We are immensely grateful to Aerospike, HAProxy Technologies, and TechShack for their generous support and sponsorship.

Overview

Kicking off our evening was Behrad Babaee from Aerospike discussing Predictable Systems in an Unpredictable World(starting at 21:44). His takeaways explained that:

• Average performance and even P99 are misleading; what truly defines your system is its behaviour at the extreme tail when conditions deteriorate.
• The assumptions systems are built upon are almost always quietly eroding.
• Predictability must be treated as a first-class property of a system.

Following this, we had Baptiste Assmann from HAProxy Technologies describing Observability with HAProxy: detecting what is not working and why(starting at 52:23). He mentioned that:

• The load balancer is your best source of truth. Because HAProxy sits between the client and the server, it maintains two distinct connections. This allows it to act as an “observation tower,” providing impartial data on network retransmits, application processing times, and client bandwidth limitations that other components cannot see.
• Timers are critical for root cause analysis. High-level monitoring averages often hide the root cause. By analyzing HAProxy’s internal timers—specifically Queue time (Tq), Connect time (Tc), and Response time (Tr)—you can mathematically determine if latency is caused by a saturated server, a network packet loss, or a slow application query.
• Observability reduces troubleshooting time. Detailed logging and termination codes allow you to move from “users are complaining” to identifying the exact source of the error (e.g., a specific server or a broken switch). While HAProxy may not fix a broken application, it drastically reduces the time required to isolate the issue so the right team can fix it.

And wrapping up our evening was Alam Ahmed exploring eBPF: Revolutionizing Cloud-Native Security(starting at 1:40:47). He described how:

• Traditional security tools are architecturally misaligned with cloud-native systems—they assume static IPs and persistent hosts while containers spin up/down in seconds, creating dangerous blind spots that delay 67% of deployments and miss kernel-level attacks entirely.
• eBPF enables kernel-native security with 10x performance gains—by executing sandboxed programs directly in the Linux kernel with JIT compilation, it eliminates context-switching overhead (<1% CPU impact), requires zero code changes, and provides complete container/Kubernetes context for every event.
• Production-proven tools are available now—the CNCF eBPF ecosystem grew 4.5x to 41+ projects in two years, with graduated projects like Falco (runtime threat detection), Tetragon (kernel-level enforcement), and Cilium (network security) already securing hyperscale infrastructure at Meta, Google, and billions of Android devices.

And of course, our usual group photo!

Cloud Native London April

Our next meetup will be on Wednesday 1st April, when we’ll be joined by speakers from Cloudsmith, Testkube, and Diagrid! RSVP and save the date now!.

Stay safe, stay healthy, and see you in a month!

Cheryl (@oicheryl)

We are immensely grateful to SUSE, Cloudsmith and TechShack for their generous support and sponsorship.

Overview

Kicking off our evening was Jeroen van Erp from SUSE discussing how to Stop Running Mystery Meat in Production(starting at 11:42). He talked about:

• The “Convenience vs. Security” Debt: Why using FROM node:latest or unverified upstream images creates an immediate security deficit that Platform Engineers must eventually pay off.
• Deconstructing the “Black Box”: A look at the hidden risks inside public registries—from critical CVEs and bloated libraries to unauthorized binaries that violate Zero Trust principles.
• Hardening the Pipeline: Practical strategies for moving away from “random” upstream maintainers toward verified, minimal, and auditable base images for a more secure Kubernetes environment.

Following this, we had Prithvi Raj from Mirantis describing Platform Wars: The Battle Between Golden Paths and Spaghetti Pipelines(starting at 44:40). His takeaways explained that:

• Golden paths only work if they stay “paved”: Your internal developer platform succeeds when it reduces cognitive load and friction, not when it becomes another layer of complexity. The moment the golden path turns into a maze of YAML, tickets, and exceptions, Developer Experience suffers.
• Tooling isn’t the villain, tool sprawl without strategy is: OSS and cloud-native tools can accelerate platform engineering, but unmanaged toolchains create fragmented workflows, inconsistent standards, and hidden maintenance costs. The real win is a curated, opinionated stack with clear ownership.
• The real “Darth Vader” is platform democracy without decision-making: The biggest platform failure mode isn’t technical, it’s governance: too many opinions, no alignment, and endless customization. Successful teams balance autonomy with each stakeholder getting priority in the platform space.

