SREKubeCraft | Nikos Nikolakakis

KServe - Production ML Serving on Kubernetes, from sklearn to LLMs

Sun, 03 May 2026 00:00:00 +0000

In November 2025, KServe joined the CNCF as an incubating project. For a project that started life as KFServing inside Kubeflow back in 2019, this was the formal recognition that ML model serving on Kubernetes had grown up. KServe is now the closest thing the cloud-native ecosystem has to a standard for putting trained models behind an API: scikit-learn, XGBoost, PyTorch, TensorFlow, ONNX, Triton, and increasingly Large Language Models all served through the same InferenceService CRD with the same scale-to-zero, autoscaling, traffic splitting, and observability primitives.

Dapr - Building a Safe Platform for Citizen Developer Apps on Kubernetes

Sun, 19 Apr 2026 00:00:00 +0000

Something shifted in 2025. People who had never written a line of code started building working applications. Not toy scripts - real Flask APIs, Express dashboards, data pipelines. The catalyst was LLMs like Claude, ChatGPT, and Copilot. A marketing analyst could describe what they needed in plain English and walk away with a functioning Python app. An operations manager could build an internal dashboard without filing a Jira ticket to engineering.

OAuth2-Proxy - Securing MCP Servers on Kubernetes Before Hackers Find Them First

Tue, 24 Mar 2026 00:00:00 +0000

The Model Context Protocol is everywhere. In less than two years since Anthropic announced it, MCP has become the standard way AI agents connect to external tools: databases, filesystems, code execution environments, Kubernetes clusters. OpenAI adopted it. The Linux Foundation governs it. There are over 5,000 community MCP servers and counting.

Here’s the problem: many of the self-hosted ones have zero authentication.

To be clear, not all MCP servers have this problem. Vendor-managed MCP servers like Atlassian’s (Jira, Confluence), Slack, or Datadog handle authentication on their side through API tokens and OAuth flows baked into their platform. The problem is specifically with self-hosted MCP servers: the ones you deploy yourself on your own infrastructure. Servers like DBHub for databases, filesystem servers, Kubernetes MCP servers, or code execution environments. When you run these in HTTP transport mode, anyone who can reach the endpoint can use them. No API key. No token validation. No user identity.

Knative - The Platform Engineer's Guide to Serverless on Kubernetes

Sun, 08 Mar 2026 00:00:00 +0000

Every platform team eventually faces the same tension: developers want the simplicity of serverless, but the organization needs the control and portability of Kubernetes. Cloud-specific solutions like AWS Lambda or Google Cloud Run solve the developer experience problem, but they lock you into a single vendor’s ecosystem. When you’re running workloads across multiple clouds or on-premises, that’s a non-starter.

Knative bridges this gap. It’s an open-source, Kubernetes-native platform that brings serverless capabilities -automatic scaling, scale-to-zero, event-driven architectures -to any Kubernetes cluster. No vendor lock-in, no proprietary runtimes, just standard OCI containers running on infrastructure you already manage.

PDB Management Operator - Intelligent Pod Disruption Budget Automation for Kubernetes

Thu, 01 Jan 2026 00:00:00 +0000

Pod Disruption Budgets (PDBs) are critical for maintaining application availability during voluntary disruptions like node drains, cluster upgrades, or autoscaler operations. Yet in practice, PDB management often becomes an afterthought - teams either forget to create them, configure them incorrectly, or struggle to maintain consistency across hundreds of deployments.

The PDB Management Operator solves this problem by automating PDB lifecycle management based on availability requirements, organizational policies, and component functions. Originally developed as a personal project, I donated it to the TM Forum ODA Canvas project to help telcos and enterprises manage availability at scale.

Kratix - Building Self-Service Platform Capabilities for Kubernetes

Sun, 07 Dec 2025 00:00:00 +0000

Platform engineering is about reducing friction while maintaining guardrails. As organizations scale their Kubernetes footprint across multiple clusters and environments, the need for self-service platform capabilities becomes critical. Teams shouldn’t raise tickets to get observability, databases, or development environments they should be able to provision what they need on demand, within clear boundaries.

Kratix is a framework designed to solve exactly this problem. In this post, I’ll explore what Kratix is, its strengths and limitations, and demonstrate a practical use case: building an on-demand Datadog stack that SREs can install and uninstall across clusters with a simple kubectl command.

