lucavallinThe blog
Long-form notes on platform engineering, cloud-native infrastructure, the Linux kernel and the messy reality of running AI workloads. Written in the open, occasionally opinionated.
More writing
AI Engineering for Developers
A tour through AI engineering for developers who already know how to ship software. Fourteen chapters, no LinkedIn voice, no slow warm-up. We will go from 'what is a foundation model' to 'how do you run agents in production on Google Cloud' without skipping the parts that matter.
Platform Engineering End-to-End
Platform engineering is more than DevOps with a portal. This post walks the full arc of the discipline end to end: why platforms exist, how to build and operate them, how to manage the messy stakeholder politics, and what success actually looks like. Grounded in Fournier and Nowland's book and a few years of doing this on real systems.
Google Cloud Networking 101: The Comprehensive TLDR
A comprehensive but quick walkthrough of everything you need to know about GCP networking: VPCs, subnets, routing, firewalls, Shared VPC, GKE networking, load balancing, Cloud NAT, hybrid connectivity, VPC Service Controls, DNS, packet inspection, and how to operate all of it. Written for engineers who need a solid mental model in 15 minutes.
Containers Are Not Automatically Secure
Containers changed how we package and ship software, but they did not rewrite the basic security rules. Trust boundaries, privilege, and attack surface are all still there. That was probably the main thing I learned while digging into container security, partly from Liz Rice's Container Security and partly from spending time with the Linux pieces underneath.
A Tour of eBPF in the Linux Kernel: Observability, Security and Networking
eBPF lets you run small, verified programs inside the Linux kernel, enabling fast observability, security, and networking without changing application code. This practical tour explains why eBPF matters now, how programs are compiled, verified, JITed, and attached to events, and how maps and ring-3 buffers move data. You'll leave with simple demos and a clear mental model to start experimenting.
Kubernetes Networking from Packets to Pods
Kubernetes networking doesn't have to be a black box. This guide breaks it down, starting from the fundamentals of Linux networking and container isolation. We then dive into the complete Kubernetes model, explaining everything from Pod IPs and CNI plugins to Services, NetworkPolicy, and Ingress, providing a clear end-to-end map of how connectivity works in your cluster.
An Overview of Network Protocols
I've always been fascinated by how data moves across the world at the speed of light. It's not magic! The internet relies on open standards and precise addressing. I wanted to refresh my knowledge of networking fundamentals and the TCP/IP suite of protocols, so I went through a few resources and later made this post from my notes, covering common protocols (IP, TCP, UDP, DNS, BGP, NAT, DHCP, IPSec) and explaining how everything fits together.
A Quick Journey Into the Linux Kernel
I recently took a deep dive into the Linux kernel to understand how it handles processes, scheduling, memory, and more. While I had some OS knowledge from school, it always felt too abstract - so I wanted to see how things actually work. This post covers what I learned, from system calls to interrupts, and how kernel development differs from userspace.
OpenTelemetry: A Guide to Observability with Go
Modern applications are often complex, distributed systems. Debugging them is not fun: you have to follow requests across services, logs get lost, and metrics are often hard to correlate. It's like looking for a needle in a haystack - except the haystack is on fire, and the needle keeps moving. This is where OpenTelemetry (OTel) can help.
I'm on the Cillers Podcast Talking About Tech and Hackathons
I had a great time on The Cillers Podcast chatting about my journey in tech and hackathons! We talked about organizing hackathons at GitHub, how they foster creativity and collaboration, and their role in inspiring new product ideas. We also touched on boosting development speed with great tools and managing technical debt. Big thanks to the Cillers team for having me!
Yet Another List of Random Opinions on Writing Readable Code and Other Rants
After more than a decade of writing software, I've read lots of opinions on how to write good software. Everyone loves to throw around rules and principles, so I'll do it too.
My post about Istio is now on the Istio blog too!
A few months ago I published a post titled "The Istio Service Mesh for People Who Have Stuff to Do". The post was well-received and it's now available on the Istio.io blog too.
