8 episodes

Discover all the great things happening in the world of Kubernetes, learn (controversial) opinions from the experts and explore the successes (and failures) of running Kubernetes at scale.

KubeFM KubeFM

    • Technology

Discover all the great things happening in the world of Kubernetes, learn (controversial) opinions from the experts and explore the successes (and failures) of running Kubernetes at scale.

    Kubernetes base64 secrets are fine, with Mac Chaffee

    Kubernetes base64 secrets are fine, with Mac Chaffee

    By default, Kubernetes Secrets are not encrypted; values are merely base64 encoded.
    And this is fine — at least, this is what Mac argues in this episode of KubeFM.
    Mac says it all comes down to thinking strategically about security and where the Secrets could be leaked.
    In this episode, you will learn:
    How to define a threat model to inform your security posture and mitigations.
    How Kubernetes Secrets offer sufficient guarantees for most common threat models.
    If you should use Hashicorp Vault or Kubernetes Secrets (and when not to use auto-unsealing).
    Mac also covers tips and advice on becoming a security expert.
    Find all the links and info for this episode here: https://kube.fm/kubernetes-secrets-mac
    Links
    Plain Kubernetes secrets are fine
    FluxCD
    kube-prometheus-stack
    Prometheus Operator
    Alert Manager
    Prometheus
    Grafana
    Gatekeeper
    Helm charts
    Gatekeeper policy for privilege pods
    Gatekeeper policy for Ingresses with wildcard hostnames
    Argo CD
    Kubernetes secrets
    etcd
    Base64
    Threat model
    Formal methods to threat modeling
    Bitnami Sealed Secrets
    Hashicrop Vault
    Vault Shamir secret sharing
    Vault auto-unsealing
    HSM backed Vault
    Vault HA configuration
    "keep it secret, keep it safe." — Gandalf
    SWOT analysis
    Chaos Engineering by Kelly Shortridge

    • 29 min
    Kubernetes on bare-metal: lessons learned, with Mathias Pius

    Kubernetes on bare-metal: lessons learned, with Mathias Pius

    What does it take to build a Kubernetes cluster on bare metal?
    In this episode of KubeFM, you will learn how to plan and execute a successful setup for a bare-metal Kubernetes cluster.
    You will follow Mathias' journey as he rebuilt his cluster several times and learn how to:
    Identify dependencies and priorities between components to avoid incidents in the future.
    Leverage FluxCD to have a predictable and documented setup.
    Secure the nodes from external traffic with firewalls and Cilium cluster-wide network policies.
    Use Talos to have a self-contained Kubernetes operating system.
    Mathias also shared tips and advice for other engineers embarking on the same process.
    Find all the links and info for this episode here: https://kube.fm/bare-metal-kubernetes-mathias
    Links
    8-part series: Kubernetes on bare-metal
    Argo CD
    Flux CD
    cert-manager
    external-dns
    Habbo Hotel
    AutoIt
    K3S
    K0S
    Talos
    Hetzner
    Cal Newport
    Harbor
    Flatcar Linux
    KubeVirt
    kube-ovn
    Cilium
    Flannel
    Cilium cluster-wide network policies
    CiliumCon in Amsterdam
    Cilium: policy audit mode
    r/kubernetes
    Datavirke

    • 26 min
    Migrating 24 services from Docker compose to Kubernetes, with Ronald Ramazanov and Vasily Kolosov

    Migrating 24 services from Docker compose to Kubernetes, with Ronald Ramazanov and Vasily Kolosov

    Should every project start with Kubernetes?
    And if not, when is the right time to switch without incurring (unbearable) technical debt?
    In this episode of KubeFM, you will learn how the team at Loovatech designed an app from scratch and decided to use Docker Compose to host their infrastructure cheaply and effectively in a single virtual machine.
    As the project grew, the team had to make the difficult choice to rearchitect their infrastructure and plan for scalability and fault tolerance.
    Follow their journey and learn:
    How to migrate from a single Docker Compose file with 24 containers to Kubernetes.
    How to verify that your apps are stateless and what changes are necessary to deploy them into Kubernetes.
    How to manage expectations and explain the value of a complex migration to your boss or (non-tech-savvy) customers.
    Vasily and Ronald also shared how they integrated ArgoCD and their existing CI/CD to leverage push and pull-based GitOps and their plans to incorporate multi-tenancy and custom metrics.
    Find all the links and info for this episode here: https://kube.fm/docker-compose-migration-vasily-ronald
    Links
    Loovatech
    Docker Compose
    ArgoCD
    Prometheus
    Grafana
    KEDA
    Ansible
    Terraform
    Kubernetes documentation
    Application migration from Docker Compose to Kubernetes. How, why, and what problems we’ve encountered
    Using Docker Compose
    Picvario
    Docker Swarm
    Uploading and copying objects using multipart upload in AWS S3
    Celery
    FFMPG
    Amazon Elastic File System
    KubeSpray
    AWS EKS
    Azure AKS
    AWS EKS changelog
    Helm charts
    TeamCity
    ArgoCD user guide: Helm
    GitOps: Push-based vs. Pull-based Deployments
    Flux CD
    How to autoscale apps on Kubernetes with custom metrics
    CloudFormation
    TerraGrant
    CapCut
    Ian Coldwater

