Claim OwnershipKubeFM
Subscribed: 13Played: 123
Subscribe
© 2023-2024 KubeFM
Description
Discover all the great things happening in the world of Kubernetes, learn (controversial) opinions from the experts and explore the successes (and failures) of running Kubernetes at scale.
22 Episodes
Reverse
In this KubeFM episode, Alexander Block delves into the intricacies of Kubernetes templating and deployment tools, sharing his journey from frustration with existing solutions to creating his tool, kluctl.Alex also discusses the challenges and solutions in Kubernetes templating and deployment, emphasizing the need for more adaptable tools in the Kubernetes ecosystem.You will learn:The fundamental flaws of Helm and how they impact Kubernetes deployments and tools packaging.How tools such as Kustomize, CUE, jsonnet are only a partial solution to templating.Alternatives to Helm and the future of Kubernetes resource templating and distribution.SponsorThis episode is sponsored by Komodor — simplify cluster management and troubleshooting to unlock the full value of Kubernetes.More infoFind all the links and info for this episode here: https://kube.fm/kluctl-templating-codablockInterested in sponsoring an episode? Learn more.
With the rapid pace of the cloud-native ecosystem, staying current with Kubernetes updates and managing upgrades becomes a daunting task for many organizations.In this KubeFM episode, Mat discusses the necessity of long-term support for Kubernetes and explores the intricacies of managing Kubernetes upgrades in a fast-evolving landscape.You will learn:The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles.Strategies for managing Kubernetes upgrades, including insights into the release cycle and the potential pitfalls of the upgrading process.The role of managed services and semi-automatic upgrades in simplifying Kubernetes maintenance for organizations, especially in cost optimization and resource constraints.The implications of charging for support of older Kubernetes versions and the potential for a community-based approach to navigating the complexities of Kubernetes upgrades.SponsorThis episode is sponsored by Learnk8s — expert Kubernetes training for your teamMore infoFind all the links and info for this episode here: https://kube.fm/kubernetes-lts-matInterested in sponsoring an episode? Learn more.
1Ensuring the repeatability of your infrastructure is a crucial aspect of managing Kubernetes clusters.This allows you to swiftly tear down and set up a new one, a practice that is quite handy.However, there are exceptional circumstances when your cluster becomes more than a disposable tool.Dan shared, "A Kubernetes cluster will be treated as disposable until you deploy ingress, and then it becomes a pet."In this episode, you will delve into the concept of 'disposable' and 'pet' Kubernetes clusters and learn:How you can use GitOps to create a repeatable infrastructure that syncs.How resources such as the Ingress and external-dns require careful maintenance and monitoring to make your cluster special.How Crossplane and vCluster help you define repeatable environments that are disposable.All the flavours for Argo: Workflows, Autopilot, CD, etc., and "Project" a newer abstraction to manage apps across environments.SponsorThis episode is sponsored by Learnk8s — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/ingress-gitops-danInterested in sponsoring an episode? Learn more.
Service meshes and the community's opinion of them have changed drastically over the years.From being perceived as unnecessary, complicated and bloated, they matured into security and observability powerhouses (while still retaining much of their complexity).In this KubeFM episode, William deep dives into the world of service meshes and explains a few of the technical choices and trade-offs of service meshes in simple terms.You will learn:What is a service mesh and its design (i.e. control plane and data plane).How Ambient mesh departs from the traditional sidecar model and how it affects reliability and security.Why there's more than just eBPF in sidecarless service meshes and the limitation of this technology.The direct costs (compute) and human factors involved in operating a service mesh.SponsorThis episode is sponsored by Learnk8s — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/service-mesh-williamInterested in sponsoring an episode? Learn more.
Can you run databases on Kubernetes and survive to tell the story?Or should you refrain from running stateful workloads as much as possible?In this KubeFM episode, Steven argues that you should run databases on Kubernetes.He also goes further and demonstrates how to build your custom operator to manage your database.Listen to the episode and learn how:You can use Kubebuilder and the Operator Framework to build your operator.Custom Resources lets you create higher abstractions to manage your infrastructure as code.Steven's operator manages hundreds of databases at scale at QuestDB.SponsorThis episode is sponsored by Learnk8s — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/operators-stevenInterested in sponsoring an episode? Learn more.
Structured Authentication Config is the most significant Kubernetes authentication system update in the last six years.In this KubeFM episode, Maksim explains how this is going to affect you:You can use multiple authentication providers simultaneously (e.g., Okta, Keycloak, GitLab) — no need for Dex.You can change the configuration dynamically without restarting the API server.You can use any JWT-compliant token for authentication.You can use CEL (Common Expression Language) to determine whether the token's claims match the user's attributes in Kubernetes (username, group).SponsorThis episode is sponsored by Learnk8s — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/structured-authentication-maksimInterested in sponsoring an episode? Learn more.
