses the intricacies of Observability in Kubernetes, including its components, tools, and future trends.You will learn:The fundamental components of Observability: metrics, logs, and traces, and their roles in understanding system performance and health.Key tools and projects: insights into Keptn and OpenTelemetry and their significance in the Observability ecosystem.The integration of AI technologies: how AI is shaping the future of Observability in Kubernetes.Practical steps for implementing Observability: starting points, what to...
2024-09-0342 minKubeFM
KubeFMThe basics of observing Kubernetes: a bird-watcher's perspective, with Miguel LunaIn this KubeFM episode, Miguel Luna discusses the intricacies of Observability in Kubernetes, including its components, tools, and future trends.You will learn:The fundamental components of Observability: metrics, logs, and traces, and their roles in understanding system performance and health.Key tools and projects: insights into Keptn and OpenTelemetry and their significance in the Observability ecosystem.The integration of AI technologies: how AI is shaping the future of Observability in Kubernetes.Practical steps for implementing Observability: starting points, what to...
2024-09-0342 minKubeFM
KubeFMAbusing Distroless containers: shell commands on shell-less containers, with Harsha KoushikIn this KubeFM episode, Harsha explores the intricacies of Kubernetes security, focusing on the benefits and misconceptions of Distroless container images and the broader aspects of container security.You will learn:The advantages and limitations of Distroless container images: understand why these images are smaller, have a reduced attack surface and are not inherently secure.Best practices for container security: gain insights into selecting base images, managing dependencies, and fortifying your infrastructure at every layer.Supply chain security: explore how the supply chain can be...
2024-08-2731 minKubeFM
KubeFMAbusing Distroless containers: shell commands on shell-less containers, with Harsha KoushikIn this KubeFM episode, Harsha explores the intricacies of Kubernetes security, focusing on the benefits and misconceptions of Distroless container images and the broader aspects of container security.You will learn:The advantages and limitations of Distroless container images: understand why these images are smaller, have a reduced attack surface and are not inherently secure.Best practices for container security: gain insights into selecting base images, managing dependencies, and fortifying your infrastructure at every layer.Supply chain security: explore how the supply chain can be...
2024-08-2731 minKubeFM
KubeFMThe ticking supply chain attack bomb of exposed Kubernetes secrets, with Assaf Morag and Yakir KadkodaIn this KubeFM episode, Yakir and Assaf from Aqua Security explore how a robust Kubernetes secrets strategy is necessary to prevent leaks and maintain a strong security posture.You will learn:How Kubernetes secrets are leaked, and what tools can you use to prevent that (Hint: Yakir and Assaf suggested using more than one.)How shadow IT is a more significant threat you might think and why companies should monitor personal Github repositories.What happens when a secret is leaked and how attackers...
2024-06-1850 minKubeFM
KubeFMThe ticking supply chain attack bomb of exposed Kubernetes secrets, with Assaf Morag and Yakir KadkodaIn this KubeFM episode, Yakir and Assaf from Aqua Security explore how a robust Kubernetes secrets strategy is necessary to prevent leaks and maintain a strong security posture.You will learn:How Kubernetes secrets are leaked, and what tools can you use to prevent that (Hint: Yakir and Assaf suggested using more than one.)How shadow IT is a more significant threat you might think and why companies should monitor personal Github repositories.What happens when a secret is leaked and how attackers...
2024-06-1850 minKubeFM
KubeFMFrom 0 to 10k builds a week with self-hosted Jenkins on Kubernetes, with Stéphane GoetzIn this KubeFM episode, Stéphane shares his journey of migrating, optimizing and scaling Jenkins in Kubernetes.He discusses the technical challenges, solutions, and strategies employed.You will learn:How Jenkins on Kubernetes was scaled to handle 10,000 weekly builds.How they started their journey in 2015 and how the cluster has evolved in the past nine years.The challenges of managing builds in Jenkins: Docker in Docker, Docker out of Docker and KubeVirt.The lessons learned in created ephemeral e...
2024-06-1148 minKubeFM
KubeFMFrom 0 to 10k builds a week with self-hosted Jenkins on Kubernetes, with Stéphane GoetzIn this KubeFM episode, Stéphane shares his journey of migrating, optimizing and scaling Jenkins in Kubernetes.He discusses the technical challenges, solutions, and strategies employed.You will learn:How Jenkins on Kubernetes was scaled to handle 10,000 weekly builds.How they started their journey in 2015 and how the cluster has evolved in the past nine years.The challenges of managing builds in Jenkins: Docker in Docker, Docker out of Docker and KubeVirt.The lessons learned in created ephemeral e...