Building a Multi-Tenancy Platform with Capsule and vCluster - Hard vs Soft Isolation

Mon, 03 Nov 2025 00:00:00 +0000

I’ve been running multi-tenant Kubernetes platforms for years, and the conversation always comes down to the same question: how isolated do tenants really need to be? The answer determines whether you’re managing one shared cluster or a hundred separate ones, and it has massive implications for cost, complexity, and operational overhead.

The industry has two emerging answers: Capsule (a CNCF sandbox project) for namespace-based soft multi-tenancy, and vCluster (an open-source project by Loft Labs) for virtual cluster hard isolation. Both solve real problems. But they take fundamentally different approaches.

Kubernetes Autoscaling Beyond HPA - Event-Driven KEDA and VPA Resource Optimization

Mon, 13 Oct 2025 00:00:00 +0000

I have spent years fighting the same “battle”: pods running out of memory at 3 AM, or paying for idle resources sitting at 10% utilization. HPA works great when your traffic follows a predictable curve, but what happens when you are processing background jobs, running analytics during business hours, or dealing with sudden database load spikes?

The built-in Horizontal Pod Autoscaler does one thing well. It scales pods based on CPU and memory. That’s fine for basic web apps, but completely useless when you need to scale based on queue depth, database connections, or time based patterns. I have watched teams write custom controllers and hacky scripts just to solve these problems.

Litmus Chaos - Enterprise-Grade Chaos Engineering for Kubernetes

Sun, 17 Aug 2025 00:00:00 +0000

Chaos engineering validates system resilience by introducing controlled failures. LitmusChaos makes this practice accessible for Kubernetes environments, giving SRE teams the tools to test failure scenarios before they happen in production.

Why Chaos Engineering Matters for SREs

Real failures don’t wait for convenient times. Networks partition during peak traffic. Nodes fail during deployments. Memory leaks surface under load. Traditional testing catches functional bugs but misses reliability gaps.

LitmusChaos helps answer critical SRE questions:

Cilium Tetragon - Next-Generation Runtime Security for Kubernetes

Sat, 02 Aug 2025 00:00:00 +0000

In the ever-evolving landscape of Kubernetes security, runtime protection has become a critical concern for SREs and platform engineers. While we’ve made great strides with admission controllers, network policies, and vulnerability scanning, there’s always been a gap in real-time threat detection and prevention at the kernel level. Enter Cilium Tetragon, a powerful eBPF-based security observability and runtime enforcement platform that’s revolutionizing how we approach Kubernetes security.

What is Cilium Tetragon?

Cilium Tetragon is an open-source, eBPF-based security observability and runtime enforcement platform that provides deep visibility into system behavior with minimal overhead. As part of the Cilium project (now a CNCF graduated project), Tetragon leverages eBPF technology to hook into the Linux kernel and monitor system calls, network events, and file operations in real-time.

Nushell for SREs - Modern Shell Scripting for Internal Tools

Mon, 28 Apr 2025 00:00:00 +0000

Site Reliability Engineers (SREs) often live in the command line, juggling Bash scripts, one-liners, and the occasional Go/Python tool to automate tasks. Yet building complex internal CLI tools or automation workflows with traditional shells can be painful and error-prone. Enter Nushell – a modern, cross-platform shell that treats data as structured tables instead of plain text. Nushell (or just nu) aims to blend the convenience of shell scripting with the robustness of a programming language. In this post, we’ll introduce Nushell and show how it can empower SREs to craft internal CLIs and automation with far less frustration than Bash, while avoiding the overhead of compiled languages. What is Nushell? Nushell is a new type of shell (written in Rust) that draws inspiration from PowerShell, functional programming, and modern CLI tools.

DevPod Open-Source Dev Environments as Code for SREs and Platform Engineers

Sun, 20 Apr 2025 00:00:00 +0000

Modern cloud-native development can be a double-edged sword for Site Reliability Engineering (SRE) and platform teams. On one hand, containerization and microservices have improved deployment consistency; on the other hand, setting up developer environments for complex stacks has become a daunting task. As one engineer put it, configuring each developer’s machine used to be “sweat, toil, and blood on every project”. Today’s applications often require a constellation of services – SQL and NoSQL databases, message brokers like Kafka, and more – making onboarding and environment consistency a serious challenge. SREs and platform engineers are tasked with ensuring reliability from code to production, which means development environments must be consistent, secure, and quick to provision. DevPod is a tool designed to address these needs head-on. In this post, we’ll explore what DevPod is, its core capabilities, and how it tackles key cloud-native development problems such as developer onboarding, infrastructure standardization, and secure remote environments – all from an SRE/platform engineering perspective.

