Alaa Qutaish's Picture

Hey, I’m Alaa, I build awesome Cloud Native platforms & teams.

Hey, I am Alaa, I studied Computer Science at University of Greenwich & have 12+ years of experince in SRE, Cloud Systems & Distributed Systems. I Worked at EU Startups, Telecom Data Centers, German Automotive & Gaming industries. Available for Hands-on Consulting, Training & Team Building.

How to enable Kubernetes container Runtime Default seccomp profile for all workloads

Seccomp (Secure Computing) is a feature in the Linux kernel that allows a userspace program to create syscall filters. In the context of containers, these syscall filters are collated into seccomp profiles that can be used to restrict which syscalls and arguments are permitted. Applying seccomp profiles to containers reduces the chance that a Linux kernel vulnerability will be exploited.

Root cause of failure, root cause of success

Everyone likes the idea of a single root cause when a problem occurs. This post compares that to how we think about successes, to make the point about the fragility of looking for a singular root cause

The Hidden Dangers of Terminating K8S Namespaces

Controllers are one of the foundational components of Kubernetes whose job is to constantly monitor (through a control loop) the defined API resources in order to bring the cluster to the desired state. Each controller has a designed purpose that manages the entire lifecycle of a particular component. An important concept to remember with any cloud native technology is that availability is not guaranteed. If a controller was designed to take action when a resource was deleted and the controller was unavailable at that point in time, the intended action would not occur and state would no longer be in sync.

How to Serve 200K Samples per second with Prometheus

I will explain how to build a monitoring system that can retain data for long periods, which can handle up to 200K samples per second. The important point is that all of these processes are realized on one centralized Prometheus and Thanos server.

A multi-cluster shared services architecture with EKS using Cilium ClusterMesh

ClusterMesh is Cilium’s multi-cluster implementation that is built on top of Cilium CNI. It enables users to set up cross-cluster connectivity with standard Kubernetes semantics for transparent service discovery. Each cluster in the mesh participates as a peer. Cross-cluster traffic is handled by individual nodes rather than using a central gateway.