2024-06-1148 minKubeFM
KubeFMPlatform engineering: learning from the Kubernetes API, with Sven Hans KnechtIn this KubeFM episode, Hans, a Principal Cloud engineer, shares his experiences empowering teams to use, build and manage platforms built on Kubernetes.You will learn:How OpenTelemetry and Prometheus shape cluster management and observability.The role of tools like ArgoCD and Flux in enabling GitOps and streamlining deployment processes.The significance of governance tools such as Gatekeeper and OPA for secure and validated resource creation.The benefits of Custom Resource Definitions (CRDs) and operators in automating processes and...
2024-06-0455 minKubeFM
KubeFMPlatform engineering: learning from the Kubernetes API, with Sven Hans KnechtIn this KubeFM episode, Hans, a Principal Cloud engineer, shares his experiences empowering teams to use, build and manage platforms built on Kubernetes.You will learn:How OpenTelemetry and Prometheus shape cluster management and observability.The role of tools like ArgoCD and Flux in enabling GitOps and streamlining deployment processes.The significance of governance tools such as Gatekeeper and OPA for secure and validated resource creation.The benefits of Custom Resource Definitions (CRDs) and operators in automating processes and...
2024-06-0455 minKubeFM
KubeFMHacking Alibaba Cloud's Kubernetes cluster, with Ronen Shustin and Hillai Ben-SassonIn this KubeFM episode, Hillai and Ronen, security researchers at Wiz, explore the intricacies of hacking Alibaba Cloud's Kubernetes cluster.They share their experiences and insights on identifying and exploiting vulnerabilities, mainly focusing on misconfigurations and their impact on cloud security.You will learn:How Hillai and Ronen gained access to a Kubernetes cluster through a Postgres database.How they moved laterally and managed to obtain push and pull rights to a private container registry.Recommendations for securing multi-tenant Kubernetes clusters...
2024-05-2844 minKubeFM
KubeFMHacking Alibaba Cloud's Kubernetes cluster, with Ronen Shustin and Hillai Ben-SassonIn this KubeFM episode, Hillai and Ronen, security researchers at Wiz, explore the intricacies of hacking Alibaba Cloud's Kubernetes cluster.They share their experiences and insights on identifying and exploiting vulnerabilities, mainly focusing on misconfigurations and their impact on cloud security.You will learn:How Hillai and Ronen gained access to a Kubernetes cluster through a Postgres database.How they moved laterally and managed to obtain push and pull rights to a private container registry.Recommendations for securing multi-tenant Kubernetes clusters...
2024-05-2844 minKubeFM
KubeFMCoreDNS will fail you at scale (with default settings), with Mohamed Hamdan Faris S MIn this KubeFM episode, Faris shares his experience managing CoreDNS and scaling Kubernetes clusters with 900 nodes and 15k pods.He shares the challenges and solutions encountered during an incident, providing valuable insights into maintaining a robust Kubernetes environment.You will learn:The importance of scaling the Kubernetes control plane for large clusters.Strategies for optimizing CoreDNS to ensure efficient DNS resolution and prevent incidents.The pros and cons of using VictoriaMetrics versus Prometheus for monitoring and observability....
2024-05-2134 minKubeFM
KubeFMCoreDNS will fail you at scale (with default settings), with Mohamed Hamdan Faris S MIn this KubeFM episode, Faris shares his experience managing CoreDNS and scaling Kubernetes clusters with 900 nodes and 15k pods.He shares the challenges and solutions encountered during an incident, providing valuable insights into maintaining a robust Kubernetes environment.You will learn:The importance of scaling the Kubernetes control plane for large clusters.Strategies for optimizing CoreDNS to ensure efficient DNS resolution and prevent incidents.The pros and cons of using VictoriaMetrics versus Prometheus for monitoring and observability....
2024-05-2134 minKubeFM
KubeFMThe best operating system for Kubernetes, with Mircea-Pavel AntonIn this KubeFM episode, Mircea shares his journey of migrating a home lab to Kubernetes, specifically choosing Talos over other operating systems like Ubuntu, Flatcar, or Bottlerocket.Mircea also discusses his decision-making process and experiences in setting up and optimizing his Kubernetes home lab.You will learn:What is Talos Linux and how it compares to other operating systems.The challenges and considerations involved in migrating to Kubernetes, including selecting network plugins and GitOps.Insights into managing and securing Kubernetes clusters...
