DevOps Q&A: Helm Charts, Cilium Service Mesh, AI Tooling, and GitOps Promotion

Описание: In this AMA livestream, Viktor and Scott tackle a wide range of questions from the community covering platform engineering, Kubernetes tooling, and the evolving AI landscape. The conversation kicks off with thoughts on Claude's anti-ad campaign against OpenAI, then dives into practical topics like Helm chart management strategies, upgrading air-gapped environments using tools like the Carvel suite and Helm relocation utilities, and the Chainguard fork of Kaniko for container image builds. The duo also debates Cilium versus Istio for service mesh capabilities, noting Cilium's limitations around pod-to-pod mTLS on the same node, and shares their straightforward approaches to note-taking using Markdown files and GitHub issues.

The session gets especially lively around environment promotion strategies, where both hosts advocate for simple YQ-based workflows over complex GitOps promotion tools that unnecessarily tie themselves to specific platforms like Argo CD. They discuss immutable container image promotion with cosign signing, the importance of building Kubernetes controllers using frameworks like Crossplane or Kro before writing custom ones, and trunk-based development versus coordinated multi-repo releases. The conversation wraps up with a deep dive into AI and platform engineering, where Viktor shares his work on data chunking for RAG embeddings, and both hosts emphasize that MCP servers and skills will become the primary interfaces for developer platforms—predicting that tools like Cline and Cursor will replace browser-based portals as the way developers interact with their platforms.

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬
00:00 Intro (skip to first question)
08:48 Thoughts on Claude's stance against ads in AI
12:31 Using Copier project for org base Helm charts
14:22 Strategies for upgrading air-gapped environments
18:19 Chainguard forking Ingress NGINX - thoughts?
20:24 Good replacement for Kaniko after Google retirement?
22:14 Migrating from Istio sidecar to Cilium for CNI/service mesh
24:54 Opinion on Obsidian and note-taking for platform engineers
28:04 Promotion strategies for immutable container images across registries
31:39 Recommendation: try Ko for daemonless builds
32:34 Developer pathway with right balance of abstraction
34:38 Managing environment promotion with Argo CD and GitOps
38:40 Where to draw the line exposing cluster config to users
41:24 Using HTTPS for pod-to-pod communication inside cluster
43:16 Controllers as boundaries - when to build your own
49:19 Release strategy for multiple repos defining a stack
51:26 One-person platform team supporting 250 devs - too early for Backstage?
58:08 Is it hard being a contrarian about popular tools?
1:03:44 HTTPS for pod-to-pod: manage own CA for local DNS?
1:04:19 AI toolkit for platform engineering - where to start
1:10:24 Running Terraform from GitHub Actions with least privilege on AWS