lucavallin.com
ENIT
~10,000 readers a month · the main event

The blog

Long-form notes on platform engineering, cloud-native infrastructure, the Linux kernel and the messy reality of running AI workloads. Written in the open, occasionally opinionated.

archive

More writing

Containers Are Not Automatically Secure
10 March 2026 · 21 min read

Containers Are Not Automatically Secure

Containers changed how we package and ship software, but they did not rewrite the basic security rules. Trust boundaries, privilege, and attack surface are all still there. That was probably the main thing I learned while digging into container security, partly from Liz Rice's Container Security and partly from spending time with the Linux pieces underneath.

linuxcontainerssecurity
Kubernetes Networking from Packets to Pods
1 July 2025 · 17 min read

Kubernetes Networking from Packets to Pods

Kubernetes networking doesn't have to be a black box. This guide breaks it down, starting from the fundamentals of Linux networking and container isolation. We then dive into the complete Kubernetes model, explaining everything from Pod IPs and CNI plugins to Services, NetworkPolicy, and Ingress, providing a clear end-to-end map of how connectivity works in your cluster.

kubernetesnetworkingcontainerslinux
I'm on the KubeFM Podcast Talking About "Linux Containers From Scratch"
24 January 2024 · 1 min read

I'm on the KubeFM Podcast Talking About "Linux Containers From Scratch"

KubeFM recently invited me to talk about my project "barco: Linux Containers From Scratch in C". In this episode, I talk about why Linux containers don't exist, how to use cgroups and namespaces to isolate a process, how to secure the container with seccomp and capabilities, and how to make the right syscall from C to build your own container engine. Thank you, KubeFM, for having me!

podcastcontainerslinuxcloud-nativecncfkubernetes
barco: Linux Containers From Scratch in C.
17 September 2023 · 10 min read

barco: Linux Containers From Scratch in C.

A straightforward C implementation of a container runtime, built from the ground up to explore containers and the Linux Kernel.

clinuxcontainerscncf
Club Cloud Stories #2 - News from Around the Cloud
23 November 2021 · 1 min read

Club Cloud Stories #2 - News from Around the Cloud

The latest news from around the cloud: Club Cloud Stories #2 is here! Luca Cavallin & Jacco Kulman – joined by special guest Antoni Tzavelas (Google Cloud Course Creator and DevOps enthusiast) – are going to discuss: "CloudFormation: Quick Retry", "Google Cloud IoT Core 101", "Step Functions: Power Up", "What is GitOps?", "Inspect Traffic Between Subnets in a VPC", "Rust on CloudFlare Workers".

cloudclub-cloudcontainerspodcast
Club Cloud Stories #1 - The First Episode with Antoni Tzavelas & Mark van Holsteijn
19 October 2021 · 1 min read

Club Cloud Stories #1 - The First Episode with Antoni Tzavelas & Mark van Holsteijn

In this first episode of Club Cloud Stories, hosts Luca Cavallin and Jacco Kulman welcome two guests: Antoni Tsavelas and Mark van Holsteijn. They discuss the latest cloud developments as well as a special reaper package to stop containers from running.

cloudclub-cloudcontainerspodcast