Simplifying Kubernetes Service Mesh - A Deep Dive into Istio Ambient Mesh

Sun, 13 Apr 2025 00:00:00 +0000

From an SRE perspective, the goal is always to reduce operational burden while increasing reliability and observability. Ambient Mesh introduces a new paradigm that aligns with SRE principles by eliminating the sidecar model—reducing resource overhead, simplifying debugging, and accelerating service onboarding across environments.

Managing observability, security, and reliability across microservices is no small feat. Service meshes like Istio promise consistency—but they often come at the cost of complexity and resource overhead. Enter Istio Ambient Mesh: a sidecar-less approach that redefines how service meshes operate, focusing on performance, simplicity, and flexibility.

Building an Internal Developer Portal with Backstage, AKS, Crossplane, and Argo CD

Sat, 22 Mar 2025 00:00:00 +0000

Introduction

Modern cloud-native organizations are increasingly adopting Internal Developer Portals (IDPs) to streamline developer experience and platform operations. An IDP serves as a centralized “single pane of glass” for developers to interact with infrastructure and tools, reducing cognitive load while enabling self-service. Instead of navigating scattered scripts, manuals, and ticketing systems, engineers get a one-stop hub to create and manage resources. This paved road approach to software development saves time and improves developer satisfaction by standardizing workflows and automating repetitive tasks.

Why ArgoCD Matters for SREs - A GitOps Approach to Kubernetes Deployments

Fri, 07 Mar 2025 00:00:00 +0000

Introduction

Site Reliability Engineers (SREs) aim to ensure reliability, scalability, and efficiency in managing applications and infrastructure. One of the key challenges in Kubernetes deployments is maintaining consistency across environments while reducing deployment failures. This is where ArgoCD comes in—a GitOps-based continuous delivery tool designed to streamline Kubernetes application management.

But is ArgoCD the right tool for every SRE team? Let’s explore its benefits, limitations, and whether it aligns with the principles of scalability, observability, and automation in modern cloud-native environments.

Optimizing Kubernetes Autoscaling with Karpenter

Sat, 01 Mar 2025 00:00:00 +0000

Autoscaling is a fundamental feature of Kubernetes, ensuring that workloads receive the required compute resources dynamically. Traditionally, Kubernetes provides Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA) to scale applications based on CPU and memory metrics. However, these solutions often lead to additional resource consumption, necessitating a robust cluster autoscaler to manage node provisioning.

Cluster Autoscaler (CA) solutions are widely used across cloud providers like AWS, Azure, and GCP. However, they come with significant drawbacks, including slow provisioning times (up to 10 minutes) and rigid instance type management. Karpenter is an open-source autoscaler designed to overcome these limitations by dynamically provisioning nodes and optimizing cluster efficiency in real time.

Mastering Kubernetes Customization with Operator SDK

Mon, 06 Jan 2025 00:00:00 +0000

Kubernetes revolutionizes how applications are deployed and scaled, but managing complex workloads often demands domain-specific automation. This is where Operators shine. Operators encapsulate operational knowledge into Kubernetes-native applications, automating lifecycle management tasks such as scaling, recovery, and upgrades. Operator SDK provides a structured and efficient way to develop these Operators, enabling teams to manage complex applications seamlessly.

In this post, we’ll explore the capabilities of Operator SDK, best practices for building Operators, and a practical example: the pod-restart-notifier-operator, designed to monitor pod restarts in a cluster.

Unlocking Kubernetes Configuration Efficiency with KCL

Sun, 29 Dec 2024 00:00:00 +0000

Managing Kubernetes configurations at scale often involves repetitive YAML templates, patch overlays, and external scripts for dynamic behavior. As clusters grow and requirements evolve, maintaining these configurations becomes increasingly error-prone and time-consuming.