And wrapping up our evening was Akshya Prakkash from Urban Care Community exploring Beyond Chatbots: How AI Agents and Humanoids Are Shaping a New Era(starting at 1:36:24). She described how:

• AI agents represent a shift from conversational AI to systems capable of taking actions: Understanding the difference between traditional AI models and AI agents is critical, as agents are designed to execute tasks, coordinate workflows and operate across systems that could make them far more impactful in real-world use cases than chat-based interaction alone.
• The most effective use of AI agents comes from solving real problems, not just showcasing intelligence: In practical environments, AI agents create value by handling structured, repetitive tasks and supporting human decision-making, highlighting the importance of designing AI around real workflows rather than abstract capabilities.
• Humanoid and embodied AI demonstrate how physical AI systems can create meaningful impact in care settings today: A practical glimpse into the development and use of an interactive robotic system shows how embodied AI can support engagement, improve resident experience and complement human care, highlighting the importance of designing technology around real human needs.

And of course, our usual group photo!

Cloud Native London March

Our next meetup will be on Wednesday 4th March, when we’ll be joined by speakers from Aerospike, HAProxy, and Boxxe! RSVP and save the date now!.

Stay safe, stay healthy, and see you in a month!

Cheryl (@oicheryl)

We are immensely grateful to Flagsmith and TechShack for their generous support and sponsorship.

Overview

Kicking off our evening was Kyle Johnson from Flagsmith talking about Feature Flags: A Safety Net in the AI Era(starting at 12:04). He discussed how to:

• Without explicit safety measures, increased reliance on AI-generated code leads to a loss of control over codebases and production behaviour.
• Feature flagging is a great safety net: it allows both AI-generated and traditional code to be deployed to production with no behavioural change, enabling controlled rollouts to internal users or small customer cohorts before wider release.
• AI—despite its imperfections—will fundamentally reshape how software is built and redefine what is possible.

Following this, we had Shubhangi Goyal explaining Context driven AI Agents(starting at 33:33). Her takeaways were about:

• Context engineering, manage memory tools, and tasks for adaptive behaviour
• Prompt engineering into the larger system
• Understanding the use of context engineering

And wrapping up our evening was Mawuko Jeffrey Wilson from BrassicaPay exploring Why Cloud Cost Assessment Must Come Before Cloud-Native Build(starting at 1:31:24). He stated that:

• Cost surprises are architectural, not accidental: Most cloud overspend originates from early service choices, pricing models, and design assumptions-not from poor monitoring alone.
• Cost alerts are controls, not only strategy: Budgets, alerts, and subscriptions help manage spend-but they cannot replace upfront cost modelling and architectural cost awareness.
• Cost assessment must sit alongside security and architecture: Sustainable cloud-native systems treat cost as a first-class design constraint, just like resilience and security. And multi-cloud doesn’t remove cost risk-it multiplies it. Without consistent cost assessment practices, organisations face fragmented spend and reduced financial visibility across AWS, Azure, and GCP (others).

And of course, our usual group photo!

Cloud Native London February

Our next meetup will be on Wednesday 4th February, when we’ll be joined by speakers from SUSE, Mirantis, and Urban Care Community! RSVP and save the date now!.

Stay safe, stay healthy, and see you in a month!

Cheryl (@oicheryl)

We are immensely grateful to Testkube, TechShack, and stack8s for their generous support and sponsorship.

Overview

Kicking off our evening was Dr Jeremy Murray from stack8s talking about Decoupling from the Hyperscalers: A Kubernetes-Based Sovereign AI & Compute Platform(starting at 11:09). He discussed how to:

• Learn how Kubernetes can serve as the foundation for a fully sovereign compute and AI platform - giving organizations complete control over their infrastructure, data locality, and compliance
• Discover design patterns and open source tooling that enable true hybrid and multi-cloud operations - avoiding vendor lock-in while maintaining scalability, security, and performance
• Discover design patterns and open source tooling that enable true hybrid and multi-cloud operations - avoiding vendor lock-in while maintaining scalability, security, and performance

Following this, we had Rob Reid from Cockroach Labs explaining From Chaos to Confidence: How I Learned to Love - And Laugh in the Face Of - Chaos(starting at 50:07). His takeaways were that:

• Databases are just software and they shouldn’t be babied
• True resilience isn’t about avoiding failure, it’s about embracing it until it’s boring
• Legacy systems don’t protect modern workloads

And wrapping up our evening was Radu Sora from Polysemantic exploring Checking Out of Hotel California: The Case for Spark on Kubernetes(starting at 1:33:09). He stated that:

• You’re paying a premium for a solved problem: At scale, Databricks charges a “7-figure” premium for infrastructure orchestration, a problem the CNCF ecosystem has already solved. You can achieve massive cost savings (often over 50%) by switching to an open-source stack
• The “It’s Too Hard” myth is dead: The fear of managing Kubernetes is outdated. A modern, open-source stack (EKS + Spark Operator + Karpenter + Argo Workflows) provides a manageable, declarative, and often more flexible platform than you get from a vendor, without the black-box complexity
• The biggest win isn’t cost, it’s culture: Moving off a “magic” platform forces engineers to re-engage with performance, efficiency, and cost. This “escape” from vendor lock-in fosters a stronger, more inquisitive engineering culture that understands its tools and owns its stack.