2024-05-1439 minKubeFM
KubeFMThe best operating system for Kubernetes, with Mircea-Pavel AntonIn this KubeFM episode, Mircea shares his journey of migrating a home lab to Kubernetes, specifically choosing Talos over other operating systems like Ubuntu, Flatcar, or Bottlerocket.Mircea also discusses his decision-making process and experiences in setting up and optimizing his Kubernetes home lab.You will learn:What is Talos Linux and how it compares to other operating systems.The challenges and considerations involved in migrating to Kubernetes, including selecting network plugins and GitOps.Insights into managing and securing Kubernetes clusters...
2024-05-1439 minKubeFM
KubeFMObservability will speed up your Kubernetes troubleshooting, with Jennifer Luther ThomasWith a passion for security and a knack for troubleshooting, Jen discusses the critical role of network policies in Kubernetes security, the complexities involved in their implementation, and the balance between security and manageability.She also covers the importance of Custom Resource Definitions and shares her perspective on emerging Kubernetes tools.In this KubeFM episode, you will learn:The importance of observability in troubleshooting network policies and how it aids in debugging complex issues.The trade-offs between the complexity of network policies and the security benefits
2024-05-0700 minKubeFM
KubeFMObservability will speed up your Kubernetes troubleshooting, with Jennifer Luther ThomasWith a passion for security and a knack for troubleshooting, Jen discusses the critical role of network policies in Kubernetes security, the complexities involved in their implementation, and the balance between security and manageability.She also covers the importance of Custom Resource Definitions and shares her perspective on emerging Kubernetes tools.In this KubeFM episode, you will learn:The importance of observability in troubleshooting network policies and how it aids in debugging complex issues.The trade-offs between the complexity of network policies and the security benefits
2024-05-0700 minKubeFM
KubeFMThe good, the bad and the ugly of templating YAML in Kubernetes, with Alexander BlockIn this KubeFM episode, Alexander Block delves into the intricacies of Kubernetes templating and deployment tools, sharing his journey from frustration with existing solutions to creating his tool, kluctl.Alex also discusses the challenges and solutions in Kubernetes templating and deployment, emphasizing the need for more adaptable tools in the Kubernetes ecosystem.You will learn:The fundamental flaws of Helm and how they impact Kubernetes deployments and tools packaging.How tools such as Kustomize, CUE, jsonnet are only a partial solution to templating.
2024-04-3036 minKubeFM
KubeFMThe good, the bad and the ugly of templating YAML in Kubernetes, with Alexander BlockIn this KubeFM episode, Alexander Block delves into the intricacies of Kubernetes templating and deployment tools, sharing his journey from frustration with existing solutions to creating his tool, kluctl.Alex also discusses the challenges and solutions in Kubernetes templating and deployment, emphasizing the need for more adaptable tools in the Kubernetes ecosystem.You will learn:The fundamental flaws of Helm and how they impact Kubernetes deployments and tools packaging.How tools such as Kustomize, CUE, jsonnet are only a partial solution to templating.
2024-04-3036 minKubeFM
KubeFMKubernetes needs a Long Term Support (LTS) release plan, with Mathew DugganWith the rapid pace of the cloud-native ecosystem, staying current with Kubernetes updates and managing upgrades becomes a daunting task for many organizations.In this KubeFM episode, Mat discusses the necessity of long-term support for Kubernetes and explores the intricacies of managing Kubernetes upgrades in a fast-evolving landscape.You will learn:The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles.Strategies for managing Kubernetes upgrades, including insights into the release cycle and...
2024-04-2344 minKubeFM
KubeFMKubernetes needs a Long Term Support (LTS) release plan, with Mathew DugganWith the rapid pace of the cloud-native ecosystem, staying current with Kubernetes updates and managing upgrades becomes a daunting task for many organizations.In this KubeFM episode, Mat discusses the necessity of long-term support for Kubernetes and explores the intricacies of managing Kubernetes upgrades in a fast-evolving landscape.You will learn:The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles.Strategies for managing Kubernetes upgrades, including insights into the release cycle and...
