https://muhammadamal.my.id/tags/kubernetes/ Recent content in Kubernetes on Hi, I'm Muhammad Amal Hugo en-us Wed, 20 Aug 2025 09:00:00 +0700 https://muhammadamal.my.id/blog/self-hosted-n8n-on-kubernetes-production-setup/ Wed, 20 Aug 2025 09:00:00 +0700 https://muhammadamal.my.id/blog/self-hosted-n8n-on-kubernetes-production-setup/ Deploy n8n 1.78 on Kubernetes properly, with separate main, webhook, and worker deployments, HPA, ingress, and persistence. https://muhammadamal.my.id/blog/chaos-engineering-with-ai-augmented-hypotheses/ Wed, 21 May 2025 09:00:00 +0700 https://muhammadamal.my.id/blog/chaos-engineering-with-ai-augmented-hypotheses/ AI-proposed chaos hypotheses, human-approved blast radii, and LitmusChaos execution on Kubernetes 1.32 with rollback on SLO breach. https://muhammadamal.my.id/blog/auto-remediation-kubernetes-argo-events-policy/ Wed, 12 Jun 2024 09:00:00 +0700 https://muhammadamal.my.id/blog/auto-remediation-kubernetes-argo-events-policy/ Auto-remediation is high-leverage and high-risk. Argo Events plus Kyverno gives you declarative remediation. Here’s the pattern and the guardrails it needs. https://muhammadamal.my.id/blog/chaos-engineering-kubernetes-litmus-chaos-mesh-2024/ Mon, 10 Jun 2024 09:00:00 +0700 https://muhammadamal.my.id/blog/chaos-engineering-kubernetes-litmus-chaos-mesh-2024/ Litmus and Chaos Mesh have both matured. Here’s how to pick between them, the experiments worth running first, and the safety scaffolding nobody talks about. https://muhammadamal.my.id/blog/shipping-rust-kubernetes-distroless-docker-2024/ Wed, 27 Mar 2024 09:00:00 +0700 https://muhammadamal.my.id/blog/shipping-rust-kubernetes-distroless-docker-2024/ Production guide to shipping Rust to Kubernetes with multi-stage Docker, distroless images, and cross-compilation. https://muhammadamal.my.id/blog/score-workload-spec-platform/ Wed, 24 Jan 2024 09:00:00 +0700 https://muhammadamal.my.id/blog/score-workload-spec-platform/ Score decouples app spec from deploy target. Same workload runs on K8s, ECS, or Nomad. What it actually buys you, where it falls short. https://muhammadamal.my.id/blog/crossplane-vs-terraform-platform-teams/ Mon, 15 Jan 2024 09:00:00 +0700 https://muhammadamal.my.id/blog/crossplane-vs-terraform-platform-teams/ Crossplane v1.14 vs Terraform 1.6 for platform teams. Honest trade-offs, drift handling, where each one belongs in your IDP. https://muhammadamal.my.id/blog/internal-developer-platform-backstage-kubernetes/ Mon, 08 Jan 2024 09:00:00 +0700 https://muhammadamal.my.id/blog/internal-developer-platform-backstage-kubernetes/ Minimum viable IDP on Backstage 1.21 + K8s 1.29. Catalog model, scaffolder, what to ship in 90 days, what to defer. https://muhammadamal.my.id/blog/pod-security-standards-migration/ Thu, 28 Sep 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/pod-security-standards-migration/ Migrating from PodSecurityPolicy to Pod Security Standards on Kubernetes 1.28 — namespace labels, audit-mode rollout, and the workloads guaranteed to break. https://muhammadamal.my.id/blog/opa-gatekeeper-admission-policy/ Thu, 21 Sep 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/opa-gatekeeper-admission-policy/ Practical Gatekeeper 3.13 admission policy patterns — constraint templates, audit mode, mutation, and Rego that is actually maintainable. https://muhammadamal.my.id/blog/falco-runtime-security-kubernetes/ Mon, 18 Sep 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/falco-runtime-security-kubernetes/ Running Falco 0.35 in production Kubernetes with the modern eBPF driver — rule tuning, output routing to Slack and SIEM, and the defaults to switch off. https://muhammadamal.my.id/blog/vault-dynamic-secrets-kubernetes/ Thu, 14 Sep 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/vault-dynamic-secrets-kubernetes/ Running Vault 1.14 dynamic database secrets in Kubernetes 1.28 — injector vs CSI, lease renewal, and the failure modes that bite under load. https://muhammadamal.my.id/blog/cluster-cost-engineering-karpenter-keda/ Tue, 27 Jun 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/cluster-cost-engineering-karpenter-keda/ Cluster autoscaler plus static node groups is the 2019 cost model. Here is how Karpenter and KEDA together turn capacity into a tracked, optimized line item. https://muhammadamal.my.id/blog/backstage-internal-developer-platform-backbone/ Tue, 20 Jun 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/backstage-internal-developer-platform-backbone/ Backstage is glue, not a platform. Here is how to wire it to ArgoCD, GitHub Actions, Kubernetes, and Crossplane so it stops being a wiki and starts being a control plane. https://muhammadamal.my.id/blog/progressive-delivery-argo-rollouts-flagger/ Fri, 16 Jun 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/progressive-delivery-argo-rollouts-flagger/ How to build a progressive delivery pipeline that actually rolls back on its own, using Argo Rollouts or Flagger with Prometheus-driven analysis. https://muhammadamal.my.id/blog/fluxcd-vs-argocd-real-comparison/ Tue, 13 Jun 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/fluxcd-vs-argocd-real-comparison/ ArgoCD wins on UX, Flux wins on composability. Here’s how to actually choose between them in 2023 based on team shape and operational appetite. https://muhammadamal.my.id/blog/kubernetes-1-27-multi-tenancy-patterns/ Fri, 09 Jun 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/kubernetes-1-27-multi-tenancy-patterns/ Namespace-as-tenant works for most internal platforms. Here are the controls that make it safe on Kubernetes 1.27 and the failure modes that still demand cluster separation. https://muhammadamal.my.id/blog/argocd-applicationsets-scale-multi-tenant/ Tue, 06 Jun 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/argocd-applicationsets-scale-multi-tenant/ How to structure ArgoCD ApplicationSets, generators, and AppProjects so one platform team can serve dozens of stream teams without becoming a bottleneck. https://muhammadamal.my.id/blog/platform-engineering-team-topologies-idp/ Fri, 02 Jun 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/platform-engineering-team-topologies-idp/ Platform engineering treats the platform as a product. Here is how Team Topologies, golden paths, and a thin-slice IDP actually change how teams ship. https://muhammadamal.my.id/blog/milvus-self-hosted-production/ Mon, 17 Apr 2023 09:00:00 +0700 https://muhammadamal.my.id/blog/milvus-self-hosted-production/ Practical guide to Milvus 2.2 in production - architecture, Helm install, index selection, and the operational gotchas you’ll hit running it at scale. https://muhammadamal.my.id/blog/docker-compose-vs-kubernetes-local/ Wed, 27 Jul 2022 09:00:00 +0700 https://muhammadamal.my.id/blog/docker-compose-vs-kubernetes-local/ Compose vs k3d/minikube/Kind for local dev. When each wins, parity vs simplicity, hybrid approach. https://muhammadamal.my.id/blog/go-graceful-shutdown-health-checks/ Mon, 24 Jan 2022 09:00:00 +0700 https://muhammadamal.my.id/blog/go-graceful-shutdown-health-checks/ Liveness vs readiness, signal handling, draining in-flight requests. The Go shutdown pattern that plays nice with Kubernetes.