Michael Rödel

Stuttgart’s cloud community is leveling up! ☁️🚀 The next Amazon Web Services (AWS) MeetUp is hitting the Zoi office, and we have a lineup that turns complex infrastructure into a competitive advantage. Here is what’s on the menu: 🛡️ Total Backup Control: AWS Hero Nora Schöner shares her blueprint for centralized backups using Control Tower. Gain the insights needed to keep your multi-account environments resilient and your production data rock-solid, all while maintaining your peace of mind. 📈 Mastering the FinOps Engine: Anna Lena Steinborn and Firas Tayeb show you how to transform raw billing data into pure business value. They’ll dive deep into the CID framework and QuickSight, teaching you how to build a high-performance reporting engine that keeps your stakeholders happy and your cloud margins healthy. The Evening Plan: 🧊 18:00: Cold drinks & warm welcomes 💡 18:15: Deep dives & interactive Q&A 🍕 19:45: Pizza & high-level networking Ready to trade "bill shock" for "business value"? Grab your spot and join us for an evening of smart tech and great company! #AWS #Stuttgart #FinOps #CloudEngineering #AWSUserGroup

26

3 Comments

How CID GmbH drives digital innovation with Kubernetes automation. 🚀 Standardizing infrastructure is the first step toward true scalability. At #CDS25, we spoke with Rouven Loerch, General Manager at CID GmbH, about their cloud-native journey. In this interview, Rouven breaks down how CID is using Kubermatic Kubernetes Platform (KKP) to: ✅Modernize Infrastructure: Moving from legacy setups to agile, cloud-native systems. ✅ Standardize Operations: Managing multiple environments with a unified approach. ✅ Accelerate Delivery: Freeing up teams to focus on innovation rather than cluster maintenance. ✅Multi-tenancy approach to load balancing, providing seamless scalability, security, and management for distributed applications and teams achieved with KubeLB. If you are a tech leader looking to streamline your cloud strategy, this is a must-watch. 📺 Watch the full interview: https://hubs.li/Q046TzNJ0 #Kubernetes #DigitalTransformation #CloudNative #Leadership #CID #Kubermatic #Automation

29

Not every app needs Kubernetes. At the next AWS Container Meetup in Zürich, Tobias Emil Vonesch (copebit AG) will show how Amazon ECS offers a simpler way to run small or single-purpose applications without giving up scalability or reliability. In his talk, “Small Apps, Big Effect: Fast and Reliable Deployments on AWS ECS,” Tobias explores how teams can deploy containers quickly and operate them efficiently using ECS — a service that’s powerful, lightweight, and easy to manage. It’s a session for developers and engineers who want to move fast, automate with confidence, and keep their architecture focused on outcomes — not overhead. As an AWS Community Builder and DevOps enthusiast, Tobias works at the intersection of engineering and enablement — helping teams turn cloud complexity into clear, repeatable solutions. 📅 18 November 2025 | Zürich 🔗 Register: https://zurl.co/AICNY We’re looking forward to seeing you there — to learn, connect, and build with the Containers on AWS community.

6

1 Comment

𝐓𝐡𝐞 𝐬𝐦𝐚𝐫𝐭𝐞𝐬𝐭 𝐭𝐞𝐚𝐦𝐬 𝐝𝐨𝐧’𝐭 𝐣𝐮𝐬𝐭 𝐮𝐬𝐞 𝐊𝐮𝐛𝐞𝐫𝐧𝐞𝐭𝐞𝐬 𝐭𝐨 𝐫𝐮𝐧 𝐜𝐨𝐧𝐭𝐚𝐢𝐧𝐞𝐫𝐬. They use it to control everything—from clusters to databases. That’s exactly what Thomas Güttler explored at this year’s Chemnitzer Linux-Tage. Everyone knows Kubernetes as the go-to for container orchestration. But what really makes Kubernetes brilliant is how it works—and how its core ideas have reshaped infrastructure. At its heart, Kubernetes is built on two powerful principles: – A declarative API (you describe the desired state) – A reactive system (controllers constantly work to keep reality in sync) That combination makes Kubernetes so much more than a tool for running apps. In his talk, Thomas breaks down: 🔍 What’s actually needed to run Kubernetes (beyond just spinning up a cluster) 🔍 Why the controller pattern is so powerful and flexible 🔍 The shift from Infrastructure-as-Code to Infrastructure-as-Software 🔍 How Kubernetes' own architecture is now being used to manage Kubernetes itself A few years ago, we at Syself started the cluster-api-provider-hetzner (CAPH) open-source project to bring Cluster API support to Hetzner. Not long after, Thomas began contributing to the project. Fast-forward to today, and he’s part of our team, still pushing CAPH forward. It’s a great reminder of how open source doesn’t just build software—it builds teams. The best part of this talk? It shows the bigger picture. Kubernetes started as a tool to manage containers. Now it’s a platform for managing everything—including itself. The same controller pattern that orchestrates your apps is now managing Kubernetes clusters, and even running databases and other critical systems in a self-healing, declarative way. This is the side of Kubernetes I wish more people talked about. Because it’s where the real transformation is happening. The talk is in German 🇩🇪 (sorry, international friends — we have other great talks in English too) ▶️ Watch here: https://lnkd.in/eaa_2gPU