2024-04-2344 minKubeFM
KubeFMClusters are cattle until you deploy ingress, with Dan GarfieldEnsuring the repeatability of your infrastructure is a crucial aspect of managing Kubernetes clusters.This allows you to swiftly tear down and set up a new one, a practice that is quite handy.However, there are exceptional circumstances when your cluster becomes more than a disposable tool.Dan shared, "A Kubernetes cluster will be treated as disposable until you deploy ingress, and then it becomes a pet."In this episode, you will delve into the concept of 'disposable' and 'pet' Kubernetes clusters and learn:How you can...
2024-03-1949 minKubeFM
KubeFMClusters are cattle until you deploy ingress, with Dan GarfieldEnsuring the repeatability of your infrastructure is a crucial aspect of managing Kubernetes clusters.This allows you to swiftly tear down and set up a new one, a practice that is quite handy.However, there are exceptional circumstances when your cluster becomes more than a disposable tool.Dan shared, "A Kubernetes cluster will be treated as disposable until you deploy ingress, and then it becomes a pet."In this episode, you will delve into the concept of 'disposable' and 'pet' Kubernetes clusters and learn:How you can...
2024-03-1949 minKubeFM
KubeFMeBPF, sidecars, and the future of the service mesh, with William MorganService meshes and the community's opinion of them have changed drastically over the years.From being perceived as unnecessary, complicated and bloated, they matured into security and observability powerhouses (while still retaining much of their complexity).In this KubeFM episode, William deep dives into the world of service meshes and explains a few of the technical choices and trade-offs of service meshes in simple terms.You will learn:What is a service mesh and its design (i.e. control plane and data plane)....
2024-03-1256 minKubeFM
KubeFMeBPF, sidecars, and the future of the service mesh, with William MorganService meshes and the community's opinion of them have changed drastically over the years.From being perceived as unnecessary, complicated and bloated, they matured into security and observability powerhouses (while still retaining much of their complexity).In this KubeFM episode, William deep dives into the world of service meshes and explains a few of the technical choices and trade-offs of service meshes in simple terms.You will learn:What is a service mesh and its design (i.e. control plane and data plane)....
2024-03-1256 minKubeFM
KubeFMMoving cloud operations to a Kubernetes operator, with Steven SklarCan you run databases on Kubernetes and survive to tell the story?Or should you refrain from running stateful workloads as much as possible?In this KubeFM episode, Steven argues that you should run databases on Kubernetes.He also goes further and demonstrates how to build your custom operator to manage your database.Listen to the episode and learn how:You can use Kubebuilder and the Operator Framework to build your operator.Custom Resources lets you create higher abstractions...
2024-03-0523 minKubeFM
KubeFMMoving cloud operations to a Kubernetes operator, with Steven SklarCan you run databases on Kubernetes and survive to tell the story?Or should you refrain from running stateful workloads as much as possible?In this KubeFM episode, Steven argues that you should run databases on Kubernetes.He also goes further and demonstrates how to build your custom operator to manage your database.Listen to the episode and learn how:You can use Kubebuilder and the Operator Framework to build your operator.Custom Resources lets you create higher abstractions...
2024-03-0523 minKubeFM
KubeFMHow Structured Authentication Config changes Kubernetes auth, with Maksim NabokikhStructured Authentication Config is the most significant Kubernetes authentication system update in the last six years.In this KubeFM episode, Maksim explains how this is going to affect you:You can use multiple authentication providers simultaneously (e.g., Okta, Keycloak, GitLab) — no need for Dex.You can change the configuration dynamically without restarting the API server.You can use any JWT-compliant token for authentication.You can use CEL (Common Expression Language) to determine whether the token's claims match the user's at...
2024-02-2730 minKubeFM
KubeFMHow Structured Authentication Config changes Kubernetes auth, with Maksim NabokikhStructured Authentication Config is the most significant Kubernetes authentication system update in the last six years.In this KubeFM episode, Maksim explains how this is going to affect you:You can use multiple authentication providers simultaneously (e.g., Okta, Keycloak, GitLab) — no need for Dex.You can change the configuration dynamically without restarting the API server.You can use any JWT-compliant token for authentication.You can use CEL (Common Expression Language) to determine whether the token's claims match the user's at...
2024-02-2730 minKubeFM
KubeFMSurviving multi-tenancy in Kubernetes: lessons learned, with Artem LajkoIs sharing a cluster with multiple tenants worth it?Should you share or have a single dedicated cluster per team?In this KubeFM episode, Artem revisits his journey into Kubernetes multi-tenancy and discusses how the landscapes (and opinions) on multi-tenancy have changed over the years.Here's what you will learn:The trade-offs of multi-tenancy and the tooling necessary to make it happen (e.g. vCluster, Argo CD, Kamaji, etc.).The challenges of providing isolated monitoring and logging for tenants.How to...
