If you're trying to make sense of when to use Kubernetes and when to avoid it, this episode offers a practical perspective based on real-world experience running production workloads.Paul Butler, founder of Jamsocket, discusses how to identify necessary vs unnecessary complexity in Kubernetes and explains how his team successfully runs production workloads by being selective about which features they use.You will learn:The three compelling reasons to use Kubernetes are managing multiple services across machines, defining infrastructure as code, and leveraging built-in redundancy.Why to be cautious with features like CRDs, StatefulSets, and Helm and how to evaluate if you really need them.How to stay on the "happy path" in Kubernetes by focusing on stable and simple resources like Deployments, Services, and ConfigMaps.When to consider alternatives like Google Cloud Run for simpler deployments that don't need the full complexity of KubernetesSponsorThis episode is sponsored by Syntasso, the creators of Kratix, a framework for building composable internal developer platformsMore infoFind all the links and info for this episode here: https://kube.fm/kubernetes-hater-s-guide-paulInterested in sponsoring an episode? Learn more.
This episode explores Admission Controllers and Webhooks with Gordon Myers, who shares his experience implementing webhook solutions in production. Gordon explains the lifecycle of Kubernetes API requests and how webhooks can intercept and modify resources before they are stored in etcd.You will learn:How the Kubernetes API processes requests through authentication, authorization, and Admission Controllers.The difference between Validating and Mutating webhooks and how to implement them using JSON Patch.Best practices for testing webhooks and avoiding common pitfalls that can break cluster deployments.Real-world examples of webhook implementations, including injecting secrets from HashiCorp Vault into containers.SponsorThis episode is sponsored by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training.More infoFind all the links and info for this episode here: https://kube.fm/webhooks-aop-gordonInterested in sponsoring an episode? Learn more.
Are you facing challenges with pre-production environments in Kubernetes?This KubeFM episode shows how to implement efficient deployment previews and solve data seeding bottlenecks.Nick Nikitas, Senior Platform Engineer at Blueground, shares how his team transformed their static pre-production environments into dynamic previews using ArgoCD Application Sets, Wave and Velero.He explains their journey from managing informal environment sharing between teams to implementing a scalable preview system that reduced environment creation time from 19 minutes to 25 seconds.You will learn:How to implement GitOps-based preview environments with Argo CD Application Sets and PR generators for automatic environment creation and cleanup.How to control cloud costs with TTL-based termination and FIFO queues to manage the number of active preview environments.How to optimize data seeding using Velero, AWS EBS snapshots, and Kubernetes PVC management to achieve near-instant environment creation.SponsorThis episode is sponsored by Loft Labs — simplify Kubernetes with vCluster, the leading solution for Kubernetes multi-tenancy and cost savings.More infoFind all the links and info for this episode here: https://kube.fm/deployment-previews-nickInterested in sponsoring an episode? Learn more.
Discover how a seemingly simple 502 error in Kubernetes can uncover complex interactions between Go and containerized environments.Emin Laletović, a solution architect at Hybird Technologies, shares his experience debugging a production issue in which a specific API endpoint failed due to out-of-memory errors.He walks through the systematic investigation process, from initial log checks to uncovering the root cause in Go's memory management within Kubernetes.You will learn:How Go's garbage collector interacts with Kubernetes resource limits, potentially leading to unexpected OOMKilled errors.The importance of the GOMEMLIMIT environment variable in Go 1.19+ for managing memory usage in containerized environments.Debugging techniques for memory-related issues in Kubernetes, including GODEBUG for garbage collector tracing.Considerations for optimizing Go applications in Kubernetes, balancing performance and resource utilization.SponsorThis episode is sponsored by StormForge – Double your Kubernetes resource utilization and unburden developers from sizing complexity with the first HPA-compatible vertical pod rightsizing solution. Try it for free.More infoFind all the links and info for this episode here: https://kube.fm/kubernetes-go-eminInterested in sponsoring an episode? Learn more.