For SREs, whose primary focus is ensuring reliability, consistency, and efficiency, tools that reduce complexity are vital. Enter KCL, the Kubernetes Configuration Language, a revolutionary approach to configuration management that brings abstraction, automation, and validation into your workflows.

Mastering Kubernetes Backups with Velero.

Thu, 19 Dec 2024 00:00:00 +0000

Kubernetes is designed for high availability and fault tolerance, but even the most resilient systems can encounter failures. Velero, an open-source tool, simplifies Kubernetes backup and disaster recovery, making it an essential addition to your cluster’s resilience strategy. This post explores how Velero enables reliable backup and recovery for Kubernetes clusters, helping SREs ensure resilience and data protection.

Why Backups Are Essential for Kubernetes

While Kubernetes offers robustness, unexpected events like hardware failures, misconfigurations, or human errors can lead to data loss or downtime. Backups ensure you can recover the cluster’s state, minimizing disruption and maintaining service availability. Regularly practicing disaster recovery also helps identify gaps in your strategy.

Secure and Simplify Kubernetes Secrets Management with External Secrets

Sun, 10 Nov 2024 00:00:00 +0000

In the world of Kubernetes, managing secrets securely is vital. Kubernetes secrets are essential for storing sensitive data like database credentials, API keys, and certificates. However, handling these secrets directly within Kubernetes presents challenges around security, accessibility, and synchronization. This is where the External Secrets Operator (ESO) comes into play. By integrating with external secret management systems, ESO allows Kubernetes to securely access and update secrets automatically, providing both security and efficiency.

Deep Dive into Distributed Tracing with Grafana Tempo

Sun, 03 Nov 2024 00:00:00 +0000

If you’re aiming to strengthen your observability strategy with distributed tracing, Grafana Tempo might be your answer. As an SRE, incorporating Tempo into observability stacks has been invaluable, especially within Kubernetes and microservices environments. Tempo’s unique, cost-effective approach to tracing simplifies setup, leverages object storage, and provides seamless integration with the Grafana ecosystem. Let’s explore how Tempo works, its architecture, use cases, and the setup steps you’ll need to deploy it effectively.

Grafana Loki - A Deep Dive into Cost-Effective Log Management

Mon, 28 Oct 2024 00:00:00 +0000

If you’re looking for a scalable, flexible, and efficient solution for log management, look no further than Grafana Loki. In my experience as an SRE, integrating Loki into modern observability stacks, especially within Kubernetes and multi-cloud environments, has proven transformative. Unlike traditional log management systems that require predefined schemas and indexing of log content, Loki takes a unique approach to handle logs, making it both easy to use and cost-effective. Let’s dive into how Loki works, its architecture, deployment modes, and why it might be the perfect fit for your needs.

Boost Your Terminal Workflow with Zellij - The Next-Gen Terminal Workspace

Thu, 10 Oct 2024 00:00:00 +0000

In the world of terminal workspaces and multiplexers, one tool stands out for its simplicity, power, and ease of use—Zellij. As an SRE constantly juggling multiple terminal windows for monitoring, debugging, and development, I was looking for a way to streamline my workflow. Enter Zellij—a game-changer that simplifies my daily tasks, boosts productivity, and has now become my go-to terminal companion. In this post, I’ll share my experience and show you how Zellij can transform the way you work with terminal sessions.

Understanding WebAssembly (Wasm)

Sat, 06 Jul 2024 00:00:00 +0000

What is WebAssembly (Wasm)?

WebAssembly, commonly referred to as Wasm, is a binary instruction format designed for a stack-based virtual machine. It serves as a portable compilation target for various programming languages, enabling their deployment on the web for both client and server applications. Since its official recommendation by W3C in 2019, Wasm has been supported by all major browsers, offering a way to run applications written in languages like C, C++, Rust, Go, Python, and more within the browser environment without requiring additional installations or configurations.

OpenTelemetry, Simplifying Observability for Cloud-Native Environments

Sun, 23 Jun 2024 00:00:00 +0000

In the rapidly changing world of cloud-native applications, mastering performance and behavior monitoring is essential. OpenTelemetry (OTel) emerges as a powerful, open-source framework designed to simplify the collection of telemetry data, including traces, metrics, and logs. This guide introduces the fundamentals of OpenTelemetry, providing a straightforward, practical approach for both beginners and experienced professionals in observability.

What is OpenTelemetry?