The Istio Service Mesh for People Who Have Stuff to Do
I recently made a contribution to Istio, an open-source service mesh that simplifies managing microservices. In this post, I explain how Istio handles traffic routing, security with mTLS, and observability, making complex systems more resilient and efficient.
Notes I took while reading "Applied Machine Learning and AI for Engineers" and "Introducing MLOps"
I recently read the books "Applied Machine Learning and AI for Engineers" and "Introducing MLOps", and I took some notes to make a quick summary of all the stuff packed into these books. In this post, I'm sharing my takeaways, from the basics of supervised and unsupervised learning to the more complex areas like deep learning and natural language processing, as well as the core ideas behind MLOps.
Things I've Learned About Terraform That I Keep Telling People About
I've been working with Terraform for a while now, and I've noticed that there are a few things that I keep telling people about. I thought it would be helpful to write a blog post about some of the most common questions I get asked and share some of the things I've learned along the way.
Analyzing Unsplash Photo Performance with Python
Photo-taking engineers, understanding how photos perform online can provide valuable insights into audience preferences and engagement. In this post, I'll walk you through a Python script I created to analyze the performance of my photos on Unsplash.
I am a Top Mentor on MentorCruise! 🎉
I am very happy to announce that I have been nominated as a top mentor on MentorCruise! 🎉 A big milestone, reflecting the progress and success of my mentees. Thank you to everyone who has been part of this journey.
CI/CD Observability on GitHub Actions and the Role of OpenTelemetry
CI/CD observability provides insights into the performance and health of CI/CD pipelines, helping teams detect issues early and improve efficiency. A few options are currently available on the GitHub Actions marketplace to integrate OpenTelemetry into CI/CD workflows.
I am a CNCF (Cloud Native Computing Foundation) Ambassador!
I am very happy to announce that I have been selected as a CNCF (Cloud Native Computing Foundation) Ambassador - a long-standing goal of mine!
How to Structure C Projects: These Best Practices Worked for Me
I recently worked on two different C projects, and I wanted to structure them in a way that would make them easy to maintain and understand. I also wanted to make sure that the projects were easy to build and test. In this post, I will share my experience and the best practices I found for structuring C projects.
I'm on the KubeFM Podcast Talking About "Linux Containers From Scratch"
KubeFM recently invited me to talk about my project "barco: Linux Containers From Scratch in C". In this episode, I talk about why Linux containers don't exist, how to use cgroups and namespaces to isolate a process, how to secure the container with seccomp and capabilities, and how to make the right syscall from C to build your own container engine. Thank you, KubeFM, for having me!
I am (again) a Google Developers Expert!
I am pleased to share that I have been renewed again as a GDE. Since 2022, this recognition has highlighted my contributions to cloud native technologies and my dedication to knowledge sharing within the developer community.
How to Configure OIDC with Terraform for GitHub Enterprise Server
OpenID Connect (OIDC) is an authentication protocol that extends OAuth 2.0, providing a solid and standardized method for authentication often involving an ID token in the JWT (JSON Web Token) format. OIDC is the recommended way to authenticate with GitHub Enterprise Server when setting up GitHub Actions. Since the setup can be tricky, I've created a Terraform configuration that makes it easier to get started.
Modern Frontend Development: A Tooling Overview for Engineers Revisiting the Field
In the world of frontend development, several of tools and frameworks are available to build efficient, scalable, and interactive web applications. If you've been away from frontend development for a while, you might find the current landscape quite different from what you remember.
Meet verto.sh: Your Gateway to Open-Source Collaboration.
verto.sh simplifies your entry into the open-source world by curating accessible projects. Ideal for beginners making their first contribution, founders building teams, and maintainers seeking new contributors.
Crafting a Clean, Maintainable, and Understandable Makefile for a C Project.