    • 53 min
    Upgrading hundreds of Kubernetes clusters, with Pierre Mavro

    Upgrading hundreds of Kubernetes clusters, with Pierre Mavro

    How do you upgrade a Kubernetes cluster to the latest release without breaking anything?
    And what if you had to upgrade hundreds of clusters simultaneously?
    In this episode, Pierre explains the process, tooling and testing strategy in upgrading clusters at scale.
    You will learn:
    How the team at Qovery keeps updated with the latest (vanilla) Kubernetes changes and managed services changelogs.
    How to upgrade Helm charts gradually and safely. Pierre has some tips for Custom Resource Definitions (CRDs).
    How to test API deprecations with end-to-end testing.
    How to automate the process of upgrading clusters.
    You will also learn from Pierre's experience in managing stateful applications in Kubernetes with 4500 nodes on bare metal.
    Find all the links and info for this episode here: https://kube.fm/upgrading-100s-clusters-pierre
    Links
    The cost of upgrading hundreds of Kubernetes clusters
    K9s
    External DNS
    cert-manager
    ingress-nginx
    Prometheus
    Metric server
    Prometheus adapter
    Qovery
    KubeSpray
    Kubernetes the hard way
    Pod Distruption Budget
    StatefulSet
    Vertical Pod Autoscaler
    Cluster Autoscaler
    Horizontal Pod Autoscaler
    Kubernetes changelog
    Kubent
    Popeye
    kdave
    Pluto
    Loki
    helm-freeze
    Testing Helm charts
    helm install --atomic
    helm install --wait
    KubeCon EU 2024

    • 46 min
    Unpacking observability, ditching Prometheus, with Hannah Maxwell and Adriana Villela

    Unpacking observability, ditching Prometheus, with Hannah Maxwell and Adriana Villela

    Are logs enough to troubleshoot your deployment and infrastructure?
    Perhaps, but there's a better way to observe, monitor and debug your stack: embracing observability.
    In this episode, Adriana explains how she learned to love Open Telemetry and:
    How you can combine Traces, Metrics and logs to really understand the root cause of your production issues.
    What the Open Telemetry Collector is, and how it can simplify the ingestion of traces, logs and metrics without tying you into a particular vendor?
    How to convince colleagues and the business to adopt new technologies.
    In this episode, Bart also invited a special guest, Hannah (Adriana's daughter), to ensure that Adriana tells the truth and nothing but the truth.
    Hannah shared some great tips on public speaking and… baking!
    Find all the links and info for this episode here: https://kube.fm/adriana-hannah-unpacking-o11y
    Links
    Argo CD
    GitOps
    OpenTelemetry operator
    OpenTelemetry
    CNCF landscape
    ServiceNow Cloud Observability
    Red Hat Openshift
    Geeking Out podcast
    On Call Me Maybe podcast
    Charity Majors
    Adriana's Medium blog
    ELK stack
    SLA vs SLO vs SLI
    Open Telemetry signals: traces, metrics, logs
    Open Telemetry instrumentation
    OpenTelemetry Q&A Feat. Hazel Weakly
    KubeCon North America 2023
    Open Telemtry End User Working Group
    OpenTelemetry Community End User Surveys
    OpenTelemetry collector
    Prometheus receiver
    Prometheus metrics
    Liz Fong-Jones
    Ted Young
    Toronto CNCF meetup
    Observability Day 2023
    All Things Open 2023

    • 48 min
    Reducing compute capacity by 40% on EKS with Bottlerocket and Karpenter, with Gazal Gafoor

    Reducing compute capacity by 40% on EKS with Bottlerocket and Karpenter, with Gazal Gafoor

    Follow Gazal's journey as he shares the lessons learned in adopting, rolling out and scaling EKS clusters at Target Australia over seven years.
    You will learn:
    What is Bottlerocket OS.
    How Bottlerocket helps with securing your workloads.
    Karpenter as an alternative to the Cluster Autoscaler.
    How Karpenter can efficiently schedule and de-provision workloads.
    Gazal hinted at a 40% reduction in compute capacity when combining Bottlerocket OS and Karpenter (and 30% lower response times).
    Find all the links and info for this episode here: https://kube.fm/gazal-eks-bottlerocket-karpenter
    Links
    Bolstering Security & Automating Management of Target Australia’s EKS clusters
    Karpenter
    Metrics Server
    Cluster Autoscaler
    OpenTelemetry
    OSGi
    Apache Mesos
    Jenkins X
    Tekton
    Prow
    Kubernetes Slack
    kOps
    Terraform AWS EKS
    IAM Roles for Service Accounts
    AWS EBS CSI driver
    AWS CNI
    Amazon VPC CNI now supports Kubernetes Network Policies
    Server-side apply
    AWS Controllers for Kubernetes (ACK)
    AWS Load Balancer Controller
    Bottlerocket OS
    Amazon Linux 2
    CIS benchmarks
    Deprovisioning in Karpenter
    AWS Node Termination Handler
    Scheduling in Karpenter
    Karpenter Provisioner CRD

    • 32 min

Top Podcasts In Technology

BBC Radio 4
Boston Consulting Group BCG
Lex Fridman
The New York Times
Financial Times
Ben Gilbert and David Rosenthal

You Might Also Like

Abdel Sghiouar, Kaslin Fields
Changelog Media
Amazon Web Services
Jupiter Broadcasting