OpenTelemetry offers a comprehensive set of tools, APIs, and SDKs that enable developers to effectively instrument, generate, collect, and export telemetry data. OpenTelemetry encompasses:

Welcome to the World of Crossplane, Mastering Multicloud Infrastructure with Kubernetes

Sun, 16 Jun 2024 00:00:00 +0000

Dive into the dynamic capabilities of Crossplane, a groundbreaking Kubernetes extension that is revolutionizing infrastructure management across various cloud platforms. In this series, we’ll decode the intricacies of Crossplane to demonstrate its power and flexibility, catering to both newcomers and experienced SRE professionals.

Understanding Crossplane

Crossplane is a pioneering open-source project hosted by the Cloud Native Computing Foundation (CNCF). It extends Kubernetes to manage a wide range of external, non-Kubernetes resources, effectively transforming any Kubernetes cluster into a robust control plane. With Crossplane, you can seamlessly administer databases, storage, and networking components across multiple providers using a single, unified Kubernetes-style API.

Exploring Nix Shell, A Game-Changer for Ephemeral Environments

Sat, 08 Jun 2024 00:00:00 +0000

In the realm of software development, the quest for efficient and flexible development environments remains paramount. Traditionally, containers have dominated this space, heralded for their ability to create isolated, ephemeral environments for development, testing, and CI/CD pipelines. However, Nix Shell emerges as a compelling alternative, challenging this status quo with its unique approach.

The Traditional Container Paradigm

Containers are virtually omnipresent in today’s software development landscape. They are particularly valued in ephemeral environments—temporary setups created for specific tasks which are discarded after use. This container-based strategy is not just prevalent in local development machines but also extends to complex CI/CD pipelines managed by tools like Jenkins, GitHub Actions, and GitLab CI.

Simplifying Kubernetes Observability with Inspector Gadget.

Fri, 31 May 2024 00:00:00 +0000

In the vast and ever-evolving Kubernetes ecosystem, the abundance of tools for observability can sometimes feel overwhelming. While these tools offer comprehensive insights into metrics, logs, and traces, there’s an undeniable charm in the simplicity of traditional Linux commands like netstat and ps. These commands provide a straightforward view of active connections and processes, respectively. For those of us who have transitioned from managing single servers to orchestrating containers at scale with Kubernetes, there’s a noticeable gap in the simplicity of inspecting what’s happening within our clusters.

K8sGPT - The AI Solution to Streamline Kubernetes Operations?

Sat, 25 May 2024 00:00:00 +0000

In the evolving world of Kubernetes, staying on top of your cluster’s health and security can be daunting, especially with the complexity and scale of modern deployments. As someone deeply embedded in the Kubernetes ecosystem, I’ve always sought an AI solution that could be as present and responsive as I am within the terminal. My quest was to find a tool that would allow me to interact with AI directly from the terminal to scan my Kubernetes cluster, identify potential issues, explain them in simple terms, and either fix these issues or propose solutions. That’s when I discovered K8sGPT.

Understanding Kubernetes Gateway API

Fri, 17 May 2024 00:00:00 +0000

Kubernetes has revolutionized the way we manage containerized applications, but networking within Kubernetes has always been a complex topic. Traditional tools like Ingress controllers and Service Mesh have provided solutions, but the Gateway API is emerging as a more powerful and flexible alternative. In this post, we’ll delve into the Gateway API, compare it with Ingress and Service Mesh, and provide examples to illustrate its capabilities.

Understanding Kubernetes Networking

Before diving into the Gateway API, let’s briefly recap what Kubernetes, Ingress, and Service Mesh are:

Embracing Enhanced Kubernetes Security with Kubescape

Fri, 10 May 2024 00:00:00 +0000

In the rapidly evolving world of Kubernetes, maintaining robust security is paramount. Kubescape, the first CNCF Kubernetes security scanner, stands out as a powerful tool designed to ensure your Kubernetes configurations are secure and compliant. In this post, we delve into the functionalities of Kubescape, examine its pros and cons, and provide a quick demo to showcase its capabilities.

What is Kubescape?

Kubescape is an open-source tool developed by ARMO, designed to scan Kubernetes clusters, Helm charts, and YAML files for security risks and compliance with several frameworks, including those recommended by the NSA and MITRE ATT&CK®. It operates as both a CLI tool and an integrated component within Kubernetes, suitable for use in CI/CD pipelines.