This episode offers a rare glimpse into the design decisions that shaped the world's most popular container orchestration platform.Brian Grant, CTO of ConfigHub and former tech lead on Google's Borg team discusses the Kubernetes Resource Model (KRM) and its profound impact on the Kubernetes ecosystem.He explains how KRM's resource-centric API patterns enable Kubernetes' flexibility and extensibility and influence the entire cloud native landscape.You will learn:How the Kubernetes API evolved from inconsistency to a uniform structure, enabling support for thousands of resource types.Why Kubernetes' self-describing resources and Server-side Apply simplify client implementations and configuration management.The evolution of Kubernetes configuration tools like Helm, Kustomize, and GitOps solutions.Current trends and future directions in Kubernetes configuration, including potential AI-driven enhancements.SponsorThis episode is sponsored by StormForge – Double your Kubernetes resource utilization and unburden developers from sizing complexity with the first HPA-compatible vertical pod rightsizing solution. Try it for free.More infoFind all the links and info for this episode here: https://kube.fm/krm-brianInterested in sponsoring an episode? Learn more.
Dive into the world of GitOps and compare two of the most popular tools in the CNCF landscape: Argo CD and Flux CD.Andrei Kvapil, CEO and Founder of Aenix, breaks down the strengths and weaknesses of Argo CD and Flux CD, helping you understand which tool might best fit your team's needs.You will learn:The different philosophies behind the tools.How they handle access control and deployment restrictions.Their trade-offs in usability and conformance to infrastructure as code.Why there is no one-size-fits-all in the GitOps world.SponsorThis episode is sponsored by DigitalOcean — learn how GPUs for DigitalOcean Kubernetes can enable your AI/ML workloads.More infoFind all the links and info for this episode here: https://kube.fm/flux-vs-argo-andreiInterested in sponsoring an episode? Learn more.
Eric Jalal, an independent consultant and Kubernetes developer, explains how Kubernetes is fundamentally built on familiar Linux features. He discusses why understanding Linux is crucial for working with Kubernetes and how this knowledge can simplify your approach to cloud-native technologies.You will learn:Why Eric considers Kubernetes to be "just Linux" and how it wraps existing Linux technologies.The importance of understanding Linux fundamentals (file systems, networking, storage).How Kubernetes provides a standard and consistent interface for managing Linux-based infrastructure.Why learning Linux deeply can make Kubernetes adoption an incremental step rather than a giant leapSponsorThis episode is sponsored by Learnk8s — get started on your Kubernetes journey through comprehensive online, in-person or remote training.More infoFind all the links and info for this episode here: https://kube.fm/kubernetes-just-linux-ericInterested in sponsoring an episode? Learn more.
Alexandre Souza, a senior platform engineer at Getir, shares his expertise in managing large-scale environments and configuring requests, limits, and autoscaling.He explores the challenges of over-provisioning and under-provisioning and discusses strategies for optimizing resource allocation using tools like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA).You will learn:How to set appropriate resource requests and limits to balance application performance and cost-efficiency in large-scale Kubernetes environments.Strategies for implementing and configuring Horizontal Pod Autoscaler (HPA), including scaling policies and behavior management.The differences between CPU and memory management in Kubernetes and their impact on workload performance.Techniques for leveraging tools like KubeCost and StormForge to automate resource optimization.SponsorThis episode is sponsored by VictoriaMetrics - request a free trial for VictoriaMetrics enterprise today.More infoFind all the links and info for this episode here: https://kube.fm/hpa-at-scale-alexInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Kensei Kanada discusses Tortoise, an open-source project he developed at Mercari to tackle Kubernetes resource optimization challenges. He explains the limitations of existing solutions like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA), and how Tortoise aims to provide a more comprehensive and automated approach to resource management in Kubernetes clusters.You will learn:The complexities of resource optimization in Kubernetes, including the challenges of managing HPA, VPA, and manual tuning of resource requests and limitsHow Tortoise automates resource optimization by replacing HPA and VPA, reducing the need for manual intervention and continuous tuningThe technical implementation of Tortoise, including its use of Custom Resource Definitions (CRDs) and how it interacts with existing Kubernetes componentsStrategies for adopting and migrating to new tools like Tortoise