Is sharing a cluster with multiple tenants worth it?Should you share or have a single dedicated cluster per team?In this KubeFM episode, Artem revisits his journey into Kubernetes multi-tenancy and discusses how the landscapes (and opinions) on multi-tenancy have changed over the years.Here's what you will learn:The trade-offs of multi-tenancy and the tooling necessary to make it happen (e.g. vCluster, Argo CD, Kamaji, etc.).The challenges of providing isolated monitoring and logging for tenants.How to design and architect a platform on Kubernetes to optimise your developer's experience.SponsorThis episode is sponsored by Learnk8s — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/multitenancy-artemInterested in sponsoring an episode? Learn more.
How hard could it be to debug a network issue where pod connections time out?It could take weeks if you are (un)fortunate like Alex.But Alex and his team didn't despair and found strength in adversity while learning several Kubernetes networking and kubespray lessons.In this KubeFM episode, you'll follow their journey and learn:How a simple connection refused led to debugging the kernel syscalls.How MetalLB works and uses Dynamic Admission webhooks.How Calico works and assigns a range of IP addresses to pods (and what you should watch out for).How to use tcpdump and strace to debug network traffic.And as a bonus, Alex shared his knowledge of onboarding engineers and how to perfect the process.Spoiler alert: this episode goes into a great level of (networking) detail, but the solution turned out to be very simple.SponsorThis episode is sponsored by Learnk8s — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/troubleshooting-kernel-alexInterested in sponsoring an episode? Learn more.
Pod Topology Spread Constraints is a convenient feature to control how pods are spread across your cluster among failure domains such as regions, zones, nodes, etc.You can also choose the pod distribution (skew), what happens when the constraint is unfulfillable (schedule anyway vs don't) and the interaction with pod affinity and taints.It's a great and straightforward feature, so what could possibly go wrong?In this episode of KubeFM, you will follow Martin and his team's journey in discovering and fixing a production incident (on a Friday afternoon) due to a misconfiguration.You will also learn:What are Pod Topology Spread Constraints, and how to use them?How unfulfillable scheduling requirements could lead to un-schedulable pods.How to detect and alert on unscheduled pods.How to manage your team during an incident to keep them calm and focused.SponsorThis episode is sponsored by Learnk8s — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/pod-topology-martinInterested in sponsoring an episode? Learn more.
On average, Kubernetes nodes running on ARM instances are 20% cheaper than their AMD counterpart.Optimising your cloud bill is tempting, but how do you seamlessly migrate existing workloads to a different architecture?And how do you do it at scale, with more than 4000 engineers and 30 clusters in 4 regions?In this episode of KubeFM, Thibault and Miguel explain how Adevinta built an internal platform on Kubernetes for mixed AMD and ARM workloads.You will learn:The challenges they faced with validating containers for mixed architecture with a mutating webhook and the open source solution they came up with: noe.Building an internal platform requires careful planning and designing simple interfaces that are backwards compatible.How to not DDoS your container registries.How to onboard users to an internal platform and evangelise it.SponsorThis episode is sponsored by Learnk8s — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/arm-nodes-thibault-miguelInterested in sponsoring an episode? Learn more.
The best way to learn something is to break it or to build it yourself.And that's precisely what Luca did to understand how Linux containers (and Docker) work: he built his own, Barco.In this episode of KubeFM, you will learn:Why Linux containers "don't exist" but are the product of several Linux features you can put together and configure properly to get what we know as containers.How Kernel features such as cgroups and namespaces isolate a process.How you can use seccomp and capabilities to secure the container.How to make the right syscall from C to build your own container engine.Also, Luca explained how he learned how to build Barco from scratch, detailing the (struggle) to find reputable sources and (lack of) respected books.SponsorThis episode is sponsored by Learnk8s — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://kube.fm/barco-lucaInterested in sponsoring an episode? Learn more.
What if Kubernetes was so easy to install and manage to be foolproof?In this KubeFM, Mat argues that GKE is the only Kubernetes managed service that offers a beginner-friendly and thought-through experience in running a Kubernetes cluster.Follow Mat's journey to AKS, GKE and EKS and learn:How GKE autopilot can help you optimize costs and reduce underutilized node resources.How the GKE container-optimized OS prevents and eliminates an entire set of security misconfigurations in node management.How GCP's application of machine learning on the IAM permissions can help you gradually refine security permissions as applications are deployed.But Mat didn't stop there and had more food for thought:Are we over-logging and over-monitoring in Kubernetes?CNI and Ingress have evolved since their inception. What happens now that we are stuck with those decision choices?Is there a simpler alternative to Kubernetes that is multi-cloud and cloud agnostic, and what could it look like?More infoFind all the links and info for this episode here: https://kube.fm/foolproof-gke-matInterested in sponsoring an episode? Learn more.
Network Policy usage is inverted.It's easier to list the services that you want to connect to, but Network Policy forces you to list all clients that can connect to your pod.How would you even know that another team plans to connect your apps?But if Network Policy is not the right tool, then what should you use?In this KubeFM podcast, you will explore:How Network Policies are not as bad as you might think, but they are low-level APIs that are not always practical to use directly.Intent-based Access Control (IBAC) as a higher-level abstraction to describe your network segmentation requirements.How you can use IBAC to generate Network Policies, Istio Authorization Policies, AWS IAM & Roles, and more.More infoFind all the links and info for this episode here: https://kube.fm/network-policies-oriInterested in sponsoring an episode? Learn more.