31

5 Comments

Is Terraform the Backbone of Modern Infrastructure as Code? If you work with cloud infrastructure, chances are you’ve come across Terraform. It’s one of the most widely used tools for managing environments. Everything starts with a few simple files: main.tf, variables.tf, provider.tf, outputs.tf, and more. The terraform state file usually stored securely in the cloud keeps track of what’s actually deployed. What really makes Terraform powerful is its cloud-agnostic nature. Whether you’re using AWS, Azure, or GCP, you can manage everything through a single workflow without being tied to one provider. Why It Matters? 1.Consistency Infrastructure is defined as code, no manual setup or “it works on my machine” issues. 2.Version Control All changes are tracked in Git for easy collaboration and rollback. 3.Scalability  Adjust resources or environments in minutes as business needs evolve. 4.Cloud Agnostic  One tool and syntax for multiple clouds. 5.Modularisation Terraform encourages reusable, composable modules meaning teams can define a standard building block (like a VPC, Database, or Kubernetes cluster) once and reuse it across multiple projects. This saves time, reduces duplication, and ensures every environment follows the same best practices something that’s harder to achieve with tools like CloudFormation or ARM templates, where reuse and portability are more limited. What to take? Whether you’re spinning up a new Kubernetes cluster, testing disaster recovery, onboarding a client environment, or rolling out a multi-cloud strategy. Terraform makes it simple, repeatable, and reliable. At the end of the day, whether it’s a small tweak or a full-scale deployment. Terraform just works. Do you agree? #DevOps #Learning #Terraform #Infrastructure #Consistency #VersionControl #Scalability #Resilience #CoderCo #SystemsThinking

12

LFI + AKS = Cluster Compromise? Cloud-managed Kubernetes is often considered "secure by default." However, our latest analysis shows how insecure default settings in Azure Kubernetes Service (AKS), combined with seemingly harmless vulnerabilities, can quickly become a problem.   In our new blog post, we show you step by step: • How a local file inclusion (LFI) can be exploited in an application within a pod • Why automatically mounted service account tokens pose a risk • How they can be used to gain access to the Kubernetes API—in some cases even directly from the internet • How Azure Workload Identities and Managed Identities can further expand the attack vector • And which practical countermeasures (private clusters, RBAC minimization, disabled token mounting) really help   The scenario clearly shows that a small vulnerability in an application can quickly lead to cluster or even Azure tenant impact when combined with cloud defaults.   You can find the complete technical walkthrough here: https://lnkd.in/dpgUptAV #kubernetes #pentest #redteam #aks #identity #azure

6

🚀 Terraform's UPPER Function: Standardizing Resource Naming at Scale The `upper()` function in Terraform transforms strings to uppercase, enabling consistent naming conventions across multi-environment infrastructure deployments where external systems require specific case formatting. ✅ Technical Breakdown: • Syntax: `upper(string)` - converts all cased letters to uppercase • Returns the exact string with only alphabetic characters transformed • Preserves numbers, special characters, and whitespace unchanged • Works seamlessly with other string functions like `format()` and `substr()` • Particularly useful when integrating with APIs that require uppercase identifiers 📌 Real-World Impact: • Ensures consistent resource tagging when integrating with legacy systems requiring uppercase conventions • Simplifies environment differentiation: `upper(var.environment)` creates clear visual distinction • Prevents case-sensitivity issues when passing values to external services or databases • Enables dynamic resource naming that complies with organizational standards automatically 💡Pro Tip: Combine `upper()` with conditional expressions for flexible naming: `tags = { Environment = var.is_production ? upper("prod") : upper(var.env_name) }`. This ensures consistent uppercase formatting regardless of input variations. Learn more about: https://lnkd.in/ePdNermp #Terraform #DevOps #InfrastructureAsCode #CloudEngineering #IaC

