A few words to begin with…#
As the year draws to a close, it is time for the traditional recap of the blog posts and conferences created in 2025.
Two main themes for this year: Kubernetes and security. Two extremely rich and equally fascinating topics.
It was a very intense year for me, with a professional change, leaving the consulting world to join Piguet Galland bank as Cloud and DevSecOps Architect. An ambitious choice that has proven to be absolutely worthwhile.
Many continue to react to publications on Linkedin; thank you all, this provides the motivation to share even more.
Speaking of sharing, opportunities to speak have been frequent, whether through Silicon Chalet or most recently at Konfluence. As is often the case, exchanges were very rich, both in post-talk questions and conversations between enthusiasts.
As always, I intend to continue with both formats: blog and talks, at the same pace as before.
Without further ado, here is the list of blog posts and conferences to discover or rediscover… whilst wishing everyone a happy holiday season!
Blog posts to (re)discover#
Take back control of your logs with Loki#
Observability is an essential pillar for understanding application behaviour, particularly within Kubernetes. Discover how Loki, coupled with the Alloy agent, enables you to aggregate and effectively leverage your logs.
Track your traces with Tempo#
Logs are no longer sufficient? Complete the observability arsenal with distributed traces to track request paths to the millisecond. This blog post introduces Tempo, a Grafana tool, to identify bottlenecks and latencies within microservices.
Looking back at KubeCon 2025 in London#
Returning from London, the highlights of this edition, marked by the ubiquity of AI and the 10th anniversary of the CNCF, are shared. On the agenda: digital sovereignty, certification evolution, and auto-instrumentation with OpenTelemetry. An essential summary to stay up to date with the Cloud Native ecosystem.
IaC Security: OpenTofu vs Terraform#
The IaC war continues, but security always emerges victorious! Discover major new features such as native state encryption introduced by OpenTofu 1.7.0. Whether using Terraform or OpenTofu, learn how to protect secrets and secure infrastructure code.
Transform RSS feeds into Podcasts using AI#
What if technical monitoring could be transformed into audio episodes using local AI? This post reveals how Ollama and LLM models on a Mac are used to automatically generate podcasts from RSS feeds. A fun project combining Python and Artificial Intelligence to optimise time.
CKS, security first! (update)#
The Certified Kubernetes Security Specialist certification remains one of the most demanding in the ecosystem. From cluster hardening and supply chain security to behavioural analysis, everything needed to obtain it is detailed. Mandatory reading for anyone wishing to validate their Kubernetes security expertise.
Gateway API, the new standard for exposing your Kubernetes services#
The Ingress object shows its limits in the face of modern complexity: unreadable annotations, lack of standardisation… Make way for the Gateway API! Discover this new standard that is revolutionising service exposure in Kubernetes by clearly separating responsibilities between Ops and Devs.
Istio Ambient, traffic visibility and encryption#
Securing inter-pod communications is crucial, but the traditional sidecar model can be heavy. Istio Ambient offers a new approach to provide mTLS and observability without injecting additional containers. A major evolution to simplify Service Mesh adoption.
GitLab CI/CD and components: a story of reusability#
No more copy-pasting YAML pipelines between projects! With GitLab CI/CD components, learn to standardise and reuse jobs to industrialise deployment pipelines. Includes a practical case on creating a component catalogue for OpenTofu.
5 shades of Network Policy#
By default in Kubernetes, all Pods can communicate. While the native Network Policy is a good start, it often proves insufficient for advanced needs. Different solutions and implementations for finely segmenting the network are explored.
Meetups and conferences to (re)discover#
Infrastructure as code, best practices and pitfalls to avoid (Silicon Chalet)#
Infrastructure as Code cannot be improvised and must be treated with the same rigour as application code. From repository structure to the integration of tests and linters in CI/CD, pitfalls to avoid are reviewed to maintain a healthy and scalable code base.
The recipe for a successful Landing Zone (Silicon Chalet)#
Building sustainable foundations on the Cloud is the first critical step for any company. The recipe for a successful Landing Zone is delivered: organisation, identity management, network, and security. Essential ingredients to ensure a successful start in the Cloud.
Secure all the things: From IaC to Kubernetes#
Security must be omnipresent in all DevSecOps initiatives. This presentation traces all layers of the journey towards Cloud Native at Piguet Galland.