2024-02-2031 minKubeFM
KubeFMSurviving multi-tenancy in Kubernetes: lessons learned, with Artem LajkoIs sharing a cluster with multiple tenants worth it?Should you share or have a single dedicated cluster per team?In this KubeFM episode, Artem revisits his journey into Kubernetes multi-tenancy and discusses how the landscapes (and opinions) on multi-tenancy have changed over the years.Here's what you will learn:The trade-offs of multi-tenancy and the tooling necessary to make it happen (e.g. vCluster, Argo CD, Kamaji, etc.).The challenges of providing isolated monitoring and logging for tenants.How to...
2024-02-2031 minKubeFM
KubeFMTroubleshooting a validation webhook all the way down to the kernel, with Alex MoverganHow hard could it be to debug a network issue where pod connections time out?It could take weeks if you are (un)fortunate like Alex.But Alex and his team didn't despair and found strength in adversity while learning several Kubernetes networking and kubespray lessons.In this KubeFM episode, you'll follow their journey and learn:How a simple connection refused led to debugging the kernel syscalls.How MetalLB works and uses Dynamic Admission webhooks.How Calico works and assigns...
2024-02-1337 minKubeFM
KubeFMTroubleshooting a validation webhook all the way down to the kernel, with Alex MoverganHow hard could it be to debug a network issue where pod connections time out?It could take weeks if you are (un)fortunate like Alex.But Alex and his team didn't despair and found strength in adversity while learning several Kubernetes networking and kubespray lessons.In this KubeFM episode, you'll follow their journey and learn:How a simple connection refused led to debugging the kernel syscalls.How MetalLB works and uses Dynamic Admission webhooks.How Calico works and assigns...
2024-02-1337 minKubeFM
KubeFMPod topology spread constraints might not be the best solution, with Martin Humlund ClausenPod Topology Spread Constraints is a convenient feature to control how pods are spread across your cluster among failure domains such as regions, zones, nodes, etc.You can also choose the pod distribution (skew), what happens when the constraint is unfulfillable (schedule anyway vs don't) and the interaction with pod affinity and taints.It's a great and straightforward feature, so what could possibly go wrong?In this episode of KubeFM, you will follow Martin and his team's journey in discovering and fixing a production incident (on a Friday afternoon)...
2024-02-0633 minKubeFM
KubeFMPod topology spread constraints might not be the best solution, with Martin Humlund ClausenPod Topology Spread Constraints is a convenient feature to control how pods are spread across your cluster among failure domains such as regions, zones, nodes, etc.You can also choose the pod distribution (skew), what happens when the constraint is unfulfillable (schedule anyway vs don't) and the interaction with pod affinity and taints.It's a great and straightforward feature, so what could possibly go wrong?In this episode of KubeFM, you will follow Martin and his team's journey in discovering and fixing a production incident (on a Friday afternoon)...
2024-02-0633 minKubeFM
KubeFMTransparently providing ARM nodes to 4000 engineers, with Miguel Bernabeu Diaz and Thibault JametOn average, Kubernetes nodes running on ARM instances are 20% cheaper than their AMD counterpart.Optimising your cloud bill is tempting, but how do you seamlessly migrate existing workloads to a different architecture?And how do you do it at scale, with more than 4000 engineers and 30 clusters in 4 regions?In this episode of KubeFM, Thibault and Miguel explain how Adevinta built an internal platform on Kubernetes for mixed AMD and ARM workloads.You will learn:The challenges they faced with validating containers for mixed architecture...
2024-01-301h 06KubeFM
KubeFMTransparently providing ARM nodes to 4000 engineers, with Miguel Bernabeu Diaz and Thibault JametOn average, Kubernetes nodes running on ARM instances are 20% cheaper than their AMD counterpart.Optimising your cloud bill is tempting, but how do you seamlessly migrate existing workloads to a different architecture?And how do you do it at scale, with more than 4000 engineers and 30 clusters in 4 regions?In this episode of KubeFM, Thibault and Miguel explain how Adevinta built an internal platform on Kubernetes for mixed AMD and ARM workloads.You will learn:The challenges they faced with validating containers for mixed architecture...