And of course, our usual group photo!

Cloud Native London January

Our next meetup will be on Wednesday 7th January, when we’ll be joined by speakers from Flagsmith, Testkube, and Nirmata! RSVP and save the date now!.

Stay safe, stay healthy, and see you in a month!

Cheryl (@oicheryl)

Building CIAM is a fine balance between user experience (social login, single sign-on, multi-factor authentication, biometrics), security and regulatory standards (risk-based authentication, GDPR, audits) and scalability (distributed architectures for load balancing and high availability, analytics).

Can vibe coding handle the challenge? In this talk we’ll see how far we can push the limits – anything could happen…

We are immensely grateful to Testkube, TechShack, and CAST AI for their generous support and sponsorship. More info on them below!

Overview

Kicking off our evening was Mark Robustell from FusionAuth talking about Auth: Build vs Open Source vs Buy(starting at 16:13). He talked about:

• Options for Auth
• Pros and cons of each option
• How FusionAuth can offer many advantages of each of the options

Following this, Kunal Kushwaha from CAST AI explaining Container Live Migration: Moving Workloads Without Downtime(starting at 45:04). His takeaways are about how to:

• The automation challenges of migrating workloads at scale.
• How container live migration is powered and orchestrated in Kubernetes.
• How to make live migration practical for resiliency and cost optimization.

And wrapping up our evening was Ram Swaminathan from Meghdo exploring From Manual Ops to Self-Service: Building Cloud Infrastructure Orchestration at Scale(starting at 1:33:06). He discussed:

• Self-Service Platform Engineering: Design principles for building developer-centric infrastructure platforms that eliminate ops bottlenecks while maintaining enterprise-grade security and compliance through RBAC and audit logging.
• Sub-60-Minute Multi-Cloud Deployments: Architectural patterns and open-source tool combinations (Terraform, Jenkins, Kubernetes, Prometheus, Grafana) that enable instant infrastructure provisioning across AWS, GCP, and Azure without vendor lock-in.
• Zero Trust Infrastructure Access: How to eliminate long-lived credentials and implement time-bound access tokens for cloud orchestration platforms, reducing security risk while maintaining developer velocity.

And of course, our usual group photo!

Cloud Native London December

Our next meetup will be on Wednesday 3rd December, when we’ll be joined by speakers from Nirmata, Cockroach Labs, and Polysemantic! RSVP and save the date now!.

Stay safe, stay healthy, and see you in a month!

Cheryl (@oicheryl)

Reading:

• Shift-Down Security

We are immensely grateful to Testkube, TechShack, Swift, and Sidero for their generous support and sponsorship. More info on them below!

Overview

Kicking off our evening was Euan Harris from Apple talking about How To Put Swift in a Box: Container Images From Scratch With Swift Container Plugin(starting at 15:28). He explained:

• Did you know that you can build a container image without using a container runtime? swift-container-plugin is a plugin for Swift Package Manager, Swift’s native build system, which takes care of packaging your executable in a container image and publishing it to a registry.
• Of course, the executable needs to be able to run on your deployment platform. For that you can lean on Swift’s excellent cross-compilation support and use a Swift SDK to cross-compile to Linux, even across different processor architectures.
• You can deploy your image on any standards-compliant container runtime, but if you’re a macOS user take a look at container https://github.com/apple/container. It’s a new, open-source container runtime specifically built to run Linux-based container images easily and efficiently on macOS. *While you’re there, also check out the new open-source containerization framework https://github.com/apple/containerization. container is built on top of it, and it’s designed to let you build your own container tools and add container-related features to your projects.

Following this, Chris Vermeulen from Container Solutions explained Compliance for Dummies: A Primer for a Compliance-Minded Future(starting at 1:08:29). He discussed:

• What compliance is, and some key terms which are important to know
• How the industry is embracing standardised formats, to allow more automatability and interoperability for compliance reporting and tracking
• How tools like The Continuous Compliance Framework are utilising these new standards to build the next generation of cloud native tooling for a compliance minded future.

And wrapping up our evening was Nic Vermande, ScaleOps describing Smoke, Mirrors, and Metrics: A Kernel Detective’s Guide to Cluster Resource Scaling(starting at 1:36:58). His takeaways are about how to:

• Gain a practical framework for orchestrating HPA, VPA, and KEDA together, turning reactive chaos into predictable resource management
• Understand how the Kubernetes metrics pipeline distorts kernel reality.
• Explore how to use kernel data to align autoscalers for stable, efficient scaling.

