All about clouds, AI and that devops

This list is being updated on regular basis General info https://kubernetesreadme.com/ Comparison API comparison https://kube-api.ninja/ https://learnk8s.io/research https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit#gid=907731238 Hosting kapsule https://www.scaleway.com/en/ free https://cloud.okteto.com/ Secrets External secrets management integration with k8s https://github.com/godaddy/kubernetes-external-secrets Integrate Kubernetes with 1Password https://github.com/1Password/onepassword-operator Kubernetes mutating webhook for secrets-init injection https://github.com/doitintl/kube-secrets-init AWS EKS Secrets store CSI driver https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-configuration-provider-with-kubernetes-secrets-store-csi-driver/ RBAC RBAC practices and tooling https://rbac.dev/ Visualize RBAC https://github.com/team-soteria/rback RBAC Manager is designed to simplify authorization in Kubernetes https://github....

Keep the cloud provider platform secure Least privilege Secure traffic into cluster Run security test in development environments Mirror environments Cluster authentication & authorization Leverage OIDC for k8s authentication RBAC - define roles In cluster network/security/micro segmentation Prevent namespace-to-namespace communication Network policy Policy & Governance k8s admission controllers Read only Non-privileges ports Runtime security & monitoring...

One of the superpowers of containers is their isolated filesystem view — from inside a container it looks like a full Linux distro, often different from the host. Run docker run nginx, and Nginx lands in its familiar Debian userspace no matter what Linux flavor your host runs. But how is that illusion built? In this post, we’ll walk through how to assemble a tiny but realistic container using only stock Linux tools: unshare, mount, and pivot_root....

Martin Fowler published a fascinating report from a February 2026 retreat where senior engineering practitioners from major tech companies gathered to discuss how AI is reshaping software development. It’s dense, so here’s what stood out to me. Where Does the Rigor Go? The biggest question of the retreat: if AI writes the code, where does the engineering discipline move? The answer is — it doesn’t disappear, it migrates: Upstream to specs — Bad specs produce bad code at scale....

If you’re building AI systems in production — or just getting started — these repos are worth bookmarking. LLM Serving & Inference vLLM (66k+ stars) — The industry standard for high-throughput LLM serving. Continuous batching and maximum GPU utilization. If you’re serving LLMs in production, this is probably what you should be using. Ollama (162k+ stars) — The easiest way to run LLMs locally. Great for fast experimentation before you commit to a cloud setup....

SQS is cheap until it isn’t. Real example from the wild: $500k in a weekend — and Amazon reportedly asked the team not to delete everything at once in certain regions, as it could impact the service. The usual culprit isn’t message volume; it’s how often you call ReceiveMessage when the queue is empty. How SQS Billing Works You pay per request (SendMessage, ReceiveMessage, DeleteMessage, etc.), not per message. Standard queue: about $0....

AWS Billing Transfer is a new feature (GA since November 2025) that streamlines billing management across multiple AWS Organizations. It helps companies and channel partners who manage multiple Organizations by enabling centralized billing while keeping security and autonomy decentralized for business units or end customers. Key Challenges Addressed Multiple Organizations – Separate logins for billing and cost management across Organizations increase operational overhead No Central View – Hard to get a single, holistic view of spend across business units or customers Confidential Pricing – Protecting pricing data when billing and security roles are separated (e....

VolSync is a Kubernetes operator that asynchronously replicates persistent volumes between clusters using rsync or rclone. It also supports creating backups of persistent volumes via restic. Key Features: Asynchronous replication between Kubernetes clusters Multiple replication methods: rsync, rclone, restic Disaster recovery and data protection Cross-cluster data migration Backup and restore capabilities Installation: Install VolSync via Helm: helm repo add backube https://backube.github.io/helm-charts/ helm install --create-namespace -n volsync-system volsync backube/volsync Migrating Data into Kubernetes:...

Essential Terraform best practices for organizing and structuring your infrastructure code: 1. Separate Configuration Files Instead of putting all code in main.tf, distribute it across multiple files: main.tf: Calls modules, locals, and data sources to create all resources variables.tf: Contains variable declarations used in main.tf. Place required variables at the top and optional ones at the bottom, separated by a comment line for better readability outputs.tf: Contains outputs from resources created in main....

AWS Control Tower Landing Zone 4.0 introduces a flexible Controls-Only experience, allowing full programmatic setup and customization of multi-account environments. Key Changes: Optional Service Integrations - Choose which integrations to enable: AWS Config AWS CloudTrail Security Roles AWS Backup Dedicated Resources - Better isolation with separate resources per service: Separate S3 buckets for AWS Config and CloudTrail Individual SNS topics for each service Flexible Organization Structure - Removed previous requirements:...