in a large-scale Kubernetes environmentSponsorThis episode is sponsored by Learnk8s — estimate the perfect cluster node with the Kubernetes Instance CalculatorMore infoFind all the links and info for this episode here: https://kube.fm/tortoise-kenseiInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Ángel Barrera discusses Adidas' strategic shift to a GitOps-based container platform management system, initiated in May 2022, and its impact on their global infrastructure.You will learn:The initial state and challenges: Understand the complexities and inefficiencies of Adidas' pre-GitOps infrastructure.The transition process: Explore the steps and strategies used to migrate to a GitOps-based system, including tool changes and planning.Technical advantages: Learn about the benefits of the pull mechanism, unified configuration, and improved visibility into cluster states.Developer and business feedback: Gain insights into the feedback from developers and the business side, and how they were convinced to invest in the migration.SponsorThis episode is sponsored by ControlPlane — empower your Kubernetes deployments with ControlPlane Enterprise for Flux CD.More infoFind all the links and info for this episode here: https://kube.fm/platform-gitops-angelInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Miguel Luna discusses the intricacies of Observability in Kubernetes, including its components, tools, and future trends.You will learn:The fundamental components of Observability: metrics, logs, and traces, and their roles in understanding system performance and health.Key tools and projects: insights into Keptn and OpenTelemetry and their significance in the Observability ecosystem.The integration of AI technologies: how AI is shaping the future of Observability in Kubernetes.Practical steps for implementing Observability: starting points, what to monitor, and how to manage alerts effectively.SponsorThis episode is sponsored by Learnk8s — estimate the perfect cluster node with the Kubernetes Instance CalculatorMore infoFind all the links and info for this episode here: https://kube.fm/observability-kubernetes-miguelInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Harsha explores the intricacies of Kubernetes security, focusing on the benefits and misconceptions of Distroless container images and the broader aspects of container security.You will learn:The advantages and limitations of Distroless container images: understand why these images are smaller, have a reduced attack surface and are not inherently secure.Best practices for container security: gain insights into selecting base images, managing dependencies, and fortifying your infrastructure at every layer.Supply chain security: explore how the supply chain can be an attack vector and the importance of signing artifacts and validating sources.Emerging Kubernetes tools and future projects: discover the latest tools Harsha is monitoring and get a sneak peek into his upcoming projects, including a new podcast and a tool for simulating multistage attacks in cloud-native environments.SponsorThis episode is sponsored by Learnk8s — estimate the perfect cluster node with the Kubernetes Instance CalculatorMore infoFind all the links and info for this episode here: https://kube.fm/abusing-distroless-harshaInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Yakir and Assaf from Aqua Security explore how a robust Kubernetes secrets strategy is necessary to prevent leaks and maintain a strong security posture.You will learn:How Kubernetes secrets are leaked, and what tools can you use to prevent that (Hint: Yakir and Assaf suggested using more than one.)How shadow IT is a more significant threat you might think and why companies should monitor personal Github repositories.What happens when a secret is leaked and how attackers exploit your resources (or further gain access to more).SponsorThis episode is sponsored by Isovalent — watch the top Kubernetes security use cases that Tetragon and eBPF cover for platform teamsMore infoFind all the links and info for this episode here: https://kube.fm/exposed-secrets-yakir-assafInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Stéphane shares his journey of migrating, optimizing and scaling Jenkins in Kubernetes.He discusses the technical challenges, solutions, and strategies employed.You will learn:How Jenkins on Kubernetes was scaled to handle 10,000 weekly builds.How they started their journey in 2015 and how the cluster has evolved in the past nine years.The challenges of managing builds in Jenkins: Docker in Docker, Docker out of Docker and KubeVirt.The lessons learned in created ephemeral environments.SponsorThis episode is sponsored by CloudBees — learn how to use Kubernetes pods as Jenkins agentsMore infoFind all the links and info for this episode here: https://kube.fm/10k-builds-jenkins-stephaneInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Hans, a Principal Cloud engineer, shares his experiences empowering teams to use, build and manage platforms built