Building Container Images with Buildpacks

Fri, 03 May 2024 00:00:00 +0000

When it comes to containerization, Docker has been the de facto standard for building and deploying container images. However, Buildpacks offer a compelling alternative, simplifying many aspects of the containerization process. In this article, we’ll explore what Buildpacks are, their advantages and disadvantages, and how to use them in practical scenarios. We’ll illustrate this by containerizing a Go application named golang-response-echoer, which acts as a versatile server responding to various HTTP requests.

Unleashing Chaos to Ensure Stability

Fri, 26 Apr 2024 00:00:00 +0000

Imagine a Black Friday where a major e-commerce platform goes down: millions in revenue lost in minutes, frustrated customers, and a tarnished reputation. In today’s digital-first world, such nightmares are real scenarios that businesses strive to avoid. This is where Chaos Engineering comes into play. It is not just about breaking things randomly but about stress-testing systems to ensure they can handle unexpected disruptions. In this blog post, we delve into the essentials of Chaos Engineering and demonstrate how Chaos Mesh, a specialized tool for Kubernetes environments, is instrumental in forging systems that are not just robust but truly resilient.

Unlocking Developer Productivity with Taskfile

Sat, 20 Apr 2024 00:00:00 +0000

In today’s fast-paced software development environment, agility and efficiency are paramount. Developers often find themselves toggling between local and remote workstations, managing a plethora of tasks that could become cumbersome without the right tools. Enter Taskfile, a robust solution that simplifies task management across various environments, making it an indispensable tool for modern developers.

What is Taskfile?

Taskfile is an open-source task runner that uses a simple YAML file to define and execute custom tasks. It’s designed for developers who need a versatile tool to run tasks both locally during development and remotely, triggered by events such as a push to a Git repository. Taskfile offers a clear and declarative format to manage workflows, ensuring that tasks are easy to write, read, and maintain.

Embracing Minimalist Containerization

Sat, 13 Apr 2024 00:00:00 +0000

In the realm of software development, the deployment and management of applications have been transformed by containerization. Containers, fundamentally different from virtual machines, provide a lightweight, efficient, and scalable solution for running multiple applications on the same operating system kernel.

Containers vs. Virtual Machines

Unlike virtual machines, containers do not encapsulate a full operating system; instead, they package only the necessary components required to run the application, sharing the host system’s OS kernel. This shared approach results in reduced overhead and faster startup times compared to VMs which require their own OS instance.

Admission Controller policies

Fri, 05 Apr 2024 00:00:00 +0000

An Admission Controller in Kubernetes (k8s) is a critical component that intercepts requests to the Kubernetes API server before the persistence of the object, but after the request is authenticated and authorized. The Admission Controller makes decisions on whether to admit the request based on specific policies and rules, thereby acting as a gatekeeper that can either allow or block the creation, modification, deletion, or connection to a Kubernetes object based on the configured admission control plugins.

Transforming Operations. The SRE Approach

Tue, 05 Mar 2024 00:00:00 +0000

Site Reliability Engineering

In the words of Carla Geisser (Google SRE), “If a human operator needs to touch your system during normal operations, you have a bug. The definition of normal changes as your systems grow.” This principle underpins the philosophy of Site Reliability Engineering (SRE), a discipline that evolves alongside with technology.

DevOps and SRE: A Unified Front

DevOps integrates software development and operations to enhance agility and ensure system integrity, focusing on rapid innovation and stability. SRE builds on this by operationalizing software reliability, incorporating practical strategies to harmonize development and operations further. It’s about turning DevOps principles into a systematic practice that guarantees reliable, scalable, and efficient systems.

Ephemeral Containers

Mon, 05 Feb 2024 00:00:00 +0000

In Kubernetes environments, particularly for versions 1.25 and beyond, traditional methods of diagnosing issues within containers are becoming outdated. The introduction of ephemeral debug containers offers a modernized, preferable alternative for troubleshooting. This means that the practice of directly executing commands inside a container using kubectl exec is strongly discouraged, to the point where it’s suggested those who use it should face consequences.