3

⚙️ Istio without sidecars? That’s what Ambient Mode is about. If you’re working with Kubernetes and service meshes, you’ve probably seen the discussion around Istio Ambient. But what actually changes in practice? 🔎 In this Istio Ambient Bootcamp at DevOpsCon Berlin, you’ll explore: • How ambient architecture works without sidecars • How to implement mTLS, AuthN & AuthZ in a zero-trust setup 🔐 • How to apply traffic management patterns like Canary or Blue-Green deployments 🧑‍💻 The focus is on hands-on exercises and real Kubernetes scenarios, so you can test and understand how Ambient fits into modern cloud-native architectures. 👉 More details: 📍 Berlin | 🗓️ 18–19.06.26 Speaker: Michael Hofmann https://lnkd.in/dKfQKsN9 #DevOps #Kubernetes #Istio #ServiceMesh #CloudNative #devopscon #berlin #bootcamp #handson

4

Lambda or container? You don’t always have to choose! 🦎 At the beginning of an AWS software development project, some major architectural decisions have to be made. One classic question: does AWS Lambda or Docker/Microservices make more sense? In this blog post, our colleague Gernot Glawe shows how you can use the same code in both environments using Go, Gin, and the Ginadapter. 🔄 Learn more here ► https://lnkd.in/etNc_f9C #AWS #GO #AWSLambda #Docker #Container #Cloud #Gin #Serverless

1

 𝐓𝐞𝐫𝐫𝐚𝐟𝐨𝐫𝐦 𝐨𝐫 𝐎𝐩𝐞𝐧𝐓𝐨𝐟𝐮 𝐢𝐧 2025—𝐖𝐡𝐚𝐭’𝐬 𝐑𝐢𝐠𝐡𝐭 𝐟𝐨𝐫 𝐘𝐨𝐮? Since Terraform moved to a BSL license, the open-source world answered with OpenTofu, backed by the Linux Foundation. Both are great for Infrastructure as Code, but they follow different paths. 🔹 Terraform offers enterprise stability and official support. 🔹 OpenTofu stands for open-source values, community input, and vendor-neutral governance. Whether you're in DevOps, SRE, or cloud, choose what best fits your team’s future. 👇 See the comparison chart below to decide.

75

1 Comment

The topic of Redis licensing is a concern for many customers these days who rely on a memory cache for their solutions, e.g. in ecommerce solutions. Glad that AWS is actively supporting the valkey project and that partners like Skaylink provide a streamlined migration path from Redis to Valkey on AWS. Please take a look into the comprehensive blog article of my colleague Patrick Magyar who has years of experience in managing mission-critical webshops for our managed services customers and is explaining how the migration can work in friction-free way, leveraging a quick script-based assessment. Let us know in case of any questions or support needed! #redis #valkey #aws #migration

2

RBAC Made Simple RBAC (Role-Based Access Control) is how Kubernetes controls who can do what in your cluster. At its core: Subjects: Users, groups, or service accounts Roles: Define what actions are allowed RoleBindings: Define who gets those permissions RBAC helps: Prevent unauthorized access Limit accidental cluster-wide actions Enforce least privilege for users & services Remember to always start with the least privilege and expand only as needed. Have you used RBAC in your cluster? #KubernetesTuesday #K8s #DevSecOps #RBAC #KubernetesSecurity #DevOps

