Using Pixie, developers can view the high-level state of their cluster (service maps, cluster resources, application traffic) and also drill down into more detailed views (pod state, flame graphs) without having to modify or redeploy their code.
In this episode of 🌩️ Thunder, Michelle Nguyen, Pixie maintainer, explains how Pixie provides instant Kubernetes observability, and the internals of how it works.
We cover how Pixie uses eBPF to collect telemetry without code instrumentation, what it captures (protocol tracing, resource metrics, application CPU profiles), how data stays in-cluster for privacy, and when to use Pixie alongside OpenTelemetry and Prometheus.
In this episode of 🌩️ Thunder, Joaquim Rocha, Headlamp maintainer at Microsoft, explains how Headlamp gives teams a Kubernetes UI that’s generic enough for most users and extensible enough to build entirely custom experiences on top of.
We cover the difference between generic and application-focused Kubernetes UIs, how Headlamp’s front-end plugin system works, how the UI adapts to what you can actually do based on your RBAC permissions, and how plugin discovery works through Artifact Hub.
Surveys have shown that less than 2% of people one or two layers around you as a leader understand what the priorities are.
Julia Hoggett, the London Stock Exchange CEO, says she spends a third of her time constantly creating this clarity. When people feel responsible for an outcome, magic can happen.
Jana Werner wrote The Octopus Organization after interviewing 70 executives.
KubeCon Europe: KubeHound: Identifying Attack Paths in Kubernetes Clusters at Scale
Coming soon! Join me and my illustrious guest Lin Sun (Head of Open Source at Solo.io, CNCF TOC member, and Kagent co-creator) for an ⚡️ Enlightning livestream about kagent! I can’t wait!
In this episode of 🌩️ Thunder, Raghd Hamzeh, OpenFGA maintainer at Auth0, explains relationship-based authorization. When Whitney shares a document with Raghd, you tell OpenFGA “Raghd is now an editor of this document.” Later, when Raghd tries to access it, OpenFGA already knows . There are no database calls, and there is no runtime logic.
We cover how OpenFGA differs from RBAC and attribute-based systems, why sharing becomes trivially easy, how immutable authorization models let you test changes against production data safely, and what auditability looks like when permissions live outside your application code.