Do not do this! ⚠️

Enter inside a container

The use of ephemeral containers is a significant shift in how we approach problem-solving within Kubernetes. By executing a command such as:

Configure Unify Execute

Fri, 05 Jan 2024 00:00:00 +0000

Official web site CUE

In the realm of application and infrastructure management, particularly within environments as dynamic as Kubernetes, the ability to accurately validate, define, and utilize both dynamic and text-based data becomes paramount. Configure Unify Execute (CUE) emerges as a robust solution designed to simplify these processes. By facilitating data validation, schema creation, and ensuring that configurations are in strict alignment with predefined policies, CUE empowers developers and operators alike to maintain consistency and reliability across their deployments.

Pod restart notifier operator CRD.

Mon, 04 Sep 2023 00:00:00 +0000

Prerequisites

Before you start building the pod-restart-notifier operator, make sure you have the following software dependencies installed on your machine:

Install Go
Install Minikube
Install kubectl
Install Docker
Install Helm

In this guide, we walk through the process of creating a Kubernetes operator called pod-restart-notifier. The operator uses Custom Resource Definitions (CRDs) to define custom resources and manages their lifecycle. We leverage kubebuilder to simplify the development of CRDs and custom controllers. Additionally, we demonstrate the testing process for the operator in a Minikube Kubernetes cluster.

Pod restart notifier operator.

Mon, 21 Aug 2023 00:00:00 +0000

Minikube

Start a local Kubernetes cluster.

# Use virtual machines like with the VirtualBox or Hyper-V drivers
minikube start --nodes=3 --memory=2g --cpus=2

# Use Docker as the driver for creating the Kubernetes node VMs (like MAC M1)
minikube start --nodes=3 --driver=docker --memory=2g --cpus=2

Check status of cluster.

minikube status

kubectl get nodes -o wide

Pod Restart Notifier Operator

The purpose of this operator is check the state of all pods every minute and send a notification via a specified channel (e.g., Discord) for every detected restart of a pod.

WebLogic in Kubernetes.

Sat, 20 May 2023 00:00:00 +0000

Deployment of a WebLogic Server in Kubernetes Using the WebLogic Kubernetes Operator.

Prerequisites

Install Docker
Install Minikube
Install Helm
Create account to OCR

Creating local Kubernetes Cluster

To build the Kubernetes cluster locally we will use Docker and minikube.

# Check the Minikube version
minikube version

# Configure the amount of memory and number of CPUs for Minikube.
minikube start --memory 4096 --cpus 2

# Get the status of a Minikube cluster
minikube status

# Check the nodes of Local K8s Cluster.
kubectl get nodes -o wide

# Output
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
minikube Ready control-plane 23s v1.24.1 192.168.49.2 <none> Ubuntu 20.04.4 LTS 5.15.49-linuxkit docker://20.10.17

Useful minikube commands

# Access the Kubernetes Dashboard
minikube dashboard

# Get the IP address of the Minikube VM
minikube ip

# List enabled addons
minikube addons list

# Enable addons
minikube addons enable <addon-name>

# Disable addons
minikube addons disable <addon-name>

Install WebLogic Operator

Establish Helm configuration by indicating the location of the operator’s Helm chart as follows.

AKS with Terraform.

Sun, 07 May 2023 00:00:00 +0000

Azure Kubernetes Service (AKS) with Terraform.

Prerequisites

Create Azure account
Install Azure CLI
Install Terraform
Install kubectl

Creating credentials

Once you’ve established an Azure account and installed az on your machine, it’s necessary to sign in prior to initiating the creation process.

az login

check latency

# List of available regions
az account list-locations --query "[].{Name:name, DisplayName:displayName}" -o table

An authentication prompt should have appeared in your browser. Adhere to the given guidelines. With that completed, we can advance by generating a new resource group. If you’re a novice to Azure, be aware that all components are arranged within resource groups.

EKS with Terraform

Sun, 30 Apr 2023 00:00:00 +0000

Elastic Kubernetes Service (EKS) with Terraform.

Prerequisites

Create AWS account
Install Amazon CLI
Install Terraform
Install kubectl

Creating credentials

Although the objective is to employ Terraform for all infrastructure-related tasks, some AWS-specific items are necessary. Specifically, we need to create an access key ID and a secret access key. To do this, please open the AWS Console. If you’re new to AWS, register for an account otherwise, log in.