Discover how a well-planned Makefile can make building C projects easier. By using clear variables, wildcards, automatic variables, and phony targets, see how the Makefile for the gnaro project is easy to understand and use, serving as a simple guide for other developers.
barco: Linux Containers From Scratch in C.
A straightforward C implementation of a container runtime, built from the ground up to explore containers and the Linux Kernel.
How to Create a Release With Multiple Artifacts From a GitHub Actions Workflow Using the Matrix Strategy
Find out how I managed to create a release with executables suitable for different operating systems all within a single workflow run.
How Databases Store and Retrieve Data with B-Trees
Learning about data storage and B-Trees from "Database Internals: A Deep Dive Into How Distributed Data Systems Work" by Alex Petrov (O'Reilly Media).
Concurrency in Go: Goroutines, Channels, Mutexes, and More
A beginner's guide to Golang's tools and methods for creating concurrent programs.
Club Cloud 2021: Cloud Engineering Panel Discussion
Interactive panel discussion about the treats of being a cloud engineer, the developments and a guestimate about what the future holds, with Antoni Tzavelas and Jeroen Reijn.
How to Prepare for the Google Cloud Engineer Associate Certification Exam
Obtaining your first Google Cloud certification can be a challenging experience. In this video I share my best tips to prepare for the "Associate Cloud Engineer" exam and the resources I used to pass the test last December.
What is Google Cloud Deploy?
Simplifying container-based app development on Google Kubernetes Engine (GKE) with Cloud Deploy.
What is GitOps?
GitOps is an operational approach combining DevOps best practices like CI/CD, version control, and teamwork.
Club Cloud Stories #2 - News from Around the Cloud
The latest news from around the cloud: Club Cloud Stories #2 is here! Luca Cavallin & Jacco Kulman – joined by special guest Antoni Tzavelas (Google Cloud Course Creator and DevOps enthusiast) – are going to discuss: "CloudFormation: Quick Retry", "Google Cloud IoT Core 101", "Step Functions: Power Up", "What is GitOps?", "Inspect Traffic Between Subnets in a VPC", "Rust on CloudFlare Workers".
Club Cloud Stories #1 - The First Episode with Antoni Tzavelas & Mark van Holsteijn
In this first episode of Club Cloud Stories, hosts Luca Cavallin and Jacco Kulman welcome two guests: Antoni Tsavelas and Mark van Holsteijn. They discuss the latest cloud developments as well as a special reaper package to stop containers from running.
How to Read Firestore Events with Cloud Functions and Golang
Learn how I used Golang and Cloud Functions to Read Firestore events published to the Cloud by my Raspberry Pi.
Google Cloud Pub/Sub vs NATS: An Easy-to-Understand Comparison
Examining messaging options for scalable, event-based systems: features, advantages, disadvantages, and costs.
How to Deploy a Multi-cluster Service Mesh on GKE with Anthos
A detailed guide on deploying a multi-cluster, multi-region service mesh with Anthos Service Mesh on GKE.
How to Safely Store Secrets in Terraform Using Cloud KMS
Protecting Terraform secrets using Cloud KMS for seamless git commit experience.
Designing Serverless Applications on AWS - Jacco Kulman and Luca Cavallin @ End2End LIVE
Learn how to design serverless applications on the AWS platform from Jacco Kulman and Luca Cavallin. This session was hosted during the End2End Live conference in June 2021.
How to Use Terraform Workspaces to Manage Environment-based Configuration
Find out how to make managing infrastructure in multiple environments easier with Terraform Workspaces, without using regular modules.
How to Deploy ElasticSearch on GKE using Terraform and Helm
Find out how to set up ElasticSearch on Kubernetes utilizing Terraform and Helm charts.
How to Optimize PHP Performance on Google Cloud Run
Discover ways to enhance PHP performance on Google Cloud Run.
How I Prepared for the Google Cloud Associate Cloud Engineer Exam
Learn from my personal experience in preparing and passing the Google Cloud Associate Cloud Engineer exam, making it more accessible for you.