https://www.lucavallin.com/blog/tags/containers Platform Engineer at Xebia, focused on AI platform engineering - the infrastructure behind reliable, observable, scalable AI and cloud-native workloads. I work primarily in Go and Google Cloud, with deep experience in Kubernetes, containers, and end-to-end observability - and a strong interest in networking and lower-level systems work in Rust. My current focus is the platform layer beneath AI: inference serving infrastructure on Kubernetes, AI gateway and MCP connectivity, agentic workload orchestration, and end-to-end observability for GenAI systems. My broader experience is full-stack: strong on backend, with solid frontend and mobile knowledge. I contribute to open source, write on my blog, and pick up the occasional talk, training, or meetup when something interesting comes up. I'm a Google Developer Expert (GDE) and a CNCF Ambassador. For a deeper dive, see my blog. If you're new to open source, check out Verto.sh. For mentorship, I'm on Mentorcruise. Outside of work, activities like photography, motorcycling, playing a handpan and cleaning litterboxes keep me occupied 🐈. en-us Luca Cavallin Luca Cavallin Tue, 10 Mar 2026 00:00:00 GMT https://www.lucavallin.com/blog/containers-are-not-automatically-secure https://www.lucavallin.com/blog/containers-are-not-automatically-secure Containers changed how we package and ship software, but they did not rewrite the basic security rules. Trust boundaries, privilege, and attack surface are all still there. That was probably the main thing I learned while digging into container security, partly from Liz Rice's Container Security and partly from spending time with the Linux pieces underneath. Tue, 10 Mar 2026 00:00:00 GMT Luca Cavallin linuxcontainerssecurity https://www.lucavallin.com/blog/kubernetes-networking-from-packets-to-pods https://www.lucavallin.com/blog/kubernetes-networking-from-packets-to-pods Kubernetes networking doesn't have to be a black box. This guide breaks it down, starting from the fundamentals of Linux networking and container isolation. We then dive into the complete Kubernetes model, explaining everything from Pod IPs and CNI plugins to Services, NetworkPolicy, and Ingress, providing a clear end-to-end map of how connectivity works in your cluster. Tue, 01 Jul 2025 00:00:00 GMT Luca Cavallin kubernetesnetworkingcontainerslinux https://www.lucavallin.com/blog/kubefm-podcast-lucavallin-barco-containers-from-scratch-in-c https://www.lucavallin.com/blog/kubefm-podcast-lucavallin-barco-containers-from-scratch-in-c KubeFM recently invited me to talk about my project "barco: Linux Containers From Scratch in C". In this episode, I talk about why Linux containers don't exist, how to use cgroups and namespaces to isolate a process, how to secure the container with seccomp and capabilities, and how to make the right syscall from C to build your own container engine. Thank you, KubeFM, for having me! Wed, 24 Jan 2024 00:00:00 GMT Luca Cavallin podcastcontainerslinuxcloud-nativecncfkubernetes https://www.lucavallin.com/blog/barco-linux-containers-from-scratch-in-c https://www.lucavallin.com/blog/barco-linux-containers-from-scratch-in-c A straightforward C implementation of a container runtime, built from the ground up to explore containers and the Linux Kernel. Sun, 17 Sep 2023 00:00:00 GMT Luca Cavallin clinuxcontainerscncf https://www.lucavallin.com/blog/club-cloud-stories-news-from-around-the-cloud https://www.lucavallin.com/blog/club-cloud-stories-news-from-around-the-cloud The latest news from around the cloud: Club Cloud Stories #2 is here! Luca Cavallin & Jacco Kulman – joined by special guest Antoni Tzavelas (Google Cloud Course Creator and DevOps enthusiast) – are going to discuss: "CloudFormation: Quick Retry", "Google Cloud IoT Core 101", "Step Functions: Power Up", "What is GitOps?", "Inspect Traffic Between Subnets in a VPC", "Rust on CloudFlare Workers". Tue, 23 Nov 2021 00:00:00 GMT Luca Cavallin cloudclub-cloudcontainerspodcast https://www.lucavallin.com/blog/club-cloud-stories-first-episode-antoni-tzavelas-mark-van-holsteijn https://www.lucavallin.com/blog/club-cloud-stories-first-episode-antoni-tzavelas-mark-van-holsteijn In this first episode of Club Cloud Stories, hosts Luca Cavallin and Jacco Kulman welcome two guests: Antoni Tsavelas and Mark van Holsteijn. They discuss the latest cloud developments as well as a special reaper package to stop containers from running. Tue, 19 Oct 2021 00:00:00 GMT Luca Cavallin cloudclub-cloudcontainerspodcast