on Kubernetes.You will learn:How OpenTelemetry and Prometheus shape cluster management and observability.The role of tools like ArgoCD and Flux in enabling GitOps and streamlining deployment processes.The significance of governance tools such as Gatekeeper and OPA for secure and validated resource creation.The benefits of Custom Resource Definitions (CRDs) and operators in automating processes and enhancing the developer experience.SponsorThis episode is sponsored by Sysdig — 5 Steps to Securing KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/platform-engineering-hansInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Hillai and Ronen, security researchers at Wiz, explore the intricacies of hacking Alibaba Cloud's Kubernetes cluster.They share their experiences and insights on identifying and exploiting vulnerabilities, mainly focusing on misconfigurations and their impact on cloud security.You will learn:How Hillai and Ronen gained access to a Kubernetes cluster through a Postgres database.How they moved laterally and managed to obtain push and pull rights to a private container registry.Recommendations for securing multi-tenant Kubernetes clusters and maintaining environment hygiene.More infoFind all the links and info for this episode here: https://kube.fm/hacking-alibaba-ronen-hillaiInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Faris shares his experience managing CoreDNS and scaling Kubernetes clusters with 900 nodes and 15k pods.He shares the challenges and solutions encountered during an incident, providing valuable insights into maintaining a robust Kubernetes environment.You will learn:The importance of scaling the Kubernetes control plane for large clusters.Strategies for optimizing CoreDNS to ensure efficient DNS resolution and prevent incidents.The pros and cons of using VictoriaMetrics versus Prometheus for monitoring and observability.Tips for maintaining a calm and effective team dynamic during high-stress situations.SponsorThis episode is sponsored by Datadog — a single, unified platform for monitoring CoreDNS alongside the rest of your stack. Try it free for 14 days and get a free t-shirtMore infoFind all the links and info for this episode here: https://kube.fm/coredns-scaling-farrisInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Mircea shares his journey of migrating a home lab to Kubernetes, specifically choosing Talos over other operating systems like Ubuntu, Flatcar, or Bottlerocket.Mircea also discusses his decision-making process and experiences in setting up and optimizing his Kubernetes home lab.You will learn:What is Talos Linux and how it compares to other operating systems.The challenges and considerations involved in migrating to Kubernetes, including selecting network plugins and GitOps.Insights into managing and securing Kubernetes clusters, focusing on the advantages of immutable operating systems.SponsorThis episode is brought to you by Digital Ocean — enjoy a free $200 credit when you start using DigitalOcean KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/talos-mirceaInterested in sponsoring an episode? Learn more.
With a passion for security and a knack for troubleshooting, Jen discusses the critical role of network policies in Kubernetes security, the complexities involved in their implementation, and the balance between security and manageability.She also covers the importance of Custom Resource Definitions and shares her perspective on emerging Kubernetes tools.In this KubeFM episode, you will learn:The importance of observability in troubleshooting network policies and how it aids in debugging complex issues.The trade-offs between the complexity of network policies and the security benefits they provide.The skills, thought process and humility behind troubleshooting technologies you are unfamiliar with.SponsorThis episode is brought to you by Otterize — automate workload IAM policies: zero-friction development, zero-trust security.More infoFind all the links and info for this episode here: https://kube.fm/network-observability-jenInterested in sponsoring an episode? Learn more.
In this KubeFM episode, Alexander Block delves into the intricacies of Kubernetes templating and deployment tools, sharing his journey from frustration with existing solutions to creating his tool, kluctl.Alex also discusses the challenges and solutions in Kubernetes templating and deployment, emphasizing the need for more adaptable tools in the Kubernetes ecosystem.You will learn:The fundamental flaws of Helm and how they impact Kubernetes deployments and tools packaging.How tools such as Kustomize, CUE, jsonnet are only a partial solution to templating.Alternatives to Helm and the future of Kubernetes resource templating and distribution.SponsorThis episode is sponsored by Komodor — simplify cluster management and troubleshooting to unlock the full value of Kubernetes.More infoFind all the links and info for this episode here: https://kube.fm/kluctl-templating-codablockInterested in sponsoring an episode? Learn more.