{"podcast":{"title":"Day Two DevOps","slug":"day-two-devops","podcast_index_feed_id":341814,"rss_url":"https://feeds.packetpushers.net/day2cloud/","website_url":"https://packetpushers.net/","image_url":"https://static.feedpress.com/logo/day2cloud-669fc5e024d4b.jpg","author":"Packet Pushers","episode_count":250,"summary":"Join hosts Ned Bellavance and Ethan Banks as they dive deep into the challenges of cloud operations from the perspective of seasoned practitioners. You'll hear from expert guests—technical leaders, trainers, and consultants with years of hands-on experience—discussing the nuances of modern cloud environments. From AWS to Azure, networking to security, automation to DevOps, each weekly episode equips you with the insights to confidently address tech and business challenges such as resilience, cost management, and performance. Whether you want to hone your skills today or prepare for what’s coming next, Day Two Cloud cuts through the vendor fog to guide you through a shifting IT landscape.","last_synced_at":null,"page_url":"https://stenobird.com/podcast/day-two-devops"},"episode":{"title":"D2DO286: Scaling Kubernetes Across Clouds – Identity, DNS, and Security","slug":"d2do286-scaling-kubernetes-across-clouds-identity-dns-and-security","published_at":"2025-11-05T21:54:14+00:00","page_url":"https://stenobird.com/podcast/day-two-devops/d2do286-scaling-kubernetes-across-clouds-identity-dns-and-security","show_page_url":"https://stenobird.com/podcast/day-two-devops","url":"https://packetpushers.net/podcasts/day-two-devops/d2do286-scaling-kubernetes-across-clouds-identity-dns-and-security/","audio_url":"https://feeds.packetpushers.net/link/20975/17203966/D2DO286.mp3","summary":"Managing Kubernetes across multiple cloud providers introduces significant complexities in workload identity, DNS resolution, and security. This episode explores how to implement granular, short-lived credentials and efficient DNS strategies to maintain a secure, scalable multi-cloud architecture.","meta_description":"Learn how to solve multi-cloud Kubernetes challenges involving workload identity, DNS resolution, and service security with Goutam Tadi.","key_points":["Main idea: Moving from static service account keys to workload identity reduces the blast radius of credential leaks","Practical takeaway: Use short-lived, unique tokens for each pod to establish a trust relationship with external cloud providers","Failure mode: Storing long-lived service account keys in local storage or 'wallets' creates a massive security vulnerability","Technical insight: Kubernetes DNS resolution follows a specific search path, which can be optimized by configuring name servers to prioritize external providers","Security takeaway: Implementing mTLS via a service mesh like Istio can automate pod identity verification and secure inter-service communication"],"chapters":[{"start_ms":60000,"title":"From Bare Metal to Kubernetes","summary":"Goutam discusses the transition of Greenplum Database from tarball-based bare metal installations to containerized workloads."},{"start_ms":235000,"title":"Running Stateful Workloads in K8s","summary":"The challenges and opportunities of deploying databases and stateful services in an inherently ephemeral environment."},{"start_ms":785000,"title":"The Danger of Static Credentials","summary":"An analysis of the security risks associated with downloading and managing service account keys manually."},{"start_ms":985000,"title":"Implementing Workload Identity","summary":"How to use service accounts to create trust relationships with cloud providers using granular, revocable permissions."},{"start_ms":1345000,"title":"DNS Resolution in Kubernetes","summary":"Understanding how Kubernetes uses naming conventions to abstract away ephemeral IP addresses."},{"start_ms":1525000,"title":"Optimizing DNS Search Paths","summary":"Deep dive into the DNS lookup flow and how to prevent unnecessary internal search failures."},{"start_ms":2260000,"title":"Securing Service Communication","summary":"Exploring mTLS and the role of service meshes like Istio in managing pod identity and encryption."}],"topics":["Kubernetes","Multi-cloud","Workload Identity","DNS Resolution","Service Mesh","mTLS","Cloud Security","DevOps"],"duration_seconds":2439,"processing_state":"processed","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/day-two-devops/episodes/d2do286-scaling-kubernetes-across-clouds-identity-dns-and-security/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/day-two-devops/d2do286-scaling-kubernetes-across-clouds-identity-dns-and-security.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}