2024-01-301h 06KubeFM
KubeFMBarco: Linux containers from scratch in C, with Luca CavallinThe best way to learn something is to break it or to build it yourself.And that's precisely what Luca did to understand how Linux containers (and Docker) work: he built his own, Barco.In this episode of KubeFM, you will learn:Why Linux containers "don't exist" but are the product of several Linux features you can put together and configure properly to get what we know as containers.How Kernel features such as cgroups and namespaces isolate a process.How you can...
2024-01-2352 minKubeFM
KubeFMBarco: Linux containers from scratch in C, with Luca CavallinThe best way to learn something is to break it or to build it yourself.And that's precisely what Luca did to understand how Linux containers (and Docker) work: he built his own, Barco.In this episode of KubeFM, you will learn:Why Linux containers "don't exist" but are the product of several Linux features you can put together and configure properly to get what we know as containers.How Kernel features such as cgroups and namespaces isolate a process.How you can...
2024-01-2352 minKubeFM
KubeFMFoolproof Kubernetes with GKE, with Mathew DugganWhat if Kubernetes was so easy to install and manage to be foolproof?In this KubeFM, Mat argues that GKE is the only Kubernetes managed service that offers a beginner-friendly and thought-through experience in running a Kubernetes cluster.Follow Mat's journey to AKS, GKE and EKS and learn:How GKE autopilot can help you optimize costs and reduce underutilized node resources.How the GKE container-optimized OS prevents and eliminates an entire set of security misconfigurations in node management.How GCP's application...
2024-01-1649 minKubeFM
KubeFMFoolproof Kubernetes with GKE, with Mathew DugganWhat if Kubernetes was so easy to install and manage to be foolproof?In this KubeFM, Mat argues that GKE is the only Kubernetes managed service that offers a beginner-friendly and thought-through experience in running a Kubernetes cluster.Follow Mat's journey to AKS, GKE and EKS and learn:How GKE autopilot can help you optimize costs and reduce underutilized node resources.How the GKE container-optimized OS prevents and eliminates an entire set of security misconfigurations in node management.How GCP's application...
2024-01-1649 minKubeFM
KubeFMNetwork Policies are the wrong abstraction, with Ori ShoshanNetwork Policy usage is inverted.It's easier to list the services that you want to connect to, but Network Policy forces you to list all clients that can connect to your pod.How would you even know that another team plans to connect your apps?But if Network Policy is not the right tool, then what should you use?In this KubeFM podcast, you will explore:How Network Policies are not as bad as you might think, but they are low-level APIs
2023-12-121h 07KubeFM
KubeFMNetwork Policies are the wrong abstraction, with Ori ShoshanNetwork Policy usage is inverted.It's easier to list the services that you want to connect to, but Network Policy forces you to list all clients that can connect to your pod.How would you even know that another team plans to connect your apps?But if Network Policy is not the right tool, then what should you use?In this KubeFM podcast, you will explore:How Network Policies are not as bad as you might think, but they are low-level APIs
2023-12-121h 07KubeFM
KubeFMWhy Helm's design is flawed, with Jacco TaalHelm is a popular tool for templating and packaging Kubernetes resources, but does it mean it's the best?In this episode of KubeFM, Jacco draws a parallel between Helm and PHP and the similarity in which both tools became a success despite their focus on templating strings.You will also learn:Helm's flaws and how you can avoid them.Alternative tools that can (partially) replace Helm.How to manage third-party packages and templating internal YAML resources.Jacco shared several examples demonstrating...
2023-12-0527 minKubeFM
KubeFMWhy Helm's design is flawed, with Jacco TaalHelm is a popular tool for templating and packaging Kubernetes resources, but does it mean it's the best?In this episode of KubeFM, Jacco draws a parallel between Helm and PHP and the similarity in which both tools became a success despite their focus on templating strings.You will also learn:Helm's flaws and how you can avoid them.Alternative tools that can (partially) replace Helm.How to manage third-party packages and templating internal YAML resources.Jacco shared several examples demonstrating...
2023-12-0527 minKubeFM
KubeFMKubernetes base64 secrets are fine, with Mac ChaffeeBy default, Kubernetes Secrets are not encrypted; values are merely base64 encoded.And this is fine — at least, this is what Mac argues in this episode of KubeFM.Mac says it all comes down to thinking strategically about security and where the Secrets could be leaked.In this episode, you will learn:How to define a threat model to inform your security posture and mitigations.How Kubernetes Secrets offer sufficient guarantees for most common threat models.If you should us...
