KubeFM

With the rapid pace of the cloud-native ecosystem, staying current with Kubernetes updates and managing upgrades becomes a daunting task for many organizations.In this KubeFM episode, Mat discusses the necessity of long-term support for Kubernetes and explores the intricacies of managing Kubernetes upgrades in a fast-evolving landscape.You will learn:The importance of long-term support (LTS) for Kubernetes and how it can alleviate the challenges associated with the platform's rapid release cycles.Strategies for managing Kubernetes upgrades, including insights into the release cycle and the potential pitfalls of the upgrading process.The role of managed services and semi-automatic upgrades in simplifying Kubernetes maintenance for organizations, especially in cost optimization and resource constraints.The implications of charging for support of older Kubernetes versions and the potential for a community-based approach to navigating the complexities of Kubernetes upgrades.SponsorThis episode is sponsored by LearnKube — expert Kubernetes training for your teamMore infoFind all the links and info for this episode here: https://ku.bz/dVJW_qgF2Interested in sponsoring an episode? Learn more.

Ensuring the repeatability of your infrastructure is a crucial aspect of managing Kubernetes clusters.This allows you to swiftly tear down and set up a new one, a practice that is quite handy.However, there are exceptional circumstances when your cluster becomes more than a disposable tool.Dan shared, "A Kubernetes cluster will be treated as disposable until you deploy ingress, and then it becomes a pet."In this episode, you will delve into the concept of 'disposable' and 'pet' Kubernetes clusters and learn:How you can use GitOps to create a repeatable infrastructure that syncs.How resources such as the Ingress and external-dns require careful maintenance and monitoring to make your cluster special.How Crossplane and vCluster help you define repeatable environments that are disposable.All the flavours for Argo: Workflows, Autopilot, CD, etc., and "Project" a newer abstraction to manage apps across environments.SponsorThis episode is sponsored by LearnKube — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://ku.bz/m3YNgCh1WInterested in sponsoring an episode? Learn more.

In this podcast, William Morgan discusses the evolution of service meshes in Kubernetes, including the design, costs, and human factors involved. He explains how ambient mesh differs from the traditional sidecar model and delves into the power and limitations of eBPF technology. The episode also explores the future of service meshes in the Kubernetes ecosystem, organizational applications, and networking abstractions.

Steven Sklar, a senior Cloud engineer at QuestDB, dives into the nitty-gritty of managing databases on Kubernetes. He advocates for running stateful workloads, sharing his expertise on building custom operators using Kubebuilder and the Operator Framework. Sklar discusses his unique transition from finance to cloud-native tech and emphasizes the balance between using managed services and self-management. He also reflects on the significance of practical experience for those entering the tech field and the role of documentation in successful operator deployment.

Structured Authentication Config is the most significant Kubernetes authentication system update in the last six years.In this KubeFM episode, Maksim explains how this is going to affect you:You can use multiple authentication providers simultaneously (e.g., Okta, Keycloak, GitLab) — no need for Dex.You can change the configuration dynamically without restarting the API server.You can use any JWT-compliant token for authentication.You can use CEL (Common Expression Language) to determine whether the token's claims match the user's attributes in Kubernetes (username, group).SponsorThis episode is sponsored by LearnKube — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://ku.bz/lDCTZPPr2Interested in sponsoring an episode? Learn more.

Is sharing a cluster with multiple tenants worth it?Should you share or have a single dedicated cluster per team?In this KubeFM episode, Artem revisits his journey into Kubernetes multi-tenancy and discusses how the landscapes (and opinions) on multi-tenancy have changed over the years.Here's what you will learn:The trade-offs of multi-tenancy and the tooling necessary to make it happen (e.g. vCluster, Argo CD, Kamaji, etc.).The challenges of providing isolated monitoring and logging for tenants.How to design and architect a platform on Kubernetes to optimise your developer's experience.SponsorThis episode is sponsored by LearnKube — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://ku.bz/zp0L7-xM4Interested in sponsoring an episode? Learn more.

How hard could it be to debug a network issue where pod connections time out?It could take weeks if you are (un)fortunate like Alex.But Alex and his team didn't despair and found strength in adversity while learning several Kubernetes networking and kubespray lessons.In this KubeFM episode, you'll follow their journey and learn:How a simple connection refused led to debugging the kernel syscalls.How MetalLB works and uses Dynamic Admission webhooks.How Calico works and assigns a range of IP addresses to pods (and what you should watch out for).How to use tcpdump and strace to debug network traffic.And as a bonus, Alex shared his knowledge of onboarding engineers and how to perfect the process.Spoiler alert: this episode goes into a great level of (networking) detail, but the solution turned out to be very simple.SponsorThis episode is sponsored by LearnKube — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://ku.bz/P5Y-NrSW5Interested in sponsoring an episode? Learn more.

Pod Topology Spread Constraints is a convenient feature to control how pods are spread across your cluster among failure domains such as regions, zones, nodes, etc.You can also choose the pod distribution (skew), what happens when the constraint is unfulfillable (schedule anyway vs don't) and the interaction with pod affinity and taints.It's a great and straightforward feature, so what could possibly go wrong?In this episode of KubeFM, you will follow Martin and his team's journey in discovering and fixing a production incident (on a Friday afternoon) due to a misconfiguration.You will also learn:What are Pod Topology Spread Constraints, and how to use them?How unfulfillable scheduling requirements could lead to un-schedulable pods.How to detect and alert on unscheduled pods.How to manage your team during an incident to keep them calm and focused.SponsorThis episode is sponsored by LearnKube — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://ku.bz/pCFzfGtHSInterested in sponsoring an episode? Learn more.

On average, Kubernetes nodes running on ARM instances are 20% cheaper than their AMD counterpart.Optimising your cloud bill is tempting, but how do you seamlessly migrate existing workloads to a different architecture?And how do you do it at scale, with more than 4000 engineers and 30 clusters in 4 regions?In this episode of KubeFM, Thibault and Miguel explain how Adevinta built an internal platform on Kubernetes for mixed AMD and ARM workloads.You will learn:The challenges they faced with validating containers for mixed architecture with a mutating webhook and the open source solution they came up with: noe.Building an internal platform requires careful planning and designing simple interfaces that are backwards compatible.How to not DDoS your container registries.How to onboard users to an internal platform and evangelise it.SponsorThis episode is sponsored by LearnKube — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://ku.bz/_k-Y1jgFSInterested in sponsoring an episode? Learn more.

The best way to learn something is to break it or to build it yourself.And that's precisely what Luca did to understand how Linux containers (and Docker) work: he built his own, Barco.In this episode of KubeFM, you will learn:Why Linux containers "don't exist" but are the product of several Linux features you can put together and configure properly to get what we know as containers.How Kernel features such as cgroups and namespaces isolate a process.How you can use seccomp and capabilities to secure the container.How to make the right syscall from C to build your own container engine.Also, Luca explained how he learned how to build Barco from scratch, detailing the (struggle) to find reputable sources and (lack of) respected books.SponsorThis episode is sponsored by LearnKube — become an expert in KubernetesMore infoFind all the links and info for this episode here: https://ku.bz/5W1r90mvPInterested in sponsoring an episode? Learn more.