And of course, our usual group photo!

With many thanks to our sponsors this month:

Testkube powers cloud-native continuous testing that scales with your team and keeps up with AI-driven release velocity.

TechShack are a tech recruitment agency specialising in the Cloud, Engineering and AI. TechShack exists to build high-performing tech teams by putting community, connection, and quality first.

Swift is an open source general purpose programming language, recognized by world security organizations for its memory safety; its performance and beautiful syntax make it a great option for the cloud native space. Try it out and talk to us on forums.swift.org.

Sidero, the builders of Talos Linux and Omni, creates an easier way to run Kubernetes. Talos Linux and Omni bring simplicity and security to edge, data center, bare metal, and hybrid Kubernetes. By delivering scalable management for Kubernetes clusters, infrastructures are secure by default, easy to use, and reliable to operate.

Cloud Native London November

Our next meetup will be on Wednesday 1st November, when we’ll be joined by speakers from FusionAuth, Cast AI, and Meghdo! RSVP and save the date now!.

Stay safe, stay healthy, and see you in a month!

Cheryl (@oicheryl)

In 2017 I started a meetup, Cloud Native London, with no speakers, no venue and no attendees. Just 7 weeks later, over 100 people turned up to the first event. Now Cloud Native London has grown to 10,000 members, and is one of the strongest and most vibrant developer communities in Europe.

In this talk, I will delve into software architecture insights and trends over the last 8 years. I’ll look at both technical and strategic developments, and transformational opportunities for individuals and organisations going forwards.

Takeaways:

• Consumable > configurable
• Manage your open source exposure
• Embrace AI but stay alert

We are immensely grateful to Testkube, Harness, Mirantis, and Civo for their generous support and sponsorship.

Plus an invitation from Civo:

We are excited to introduce Civo Navigate London https://www.civo.com/navigate/london/2025, our flagship global tech event taking place on 30th September 2025. Join us for a day of insightful discussions and networking with over 800 attendees, as we dive into the latest advancements in AI, digital sovereignty, Kubernetes, and the future of cloud-native technology. With Kelsey Hightower, Sir Jacob Rees-Mog, Dr Ben Spencer MP and over 20 other speakers across three focused tracks, this event is the perfect opportunity for developers, DevOps teams, and IT leaders to come together, share knowledge, and shape the future.

We invite you to be a part of this exciting experience and are offering a 50% discount to the Cloud Native community. Please use this code when registering: CNLCIVONAV50 by 18th September to access your discounted ticket to this exciting event.

Overview

Kicking off our evening was Martin Reynolds from Harness talking about how to Revolutionize Your Software Delivery with AI-Powered DevOps(starting at 16:53). His takeaways mention:

• Accelerate Release Velocity: Harness intelligent pipeline orchestration and reusable templates to ship faster.
• Boost Quality & Resilience: Apply AI-driven testing and proactive reliability controls. Integrate Security by Design: Leverage DevSecOps and automated governance for speed and compliance.
• Reserve your spot now and don’t miss the opportunity to learn from the front lines of AI-powered DevOps transformation.

Following this, Martin Stadler from Mirantis discussed how to Manage Kubernetes at Scale: Platforms, Infrastructures, and k0rdent(starting at 47:14). He explained that:

• k0rdent architecture follows a declarative approach to cluster management using Kubernetes principles. The modular extensible architecture provides a repeatable template-driven solution to interact with subcomponents such as the Cluster API (CAPI) and other Kubernetes components.
• k0rdent has been tested with AWS EC2, AWS EKS, Azure Compute, Azure AKS, vSphere, and OpenStack (so far!), and can be easily extended to support other publicly-available and custom providers. It provides a modular, Helm-based templating system that makes it easy to standardize and automate infrastructure and services provisioning—whether for traditional cloud applications or the next wave of AI-driven workloads.
• k0rdent eliminates CAPI’s complexity, ensures component compatibility, enhances add-on management with Sveltos, and provides built-in observability—all in a production-ready, streamlined platform.

And wrapping up our evening was Sohan Maheshwar from AuthZed telling us about How Google built a Consistent, Global Authorization System with Zanzibar (and you can too!)(starting at 1:28:59). He described:

• What is ReBAC aka Relationship Based Access Control
• What the Google Zanzibar Model, Language and API looks like
• The Architecture & Implementation details - How Zanzibar performs at scale while maintaining correctness and consistency.

And of course, our usual group photo!

Cloud Native London October

Our next meetup will be on Wednesday 1st October, when we’ll be joined by speakers from Sidero Labs, Ondat, and EastSummer! RSVP and save the date now!.

Stay safe, stay healthy, and see you in a month!

Cheryl (@oicheryl)