Helm is a popular tool for templating and packaging Kubernetes resources, but does it mean it's the best?In this episode of KubeFM, Jacco draws a parallel between Helm and PHP and the similarity in which both tools became a success despite their focus on templating strings.You will also learn:Helm's flaws and how you can avoid them.Alternative tools that can (partially) replace Helm.How to manage third-party packages and templating internal YAML resources.Jacco shared several examples demonstrating duplication in Helm charts and a lack of structured typing.More infoFind all the links and info for this episode here: https://kube.fm/helm-flawed-jaccoInterested in sponsoring an episode? Learn more.
By default, Kubernetes Secrets are not encrypted; values are merely base64 encoded.And this is fine — at least, this is what Mac argues in this episode of KubeFM.Mac says it all comes down to thinking strategically about security and where the Secrets could be leaked.In this episode, you will learn:How to define a threat model to inform your security posture and mitigations.How Kubernetes Secrets offer sufficient guarantees for most common threat models.If you should use Hashicorp Vault or Kubernetes Secrets (and when not to use auto-unsealing).Mac also covers tips and advice on becoming a security expert.More infoFind all the links and info for this episode here: https://kube.fm/kubernetes-secrets-macInterested in sponsoring an episode? Learn more.
What does it take to build a Kubernetes cluster on bare metal?In this episode of KubeFM, you will learn how to plan and execute a successful setup for a bare-metal Kubernetes cluster.You will follow Mathias' journey as he rebuilt his cluster several times and learn how to:Identify dependencies and priorities between components to avoid incidents in the future.Leverage FluxCD to have a predictable and documented setup.Secure the nodes from external traffic with firewalls and Cilium cluster-wide network policies.Use Talos to have a self-contained Kubernetes operating system.Mathias also shared tips and advice for other engineers embarking on the same process.More infoFind all the links and info for this episode here: https://kube.fm/bare-metal-kubernetes-mathiasInterested in sponsoring an episode? Learn more.
Should every project start with Kubernetes?And if not, when is the right time to switch without incurring (unbearable) technical debt?In this episode of KubeFM, you will learn how the team at Loovatech designed an app from scratch and decided to use Docker Compose to host their infrastructure cheaply and effectively in a single virtual machine.As the project grew, the team had to make the difficult choice to rearchitect their infrastructure and plan for scalability and fault tolerance.Follow their journey and learn:How to migrate from a single Docker Compose file with 24 containers to Kubernetes.How to verify that your apps are stateless and what changes are necessary to deploy them into Kubernetes.How to manage expectations and explain the value of a complex migration to your boss or (non-tech-savvy) customers.Vasily and Ronald also shared how they integrated ArgoCD and their existing CI/CD to leverage push and pull-based GitOps and their plans to incorporate multi-tenancy and custom metrics.More infoFind all the links and info for this episode here: https://kube.fm/docker-compose-migration-vasily-ronaldInterested in sponsoring an episode? Learn more.
How do you upgrade a Kubernetes cluster to the latest release without breaking anything?And what if you had to upgrade hundreds of clusters simultaneously?In this episode, Pierre explains the process, tooling and testing strategy in upgrading clusters at scale.You will learn:How the team at Qovery keeps updated with the latest (vanilla) Kubernetes changes and managed services changelogs.How to upgrade Helm charts gradually and safely. Pierre has some tips for Custom Resource Definitions (CRDs).How to test API deprecations with end-to-end testing.How to automate the process of upgrading clusters.You will also learn from Pierre's experience in managing stateful applications in Kubernetes with 4500 nodes on bare metal.More infoFind all the links and info for this episode here: https://kube.fm/upgrading-100s-clusters-pierreInterested in sponsoring an episode? Learn more.
Are logs enough to troubleshoot your deployment and infrastructure?Perhaps, but there's a better way to observe, monitor and debug your stack: embracing observability.In this episode, Adriana explains how she learned to love Open Telemetry and:How you can combine Traces, Metrics and logs to really understand the root cause of your production issues.What the Open Telemetry Collector is, and how it can simplify the ingestion of traces, logs and metrics without tying you into a particular vendor?How to convince colleagues and the business to adopt new technologies.In this episode, Bart also invited a special guest, Hannah (Adriana's daughter), to ensure that Adriana tells the truth and nothing but the truth.Hannah shared some great tips on public speaking and… baking!More infoFind all the links and info for this episode here: https://kube.fm/adriana-hannah-unpacking-o11yInterested in sponsoring an episode? Learn more.
Follow Gazal's journey as he shares the lessons learned in adopting, rolling out and scaling EKS clusters at Target Australia over seven years.You will learn:What is Bottlerocket OS.How Bottlerocket helps with securing your workloads.Karpenter as an alternative to the Cluster Autoscaler.How Karpenter can efficiently schedule and de-provision workloads.Gazal hinted at a 40% reduction in compute capacity when combining Bottlerocket OS and Karpenter (and 30% lower response times).More infoFind all the links and info for this episode here: https://kube.fm/gazal-eks-bottlerocket-karpenterInterested in sponsoring an episode? Learn more.
Comments
Download from Google Play
Download from App Store
United States