Platform Engineering

Kubernetes networking is notoriously complex. CNI plugins, kube-proxy, iptables chains, service meshes — layers upon layers of abstraction that eventually break in ways nobody understands. Cilium changes this. It uses eBPF to move networking logic into the Linux kernel, bypassing iptables entirely. The result: better performance, more visibility, and network policies that actually make sense. This is what I run in my clusters. Let me show you why. What is eBPF? eBPF (extended Berkeley Packet Filter) lets you run sandboxed programs in the Linux kernel without changing kernel source code or loading kernel modules. ...

I’ve written about Talos Linux as the immutable Kubernetes OS, and I’ve compared Arch vs NixOS for workstations. But there’s a question I get asked often: what about NixOS for Kubernetes nodes? Both NixOS and Talos are declarative. Both can be immutable. Both version their configuration. So why would you choose one over the other for running Kubernetes? I’ve run both in production. Here’s what I’ve learned. The Philosophical Difference Before diving into specifics, understand the core difference: ...

The first time I tried to SSH into a Talos node, I got nothing. No shell, no connection, no familiar Linux prompt. My immediate reaction was confusion, then mild panic. How am I supposed to debug this thing? That was three years ago. Today, I can’t imagine running Kubernetes on anything else. What is Talos Linux? Talos Linux is a Linux distribution designed specifically for Kubernetes. But calling it a “Linux distribution” undersells how different it is. Talos strips away everything that makes a traditional Linux system… traditional. ...

“So what’s the difference between a container and a virtual machine?” I get this question a lot. And the answer usually involves terms like “hypervisor,” “kernel sharing,” and “hardware abstraction” — which just creates more questions. But there’s actually a deeper question lurking here: what’s the difference between simulation, emulation, virtualization, and containerization? These four concepts are often confused, but they’re fundamentally different approaches to solving the same problem: running something in an environment it wasn’t originally designed for. ...

“We want to migrate to Kubernetes by November.” It was September. The client was an e-commerce company. Their biggest sales event of the year — Black Friday — was in late November. I said no. They asked if I knew someone who might take it on anyway. I did. A fellow platform engineer — someone I respect, highly capable. I made the introduction, but warned him about the timeline. He took the engagement, documented the same concerns I had, got them signed off. The client proceeded anyway. ...