14

🚀 Exploring Dynatrace: More Than Just Another Monitoring Tool! 🧠🔍 💁‍♀️ In the ever-evolving world of DevOps and cloud-native environments, monitoring isn't just about collecting metrics anymore—it's about getting answers. And that’s exactly where Dynatrace stands out. So, what's new here? 🕵 👉 Causal AI-Powered Automation Dynatrace goes beyond traditional observability by using causal AI—not just data, but real-time answers and intelligent automation for DevSecOps. 👉 Unified Observability + Security From infrastructure monitoring to application security, from log analytics to threat detection—Dynatrace brings everything into a single platform that works together, not in silos. 👉 Flawless Digital Experience Monitoring Frontend to backend, get full visibility into every user journey—enabling businesses to fix issues before users feel them. 👉 Built for Modern Cloud Whether it's hybrid cloud, multicloud, or Kubernetes—Dynatrace auto-discovers, instruments, and analyzes everything with minimal setup. 🔧 Use Cases I’m diving into: Infrastructure & Application Observability Log & Business Analytics Application Security & Threat Intelligence Automated Software Delivery 💡 Why Dynatrace? Because in today’s cloud-native era, we don’t just need monitoring—we need answers, context, and actionable intelligence. 🌐 Whether you're a DevOps engineer, SRE, or security analyst—Dynatrace is not just another tool in the stack. It's a platform built to empower. Looking forward to learning more and sharing my hands-on experience soon! 💬 Have you explored Dynatrace yet? Let’s connect and exchange insights. #DevOps #Dynatrace #Observability #CloudNative #Monitoring #DevSecOps #ApplicationSecurity #Automation #SRE #AI

3

DevOps engineers are becoming the most strategic hires in Germany. But not for the reasons many think. It’s no longer just about: • CI/CD pipelines • Kubernetes • Infrastructure as Code The new shift is AI-enabled DevOps. Companies are starting to integrate: ⚙️ AI-assisted monitoring ⚙️ Predictive infrastructure scaling ⚙️ Automated incident response ⚙️ AI-generated code reviews This means the modern DevOps engineer needs to understand: • Cloud platforms • Automation • Observability • AI tooling And here is the challenge: The number of engineers who truly combine DevOps + AI thinking is still extremely small. This makes them one of the most valuable profiles in today's IT market. Hiring managers: Are you already seeing this shift in your DevOps teams? #DevOps #PlatformEngineering #CloudEngineering #AIinTech #Kubernetes #TechHiring #GermanyIT

13

🚀 New Open Source Project: 𝗗𝗼𝗰𝗦𝗺𝗶𝘁𝗵 for Ansible by Red Hat I’m excited to share DocSmith, a new tool we’ve built at foundata GmbH. It is a 𝗱𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗴𝗲𝗻𝗲𝗿𝗮𝘁𝗼𝗿 𝗳𝗼𝗿 𝗔𝗻𝘀𝗶𝗯𝗹𝗲 𝗿𝗼𝗹𝗲𝘀. It uses your role's 𝗮𝗿𝗴𝘂𝗺𝗲𝗻𝘁_𝘀𝗽𝗲𝗰𝘀.𝘆𝗺𝗹 𝗮𝘀 𝘁𝗵𝗲 𝘀𝗶𝗻𝗴𝗹𝗲 𝘀𝗼𝘂𝗿𝗰𝗲 of truth and 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆 generates:  ✅ 𝗡𝗶𝗰𝗲 𝗹𝗼𝗼𝗸𝗶𝗻𝗴 𝘃𝗮𝗿𝗶𝗮𝗯𝗹𝗲 𝗱𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗶𝗻 𝘆𝗼𝘂𝗿 𝗥𝗘𝗔𝗗𝗠𝗘.𝗺𝗱  ✅ 𝗖𝗹𝗲𝗮𝗻 𝗶𝗻𝗹𝗶𝗻𝗲 𝗰𝗼𝗺𝗺𝗲𝗻𝘁 𝗯𝗹𝗼𝗰𝗸𝘀 𝗳𝗼𝗿 𝗱𝗲𝗳𝗮𝘂𝗹𝘁𝘀/𝗺𝗮𝗶𝗻.𝘆𝗺𝗹 (or other role entry-point files). 📦 𝗦𝗼𝘂𝗿𝗰𝗲 𝗖𝗼𝗱𝗲 𝗼𝗻 𝗚𝗶𝘁𝗵𝘂𝗯, including a detailed README: https://lnkd.in/ez5XzZd5 📦 𝗔𝘃𝗮𝗶𝗹𝗮𝗯𝗹𝗲 𝗼𝗻 𝗣𝘆𝗣𝗜: uv tool install ansible-docsmith pip install ansible-docsmith 📌 𝗠𝗼𝗿𝗲 𝗞𝗲𝘆 𝗙𝗲𝗮𝘁𝘂𝗿𝗲𝘀: 🔹𝗕𝘂𝗶𝗹𝘁-𝗶𝗻 𝘃𝗮𝗹𝗶𝗱𝗮𝘁𝗶𝗼𝗻: Verifies that argument specs are complete, correct, and in sync with entry-point defaults/. 🔹𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻‑𝗳𝗿𝗶𝗲𝗻𝗱𝗹𝘆: Works seamlessly in CI/CD pipelines and pre‑commit hooks. 🔹𝗖𝗼𝗺𝗽𝗮𝘁𝗶𝗯𝗹𝗲: DocSmith works with roles in both stand‑alone form and within collections. 🔹--𝗱𝗿𝘆-𝗿𝘂𝗻 𝘄𝗶𝘁𝗵 𝗱𝗶𝗳𝗳 𝘃𝗶𝗲𝘄 💡 𝗪𝗵𝘆 𝗯𝘂𝗶𝗹𝗱 𝘁𝗵𝗶𝘀? Maintaining variable documentation by hand is both time‑consuming and prone to errors. Existing tools like ansible‑doctor or Docsible didn’t fully match my needs – many were created before argument_specs.yml became part of Ansible, resulting in a different focus and workflow, especially validation. 👉 𝗘𝘅𝗮𝗺𝗽𝗹𝗲 𝗿𝗲𝘀𝘂𝗹𝘁𝘀 generated from this argument_specs.yml: https://lnkd.in/exY4w_sP 🔹All descriptions and tables on https://lnkd.in/eRDJVT4P 🔹All inline comment blocks in https://lnkd.in/esarzj7b #Ansible #OpenSource #DevOps #RedHat #Python #foundata