2023-11-2829 minKubeFM
KubeFMKubernetes base64 secrets are fine, with Mac ChaffeeBy default, Kubernetes Secrets are not encrypted; values are merely base64 encoded.And this is fine — at least, this is what Mac argues in this episode of KubeFM.Mac says it all comes down to thinking strategically about security and where the Secrets could be leaked.In this episode, you will learn:How to define a threat model to inform your security posture and mitigations.How Kubernetes Secrets offer sufficient guarantees for most common threat models.If you should us...
2023-11-2829 minKubeFM
KubeFMKubernetes on bare-metal: lessons learned, with Mathias PiusWhat does it take to build a Kubernetes cluster on bare metal?In this episode of KubeFM, you will learn how to plan and execute a successful setup for a bare-metal Kubernetes cluster.You will follow Mathias' journey as he rebuilt his cluster several times and learn how to:Identify dependencies and priorities between components to avoid incidents in the future.Leverage FluxCD to have a predictable and documented setup.Secure the nodes from external traffic with firewalls and Cilium cluster-wide network...
2023-11-2126 minKubeFM
KubeFMKubernetes on bare-metal: lessons learned, with Mathias PiusWhat does it take to build a Kubernetes cluster on bare metal?In this episode of KubeFM, you will learn how to plan and execute a successful setup for a bare-metal Kubernetes cluster.You will follow Mathias' journey as he rebuilt his cluster several times and learn how to:Identify dependencies and priorities between components to avoid incidents in the future.Leverage FluxCD to have a predictable and documented setup.Secure the nodes from external traffic with firewalls and Cilium cluster-wide network...
2023-11-2126 minKubeFM
KubeFMMigrating 24 services from Docker compose to Kubernetes, with Ronald Ramazanov and Vasily KolosovShould every project start with Kubernetes?And if not, when is the right time to switch without incurring (unbearable) technical debt?In this episode of KubeFM, you will learn how the team at Loovatech designed an app from scratch and decided to use Docker Compose to host their infrastructure cheaply and effectively in a single virtual machine.As the project grew, the team had to make the difficult choice to rearchitect their infrastructure and plan for scalability and fault tolerance.Follow their journey and learn:...
2023-11-1453 minKubeFM
KubeFMMigrating 24 services from Docker compose to Kubernetes, with Ronald Ramazanov and Vasily KolosovShould every project start with Kubernetes?And if not, when is the right time to switch without incurring (unbearable) technical debt?In this episode of KubeFM, you will learn how the team at Loovatech designed an app from scratch and decided to use Docker Compose to host their infrastructure cheaply and effectively in a single virtual machine.As the project grew, the team had to make the difficult choice to rearchitect their infrastructure and plan for scalability and fault tolerance.Follow their journey and learn:...
2023-11-1453 minKubeFM
KubeFMUpgrading hundreds of Kubernetes clusters, with Pierre MavroHow do you upgrade a Kubernetes cluster to the latest release without breaking anything?And what if you had to upgrade hundreds of clusters simultaneously?In this episode, Pierre explains the process, tooling and testing strategy in upgrading clusters at scale.You will learn:How the team at Qovery keeps updated with the latest (vanilla) Kubernetes changes and managed services changelogs.How to upgrade Helm charts gradually and safely. Pierre has some tips for Custom Resource Definitions (CRDs).How to ...
2023-10-3146 minKubeFM
KubeFMUpgrading hundreds of Kubernetes clusters, with Pierre MavroHow do you upgrade a Kubernetes cluster to the latest release without breaking anything?And what if you had to upgrade hundreds of clusters simultaneously?In this episode, Pierre explains the process, tooling and testing strategy in upgrading clusters at scale.You will learn:How the team at Qovery keeps updated with the latest (vanilla) Kubernetes changes and managed services changelogs.How to upgrade Helm charts gradually and safely. Pierre has some tips for Custom Resource Definitions (CRDs).How to ...
2023-10-3146 minKubeFM
KubeFMUnpacking observability, ditching Prometheus, with Hannah Maxwell and Adriana VillelaAre logs enough to troubleshoot your deployment and infrastructure?Perhaps, but there's a better way to observe, monitor and debug your stack: embracing observability.In this episode, Adriana explains how she learned to love Open Telemetry and:How you can combine Traces, Metrics and logs to really understand the root cause of your production issues.What the Open Telemetry Collector is, and how it can simplify the ingestion of traces, logs and metrics without tying you into a particular vendor?How to convince...