Next, navigate to My Security Credentials, where you’ll find various options for generating credentials. Locate and expand the Access keys (access key ID and secret access key) section, then click on the Create New Access Key button. A message will confirm the successful creation of your access key. Make sure not to close this popup by clicking the Close button, as the access key information will be required and is only shown at this time.

whoami

Mon, 01 Jan 0001 00:00:00 +0000

Welcome to my personal blog. A collection of articles focused on Kubernetes, Site Reliability Engineering, and Cloud Computing. Each post is crafted to share insights, best practices, and the latest trends in these dynamic fields.

I am a Principal Site Reliability Engineer currently at Workable. With a rich background spanning over 15+ years in the IT industry, I have contributed significantly to large-scale projects at notable companies including OTE/Cosmote, Dixons, Vodafone and Workable among others.

SREKubeCraft | Nikos Nikolakakis

KServe - Production ML Serving on Kubernetes, from sklearn to LLMs

Dapr - Building a Safe Platform for Citizen Developer Apps on Kubernetes

OAuth2-Proxy - Securing MCP Servers on Kubernetes Before Hackers Find Them First

Knative - The Platform Engineer's Guide to Serverless on Kubernetes

PDB Management Operator - Intelligent Pod Disruption Budget Automation for Kubernetes

Kratix - Building Self-Service Platform Capabilities for Kubernetes

Building a Multi-Tenancy Platform with Capsule and vCluster - Hard vs Soft Isolation

Kubernetes Autoscaling Beyond HPA - Event-Driven KEDA and VPA Resource Optimization

Litmus Chaos - Enterprise-Grade Chaos Engineering for Kubernetes

Why Chaos Engineering Matters for SREs

Cilium Tetragon - Next-Generation Runtime Security for Kubernetes

What is Cilium Tetragon?

Nushell for SREs - Modern Shell Scripting for Internal Tools

DevPod Open-Source Dev Environments as Code for SREs and Platform Engineers

Simplifying Kubernetes Service Mesh - A Deep Dive into Istio Ambient Mesh

Building an Internal Developer Portal with Backstage, AKS, Crossplane, and Argo CD

Introduction

Why ArgoCD Matters for SREs - A GitOps Approach to Kubernetes Deployments

Introduction

Optimizing Kubernetes Autoscaling with Karpenter

Mastering Kubernetes Customization with Operator SDK

Unlocking Kubernetes Configuration Efficiency with KCL

Mastering Kubernetes Backups with Velero.

Why Backups Are Essential for Kubernetes

Secure and Simplify Kubernetes Secrets Management with External Secrets

Deep Dive into Distributed Tracing with Grafana Tempo

Grafana Loki - A Deep Dive into Cost-Effective Log Management

Boost Your Terminal Workflow with Zellij - The Next-Gen Terminal Workspace

Understanding WebAssembly (Wasm)

What is WebAssembly (Wasm)?

OpenTelemetry, Simplifying Observability for Cloud-Native Environments

What is OpenTelemetry?

Welcome to the World of Crossplane, Mastering Multicloud Infrastructure with Kubernetes

Understanding Crossplane

Exploring Nix Shell, A Game-Changer for Ephemeral Environments

The Traditional Container Paradigm

Simplifying Kubernetes Observability with Inspector Gadget.

K8sGPT - The AI Solution to Streamline Kubernetes Operations?

Understanding Kubernetes Gateway API

Understanding Kubernetes Networking

Embracing Enhanced Kubernetes Security with Kubescape

What is Kubescape?

Building Container Images with Buildpacks

Unleashing Chaos to Ensure Stability

Unlocking Developer Productivity with Taskfile

What is Taskfile?

Embracing Minimalist Containerization

Containers vs. Virtual Machines

Admission Controller policies

Transforming Operations. The SRE Approach

DevOps and SRE: A Unified Front

Ephemeral Containers

Do not do this! ⚠️

Enter inside a container

Configure Unify Execute

Pod restart notifier operator CRD.

Prerequisites

Pod restart notifier operator.

Minikube

Pod Restart Notifier Operator

WebLogic in Kubernetes.

Prerequisites

Creating local Kubernetes Cluster

Useful minikube commands

Install WebLogic Operator

AKS with Terraform.

Prerequisites

Creating credentials

EKS with Terraform

Prerequisites

Creating credentials

Archives

whoami