105 articles
A complete guide to securing Kubernetes clusters in 2026. From supply chain security through eBPF runtime protection...
Key Vault for secrets, keys, certificates. RBAC, Managed Identity and rotation.
How to divide a network into security zones. VLANs, subnets, microsegmentation.
Hybrid architecture, Azure Arc, AWS Outposts, Anthos and networking.
Custom controllers for automating application lifecycle in Kubernetes.
Kubernetes package manager. Creating, configuring and deploying Helm charts.
Comparison of AWS CloudFormation and Terraform. When to use which.
GitOps deployment with ArgoCD. Automatic synchronization of K8s clusters with Git repositories.
Multi-cloud architecture, vendor lock-in, abstraction layers, and real trade-offs.
Running stateful applications on Kubernetes. Databases, message brokers, storage classes and data persistence.
Service auto-discovery, Docker/K8s integration, Let's Encrypt.
How to isolate pods in Kubernetes. Ingress, egress rules.
Azure Kubernetes Service. Node pools, Azure CNI, Workload Identity and monitoring.
GitOps with Flux. Automatic synchronization, image automation and Helm releases.
Build, test, scan, push, deploy. GitHub Actions + ArgoCD.
DR strategies, RTO/RPO, multi-region setup and testing.
Complete monitoring for Kubernetes. Prometheus, Grafana, alerting.
GKE Autopilot vs Standard, Workload Identity, Config Connector and Gateway API.
Complete introduction to Docker. Containers, images, volumes, and first deployment.
Pod Security Standards, network policies, image scanning a RBAC.
Serverless containers on Google Cloud Run. Deploy, autoscaling and configuration.
Podman — daemonless, rootless alternative to Docker.
Crossplane compositions, claims, XRDs and GitOps workflow.
StatefulSets for stateful applications in Kubernetes. Ordered deployment, stable network identity.
Optimizing Docker images with multi-stage builds. Smaller images, more secure production.
Role-Based Access Control v Kubernetes. Roles, ClusterRoles, bindings a service accounts.
CloudFront distributions, cache policies, Lambda@Edge, CloudFront Functions and origin failover.
Kaniko enables building Docker images in Kubernetes without Docker daemon. Secure CI/CD in containers.
Multi-cloud serverless deployment. Lambda, Azure Functions, Cloud Functions with a single tool.
Tenant isolation in Kubernetes. Namespace isolation, Network Policies, OPA Gatekeeper and virtual clusters.
ClusterIP, NodePort, LoadBalancer and the Kubernetes networking model.
RollingUpdate, Recreate, Blue-Green a Canary v Kubernetes.
Serverless pros and cons — Lambda, Functions, when to use and when not.
Kustomize pro overlay-based Kubernetes konfigurace. Base, overlays a patches.
Mac vs Linux for developers — hardware, software, terminal, ecosystem.
How to debug problems in Kubernetes. Kubectl commands, events, logs and ephemeral containers.
Service Bus queues, topics, sessions, dead-letter queue and transactions.
Istio architektura, traffic management, mTLS a observabilita.
Proper CPU and memory configuration for pods. Requests, limits, QoS and OOMKill.
Native terraform test, Terratest, OPA policy-as-code and plan validation.
Flux CD v2: multi-tenancy, Helm releases, image automation and notifications.
Secure K8s cluster. RBAC, network policies, pod security, secrets.
CloudWatch metrics, logs, alarms, Logs Insights and Synthetics.
K8s vs Swarm — complexity, features, ecosystem, and when to use which.
Network firewall in Kubernetes. Ingress and egress rules, namespace isolation.
Performance, features, complexity and when to choose which mesh.
Managed vector DB — setup and RAG integration.
Front Door routing, WAF policies, caching and Private Link origins.
Comparison of IaC tools: language, state, ecosystem and when to choose which.
Event Grid topics, subscriptions, filtering, dead-lettering and CloudEvents.
Validating and Mutating admission webhooks. Policy enforcement, auto-injection, and security in K8s clusters.
Kubernetes networking model. CNI plugins, Service types, Ingress controllers and DNS.