2023-10-1748 minKubeFM
KubeFMUnpacking observability, ditching Prometheus, with Hannah Maxwell and Adriana VillelaAre logs enough to troubleshoot your deployment and infrastructure?Perhaps, but there's a better way to observe, monitor and debug your stack: embracing observability.In this episode, Adriana explains how she learned to love Open Telemetry and:How you can combine Traces, Metrics and logs to really understand the root cause of your production issues.What the Open Telemetry Collector is, and how it can simplify the ingestion of traces, logs and metrics without tying you into a particular vendor?How to convince...
2023-10-1748 minKubeFM
KubeFMReducing compute capacity by 40% on EKS with Bottlerocket and Karpenter, with Gazal GafoorFollow Gazal's journey as he shares the lessons learned in adopting, rolling out and scaling EKS clusters at Target Australia over seven years.You will learn:What is Bottlerocket OS.How Bottlerocket helps with securing your workloads.Karpenter as an alternative to the Cluster Autoscaler.How Karpenter can efficiently schedule and de-provision workloads.Gazal hinted at a 40% reduction in compute capacity when combining Bottlerocket OS and Karpenter (and 30% lower response times).More...
2023-10-1032 minKubeFM
KubeFMReducing compute capacity by 40% on EKS with Bottlerocket and Karpenter, with Gazal GafoorFollow Gazal's journey as he shares the lessons learned in adopting, rolling out and scaling EKS clusters at Target Australia over seven years.You will learn:What is Bottlerocket OS.How Bottlerocket helps with securing your workloads.Karpenter as an alternative to the Cluster Autoscaler.How Karpenter can efficiently schedule and de-provision workloads.Gazal hinted at a 40% reduction in compute capacity when combining Bottlerocket OS and Karpenter (and 30% lower response times).More...
2023-10-1032 minKubeFM
KubeFMMaking autoscaling dead simple in Kubernetes: KEDA, with Jorge TurradoHow do you scale your pods on queue length?In this episode, you will learn:How KEDA simplifies autoscaling in Kubernetes thanks to its vast collection of metrics collectors (i.e. scalers).Jorge's journey in tech: how he levelled up from passing wires as an electrician to learning Go and becoming a KEDA maintainer.Two must-try KEDA scalers: the HTTP add-on to scale to zero and the Carbon-aware scaler for reducing your carbon footprint.You will also dive into...
2023-10-0230 minKubeFM
KubeFMMaking autoscaling dead simple in Kubernetes: KEDA, with Jorge TurradoHow do you scale your pods on queue length?In this episode, you will learn:How KEDA simplifies autoscaling in Kubernetes thanks to its vast collection of metrics collectors (i.e. scalers).Jorge's journey in tech: how he levelled up from passing wires as an electrician to learning Go and becoming a KEDA maintainer.Two must-try KEDA scalers: the HTTP add-on to scale to zero and the Carbon-aware scaler for reducing your carbon footprint.You will also dive into...
2023-10-0230 minKubeFM
KubeFMKubernetes v1.28: Planternetes, with Grace NguyenTL;DR: Learn the most exciting changes that made it to Kubernetes 1.28 from Grace — the Kubernetes release lead.Kubernetes 1.28 brought us a few notable changes:Sidecar containers are officially recognised as a container (not just a container pattern).Pods from StatefulSet no longer get stuck into Terminating if a node is lost unexpectedly.Validating Admission Policy graduates to Beta.This podcast addresses the new features and dives into what it takes to release a new Kubernetes version.Grace Nguyen (Kubernetes 1.28 release le...
2023-09-1826 minKubeFM
KubeFMKubernetes v1.28: Planternetes, with Grace NguyenTL;DR: Learn the most exciting changes that made it to Kubernetes 1.28 from Grace — the Kubernetes release lead.Kubernetes 1.28 brought us a few notable changes:Sidecar containers are officially recognised as a container (not just a container pattern).Pods from StatefulSet no longer get stuck into Terminating if a node is lost unexpectedly.Validating Admission Policy graduates to Beta.This podcast addresses the new features and dives into what it takes to release a new Kubernetes version.Grace Nguyen (Kubernetes 1.28 release le...
2023-09-1826 min