Hello! This is a practical write-up based on notes from docs, blog posts, and Liz Rice’s Container Security. I pulled together the main ideas that helped me better understand how container security actually works, and a bunch of simple things you can do to make containers safer in practice.

I published a new blog post: "A Tour of eBPF in the Linux Kernel: Observability, Security and Networking". I recently read the book "Learning eBPF" by Liz Rice and condensed my notes into this article. Great for a quick overview before you decide to dive deeper!

A Practical tour of eBPF in the Linux Kernel: Observability, Security and Networking.

eBPF lets you run small, verified programs inside the Linux kernel, enabling fast observability, security, and networking without changing application code. This practical tour explains why eBPF matters now, how programs are compiled, verified, JITed, and attached to events, and how maps and ring buffers move data. You'll leave with simple demos and a clear mental model to start experimenting.

I tried to write an end-to-end guide on Kubernetes networking, covering the full journey from the foundational Linux stack and CNI up to advanced topics like mTLS and service meshes. It's a long-ish read, but aims to be a good "intro" resource. Feedback is welcome!

I recently took a deep dive into the Linux kernel to understand how it handles processes, scheduling, memory, and more. While I had some OS knowledge from school, it always felt too abstract - so I wanted to see how things actually work. This post covers what I learned, from system calls to interrupts, and how kernel development differs from userspace.

In this post, I'll walk through OpenTelemtry core concepts and how to integrate OpenTelemetry in a Go application. By the end, you'll have a reusable telemetry package that sets up logging, metrics, and tracing! I've also published the package, complete with tests and examples, on GitHub: https://github.com/lucavallin/gotel . Feel free to use it as a starting point for your own projects.

After more than a decade of writing software, I've read lots of opinions on how to write good software. Everyone loves to throw around rules and principles, so I'll do it too.

I recently made a contribution to Istio, an open-source service mesh that simplifies managing microservices. In this post, I explain how Istio handles traffic routing, security with mTLS, and observability, making complex systems more resilient and efficient.

I recently made a contribution to Istio, an open-source service mesh that simplifies managing microservices. In this post, I explain how Istio handles traffic routing, security with mTLS, and observability, making complex systems more resilient and efficient.

I've been working with Terraform for a while now, and I've noticed that there are a few things that people keep asking me about. I thought it would be helpful to write a blog post about some of the most common questions I get asked and share some of the things I've learned along the way. This is not an exhaustive list, and, if you have any feedback or suggestions, please let me know!