KubeFM

Alexandre Souza, a senior platform engineer at Getir, dives into the art of managing large-scale Kubernetes environments. He uncovers the pitfalls of over- and under-provisioning while detailing strategies for optimizing resource requests and limits. Expect insights on configuring the Horizontal Pod Autoscaler (HPA) effectively, and the importance of balancing CPU and memory for better performance. Souza also discusses automation tools like KubeCost and StormForge, alongside tips for fostering team buy-in for resource management practices.

In this KubeFM episode, Kensei Kanada discusses Tortoise, an open-source project he developed at Mercari to tackle Kubernetes resource optimization challenges. He explains the limitations of existing solutions like Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA), and how Tortoise aims to provide a more comprehensive and automated approach to resource management in Kubernetes clusters.You will learn:The complexities of resource optimization in Kubernetes, including the challenges of managing HPA, VPA, and manual tuning of resource requests and limitsHow Tortoise automates resource optimization by replacing HPA and VPA, reducing the need for manual intervention and continuous tuningThe technical implementation of Tortoise, including its use of Custom Resource Definitions (CRDs) and how it interacts with existing Kubernetes componentsStrategies for adopting and migrating to new tools like Tortoise in a large-scale Kubernetes environmentSponsorThis episode is sponsored by Learnk8s — estimate the perfect cluster node with the Kubernetes Instance CalculatorMore infoFind all the links and info for this episode here: https://ku.bz/bRd0243xQInterested in sponsoring an episode? Learn more.

In this KubeFM episode, Ángel Barrera discusses Adidas' strategic shift to a GitOps-based container platform management system, initiated in May 2022, and its impact on their global infrastructure.You will learn:The initial state and challenges: Understand the complexities and inefficiencies of Adidas' pre-GitOps infrastructure.The transition process: Explore the steps and strategies used to migrate to a GitOps-based system, including tool changes and planning.Technical advantages: Learn about the benefits of the pull mechanism, unified configuration, and improved visibility into cluster states.Developer and business feedback: Gain insights into the feedback from developers and the business side, and how they were convinced to invest in the migration.SponsorThis episode is sponsored by ControlPlane — empower your Kubernetes deployments with ControlPlane Enterprise for Flux CD.More infoFind all the links and info for this episode here: https://ku.bz/-5QbzQXJgInterested in sponsoring an episode? Learn more.

Miguel Luna, an expert in Observability within Kubernetes, shares his insights on key components like metrics, logs, and traces. He delves into essential tools such as OpenTelemetry and discusses the transformative role of AI in monitoring systems. Listeners will learn about practical steps for implementing observability, improving alert management, and the importance of clear communication among teams. Miguel also emphasizes visual thinking as a powerful tool for navigating complex technical documentation, making observability more accessible.

In this KubeFM episode, Harsha explores the intricacies of Kubernetes security, focusing on the benefits and misconceptions of Distroless container images and the broader aspects of container security.You will learn:The advantages and limitations of Distroless container images: understand why these images are smaller, have a reduced attack surface and are not inherently secure.Best practices for container security: gain insights into selecting base images, managing dependencies, and fortifying your infrastructure at every layer.Supply chain security: explore how the supply chain can be an attack vector and the importance of signing artifacts and validating sources.Emerging Kubernetes tools and future projects: discover the latest tools Harsha is monitoring and get a sneak peek into his upcoming projects, including a new podcast and a tool for simulating multistage attacks in cloud-native environments.SponsorThis episode is sponsored by Learnk8s — estimate the perfect cluster node with the Kubernetes Instance CalculatorMore infoFind all the links and info for this episode here: https://ku.bz/n_sJ04xMYInterested in sponsoring an episode? Learn more.

In this KubeFM episode, Yakir and Assaf from Aqua Security explore how a robust Kubernetes secrets strategy is necessary to prevent leaks and maintain a strong security posture.You will learn:How Kubernetes secrets are leaked, and what tools can you use to prevent that (Hint: Yakir and Assaf suggested using more than one.)How shadow IT is a more significant threat you might think and why companies should monitor personal Github repositories.What happens when a secret is leaked and how attackers exploit your resources (or further gain access to more).SponsorThis episode is sponsored by Isovalent — watch the top Kubernetes security use cases that Tetragon and eBPF cover for platform teamsMore infoFind all the links and info for this episode here: https://ku.bz/5RKVBGlQRInterested in sponsoring an episode? Learn more.

In this KubeFM episode, Stéphane shares his journey of migrating, optimizing and scaling Jenkins in Kubernetes.He discusses the technical challenges, solutions, and strategies employed.You will learn:How Jenkins on Kubernetes was scaled to handle 10,000 weekly builds.How they started their journey in 2015 and how the cluster has evolved in the past nine years.The challenges of managing builds in Jenkins: Docker in Docker, Docker out of Docker and KubeVirt.The lessons learned in created ephemeral environments.SponsorThis episode is sponsored by CloudBees — learn how to use Kubernetes pods as Jenkins agentsMore infoFind all the links and info for this episode here: https://ku.bz/Rg42-LLvQInterested in sponsoring an episode? Learn more.

Sven Hans Knecht, a Principal Cloud Engineer, shares his journey empowering teams with Kubernetes technology. He discusses how OpenTelemetry and Prometheus enhance observability and cluster management. The conversation dives into GitOps with tools like ArgoCD and Flux for streamlined deployments. Governance tools, including Gatekeeper and OPA, are highlighted for secure resource management. Sven also emphasizes the role of Custom Resource Definitions in automating processes while balancing developer self-service with necessary compliance.

In this KubeFM episode, Hillai and Ronen, security researchers at Wiz, explore the intricacies of hacking Alibaba Cloud's Kubernetes cluster.They share their experiences and insights on identifying and exploiting vulnerabilities, mainly focusing on misconfigurations and their impact on cloud security.You will learn:How Hillai and Ronen gained access to a Kubernetes cluster through a Postgres database.How they moved laterally and managed to obtain push and pull rights to a private container registry.Recommendations for securing multi-tenant Kubernetes clusters and maintaining environment hygiene.More infoFind all the links and info for this episode here: https://ku.bz/yr16qNTFxInterested in sponsoring an episode? Learn more.

In this KubeFM episode, Faris shares his experience managing CoreDNS and scaling Kubernetes clusters with 900 nodes and 15k pods.He shares the challenges and solutions encountered during an incident, providing valuable insights into maintaining a robust Kubernetes environment.You will learn:The importance of scaling the Kubernetes control plane for large clusters.Strategies for optimizing CoreDNS to ensure efficient DNS resolution and prevent incidents.The pros and cons of using VictoriaMetrics versus Prometheus for monitoring and observability.Tips for maintaining a calm and effective team dynamic during high-stress situations.SponsorThis episode is sponsored by Datadog — a single, unified platform for monitoring CoreDNS alongside the rest of your stack. Try it free for 14 days and get a free t-shirtMore infoFind all the links and info for this episode here: https://ku.bz/4QD3kFP60Interested in sponsoring an episode? Learn more.