Fan-out, Step Functions orchestration, CQRS and event sourcing on serverless.
Dockerfile optimization for smaller images, faster builds and security.
Kubernetes troubleshooting flowchart — Pod not starting, CrashLoopBackOff, networking.
Kubernetes cost optimization. Right-sizing, spot instances, resource quotas and cost visibility tools.
Right-sizing, reserved capacity, spot instances, tagging and governance.
Service mesh for microservice architectures. Istio vs Linkerd, mTLS, traffic management and observability.
Consul service discovery, Connect proxy, intentions and multi-datacenter.
S3 lifecycle policies, replication, event notifications, Object Lock and access policies.
How to encrypt data on disk. AES-256, LUKS, cloud KMS, database encryption.
Routing, aggregation, authentication, rate limiting.
Pub/Sub topics, subscriptions, exactly-once delivery and BigQuery export.
Apache Pulsar separates compute from storage. Multi-tenancy, tiered storage and Pulsar Functions.
Infrastructure as Code in TypeScript, Python or Go. An alternative to Terraform.
GitOps on Kubernetes — ArgoCD with UI vs FluxCD native in K8s.
Fault injection, circuit breaking, request mirroring and header-based routing.
How to properly manage secrets in K8s. External Secrets, Sealed Secrets, Vault.
The most commonly used kubectl commands for everyday work with Kubernetes.
Cloud Functions 2nd gen, Eventarc triggers, concurrency and secrets.
Firestore data model, real-time listeners, security rules and offline support.
CDK constructs L1/L2/L3, stacks, aspects and testing.
Remote state, locking, moved blocks, import and CI/CD pipeline.
IAM policies, roles, STS, permission boundaries and least privilege best practices.
Managing Terraform state in team. Remote backend, locking, state operations.
Developing a Kubernetes operator with the Operator SDK. Reconciliation loop, finalizers and status management.
Checklist for production Kubernetes cluster — networking, security, monitoring.
Docker image management. ECR, ACR, GCR, Harbor.
Infrastructure as Kubernetes resources. Crossplane compositions and claims.
Infrastructure as Code with Terraform. Providers, resources, state, and first deployment.
Automatic DNS record synchronization from Kubernetes Services and Ingress.
Logic Apps designer, connectors, Standard vs Consumption and error handling.
Reusable Terraform modules. Structure, registry and best practices.
Static hosting with S3 and CDN distribution via CloudFront.
Terraform from the basics — providers, resources, state, modules, best practices.
BigQuery architecture, partitioning, clustering, ML and cost control.
IaC best practices. Terraform modules, state management, testing and drift detection.
Serverless functions on AWS. Triggers, cold start, layers, and best practices.
Backup and recovery strategies for Kubernetes clusters. Velero, etcd backup, PV snapshots and DR plans.
Backup checklist — 3-2-1 rule, testing, retention, encryption.
GitOps principles, ArgoCD, ApplicationSets, and progressive delivery.
VPC design, subnets, NAT Gateway, Transit Gateway, and security groups.
Drift detection, terraform plan -refresh-only, prevention and remediation.
Kubernetes Event-driven Autoscaler. Scaling based on queues, metrics, and external sources — down to zero.
Comparison of the three major cloud providers — services, pricing, and ecosystem.
Automatic CPU and memory configuration for containers. Recommendations and auto-update.
Elastic Kubernetes Service. Cluster setup, node groups, Fargate profiles, IRSA and add-ons.
HTTP routing v Kubernetes. Nginx Ingress, Traefik, TLS terminace a path-based routing.
Encrypted secrets for GitOps. Safely storing secrets in Git repositories.
Extending the Kubernetes API with custom resource types. CRD definitions, validation, versioning and best practices.
Helm charts in GitOps workflow. Chart design, values management, dependency management and automated upgrades.
Serverless on Azure. HTTP triggers, bindings, Durable Functions.
Pod lifecycle in Kubernetes. Phases, init containers, probes, and graceful shutdown.
Docker vs Podman — daemon, rootless, ecosystem, and migration.
Elastic Container Service. Task definitions, services, Fargate vs EC2, service discovery.