6

🚀 Terraform Concept: create_before_destroy (Simple Office Analogy) resource "aws_instance" "web" { ami = "ami-079b5e5b3971bd10d" instance_type = "t2.micro" availability_zone = "ap-south-1a" tags = { Name = "web-1" } lifecycle { create_before_destroy = true } } 🏢 Office Analogy Imagine an office has one printer used by employees. Now the company wants to replace the printer with a new model. There are two ways to do it: ❌ Old way 🔹Remove the old printer 🔹Install the new printer During this time, employees cannot print anything. ✅ Better way (create_before_destroy) 🔹Install the new printer first 🔹Start using it 🔹Then remove the old printer Employees never face downtime. ⚙️ Terraform works the same way Normally Terraform might: 1️⃣ Destroy the old EC2 instance 2️⃣ Create a new one This can cause temporary downtime. But with: create_before_destroy = true Terraform will: 1️⃣ Create the new EC2 instance first 2️⃣ Switch to the new one 3️⃣ Destroy the old instance 💡 Simple idea 🔹Without create_before_destroy → Destroy old → Create new (downtime) 🔹With create_before_destroy → Create new → Destroy old (no downtime) ✅ Benefits 🔹 Reduces downtime 🔹 Safer infrastructure updates 🔹 Useful for production systems #Terraform #DevOps #AWS #InfrastructureAsCode #DevOps #CloudNative #Containers #AWS #TechExplained #EngineeringCulture #TechLearning #Upskilling #EngineeringCulture #TechCommunity #LearningIsFun #ITJobs #CareerGrowth #AustraliaTech #AustraliaJobs #UKTech #USTech #USAJobs #CanadaTech #CanadaJobs #NewZealandTech Pavan GT  #PlatformEngineering #InfrastructureAutomation #SRE #AIOps #MLOps #TechTips

6

🤔 How do I scale the thing, that scales the other things? (Karlsruhe) Announcing the 1st speaker of the upcoming Cloud Native Karlsruhe meetup (April 28): Tim Ebert introduces sharding for Kubernetes controllers as a groundbreaking solution to scaling one of the fundamental components of Kubernetes. As your clusters scale, traditional controller setups face increasing challenges, leading to slow reconciliation times, impacting application performance and overall cluster stability. In this session, we'll dive deep into the technical details of applying proven sharding mechanism from distributed databases to effectively partition controller workloads. We'll explore the underlying concepts and how to implement sharding in your own Kubernetes controllers. Join us to learn how to overcome the scalability challenges of your Kubernetes controllers and unlock the full potential of your infrastructure. --- 💬 Registration link in comments. Seats are limited.

69

9 Comments