What Edu is Reading This Week 🔗Plenty of content this week! Cloud Native & Kubernetes 🔗 Tuning Linux Swap for Kubernetes: A deep-dive article on why and how to correctly configure and tune Linux swap settings when running Kubernetes workloads. Production-Grade Container Deployment with Podman Quadlets: How to deploy and manage containers using Podman and Quadlets, which leverage native systemd unit files for production-ready setups. Security Contexts in Kubernetes: A breakdown of Kubernetes Security Contexts, covering settings like runAsUser, capabilities, and SELinux options to tighten pod security.

What Edu is Reading This Week 🔗Fifth week in a row! Cloud Native & Kubernetes 🔗 Ingress-Nginx Controller Retirement (K8s Blog): Official announcement regarding the planned retirement and deprecation of the classic ingress-nginx controller, signaling the industry shift toward the Gateway API. ingress2gateway: A tool from the Kubernetes SIGs to automatically migrate existing Ingress resources to the newer, more powerful Kubernetes Gateway API. Helm Documentation Overview: The official overview page for Helm 4, the package manager for Kubernetes that announced its 4.

My current workflow to create the weekly reading posts 🔗Here is a breakdown of the simple, automated, and edited workflow I currently follow every week: 1. Capturing and Collecting Links 🔗I use Raindrop.io as a Google Chrome extension and mobile app to save the links I found interesting into a dedicated collection named “00-current”. This collection is configured to be the default saving location for all new bookmarks. 2. Processing (Sunday) 🔗 I export all the bookmarks saved in the “00-current” collection as a .

Another week goes by, another collection of links I found interesting… Infrastructure and Operating Systems 🔗 FreeBSD Officially Supported in OCI Runtime Specification v1.3 - The Open Container Initiative (OCI) Runtime Specification v1.3 officially includes FreeBSD support. This major milestone positions FreeBSD as a first-class platform for cloud-native workloads, leveraging its existing jails technology for container isolation. Incus: Next-Generation Container and VM Manager - Incus is a next-generation system container, application container, and virtual machine manager that provides a user experience similar to a public cloud.

Another week goes by, another collection of links I found interesting… Infrastructure and Platform Engineering 🔗 formae: Infrastructure-as-Code Platform Built for the Future - A 100% code-based, agentic IaC tool that automatically syncs code with the actual infrastructure state without needing state files or manual merging of external changes. Container (Apple Open Source) - A tool from Apple for creating and running Linux containers using secure, lightweight virtual machines on a Mac, optimized for Apple silicon.

Another week goes by! Software & DevOps 🔗 Uber Kraken - A P2P-powered Docker registry developed by Uber, designed for highly scalable and available image distribution. Xpra - Persistent remote applications for X11, MacOS, and MS Windows, known as “screen for X,” allowing disconnection and reconnection to graphical applications. pkgit - An unconventional package manager designed to compile and install packages directly from their git repository. volare - A Kubernetes volume populator project.

What Edu is Reading This Week 🔗People often ask me about the cool stuff I stumble upon during the week. So, I figured, why not share the links that caught my eye? So here we are. This is inspired by some newsletters I read such as Vermandeen’s Valuable News or Kube Today. I’m not 100% sure if I’ll be able to keep a weekly cadence; I really don’t have too much free time lately, but I’ll try!

I wanted to simulate a RedFish BMC to be able to power on/off libvirt virtualmachines and attach ISOs as I do for baremetal hosts. Entering sushy-tools 🔗sushy-tools include a RedFish BMC emulator as sushy-emulator (see the code in the official repo). Basically it can connect to the libvirt socket to perform the required actions exposing a RedFish API. metal3-io/sushy-tools container image 🔗To easily consume it, the metal3 folks already have a container image ready for consumption at quay.

I wanted to have specific permissions on the /var/lib/libvirt/images folder to be able to write as my user. To do it, you can just use setfacl as: $ sudo setfacl -m u:edu:rwx /var/lib/libvirt/images The issue is sometimes those permissions were reset to the default ones… but why? and most important… who? auditd 🔗To find the culprit I used auditd to monitor changes in that particular folder as: $ sudo auditctl -w /var/lib/libvirt/images -p a -k libvirt-images Then, performed a system update just in case… and after a while…

I wanted to configure a VM to act as a router between two networks, providing DHCP and DNS services as well. │ │ │ │ ┌──────┐ │ │ │ │ │ ┌────────────┐ ├───┤ vm01 │ ├─┤ dhcprouter ├──┤ │ │ │ └────────────┘ │ └──────┘ │ │ │ │ ┌──────┐ │ │ │ │ │ ├───┤ vm02 │ │ │ │ │ │ │ └──────┘ │ │ public network private network public network is the regular libvirt network created by default (192.