Intermediate

You’ve got Prometheus for metrics. You can see what’s happening across your clusters. But when something breaks, metrics tell you that something is wrong — logs tell you why. The traditional answer is Elasticsearch. It’s powerful, flexible, and… expensive. It indexes everything, which means you pay for every byte of log data in CPU, memory, and storage. Loki takes a different approach: index labels, not content. It’s the same philosophy that makes Prometheus efficient for metrics, applied to logs. ...

People often think you need VMware, Hyper-V, or at minimum Proxmox to run a “real” hypervisor. Something with a web UI, enterprise features, the whole package. But here’s the thing: KVM with libvirt can do virtually everything those commercial hypervisors do. Live migration, memory ballooning, CPU pinning, GPU passthrough, SR-IOV, nested virtualization — it’s all there. The Linux kernel has been a production-grade hypervisor for over a decade. I run NixOS as my hypervisor. No Proxmox, no web UI, just declarative Nix configs and virsh. Let me show you what’s possible. ...

I’ve run both Arch and NixOS as my daily driver workstation. Not in VMs, not as a weekend experiment — as my actual work machine where I do professional DevOps/platform engineering work, and as my personal machine where I do everything else. Both are excellent. Both have serious trade-offs. And the “best” choice depends heavily on your life situation and how much time you have for system maintenance. Here’s the thing: I have kids now. The days of spending a Saturday afternoon debugging a broken Xorg config are gone. My system needs to work, reliably, every time I open the laptop. But I’ve also learned that Arch’s “instability” is largely a skill issue — with the right practices, Arch can be just as reliable as NixOS. ...

I spend my evenings doing Hack The Box challenges and CTF competitions. Not because I want to become a pentester — I’m happy in platform engineering. But because the skills I learn there make me significantly better at my day job. This isn’t obvious at first. What does pwning a vulnerable web app have to do with running Kubernetes clusters? More than you’d think. Forensics and offensive security train you to think about systems differently. You learn to investigate, to trace, to understand what’s actually happening rather than what should be happening. And that mindset — plus the tooling — is exactly what you need when debugging production issues at 3 AM. ...

I write a lot about Kubernetes. I use it daily. I’m a fan. But Kubernetes isn’t always the answer. In fact, for many teams and projects, Kubernetes is the wrong choice. Too complex, too expensive, too much overhead for what they’re trying to achieve. This is the post I’m writing for everyone considering Kubernetes adoption. Not to discourage you, but to help you make a conscious choice. The Kubernetes hype Kubernetes has won. It’s the de-facto standard for container orchestration. Every cloud provider offers managed Kubernetes. Every DevOps job posting asks for Kubernetes experience. ...