DevOps Q&A: GitHub Actions Security, DB Migrations, CNIs, and Self-Hosted LLMs

In this lively AMA livestream, Viktor hosts special guests Scott and Kostis — a Backstage enthusiast and an Argo CD contributor, respectively — for a wide-ranging discussion on DevOps, platform engineering, and cloud-native tooling. The conversation kicks off with an ambitious idea for a tool that automatically discovers service dependencies and runs cross-service contract testing, touching on Backstage as a catalog, Pixie for eBPF-based network topology discovery, and the challenge of building something that works out of the box. The trio also dives into best practices for organizing GitHub Actions workflows across multiple repositories, the recent GitHub Actions security attack involving the pull_request_target vulnerability, and centralized CI/CD governance using tools like Harness, Tekton, Argo Workflows, Kyverno policies, and Octopus Deploy's Platform Hub.

The session also covers a rich set of audience questions including local offline development setups, the Google-Wiz acquisition and its implications for cloud security, the LGTM stack versus ClickHouse for OpenTelemetry backends, self-hosting LLMs versus using hosted providers like Azure Foundry and AWS Bedrock, policy-as-code preferences between OPA and Kyverno (with a enthusiastic shoutout to Kyverno's Chainsaw testing framework), database migrations using Atlas as a Kubernetes operator, cache databases on Kubernetes with Valkey and Dragonfly, MongoDB operators from KubeDB versus Percona, and the state of CNIs including Cilium, Calico, and Antrea. The hosts also share their wishlists for tools they'd love to see built, from dependency-aware testing systems to documentation-driven test generation and a standardized dependency metadata format for the CNCF ecosystem.

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬
00:00 Intro (skip to first question)
05:09 Intro chat and guest introductions
08:41 Cross-service dependency testing with AI
20:39 Best practices for organizing 20+ GitHub Actions workflows
23:51 Using ClusterAPI with CAPT, CAPBT and CAPH issues
26:24 Best solution for local offline airgapped development
30:49 Thoughts on Google acquiring Wiz
32:46 LGTM stack vs ClickHouse for OpenTelemetry backend
33:52 What happened with the GitHub Actions AI attack
40:48 Tools for centrally governing CI pipelines across repos
43:01 Is it cheaper to use hosted LLMs vs self-hosting
46:08 OPA vs Kyverno for policy as code
49:05 What do you think about Holmes GPT from Robusta
51:19 Best way to do DB migrations in Kubernetes
53:26 What are you using as cache DB on Kubernetes
57:24 Thoughts on MongoDB Percona operator
61:14 What is the future of CNIs in Kubernetes

Видео DevOps Q&A: GitHub Actions Security, DB Migrations, CNIs, and Self-Hosted LLMs канала DevOps & AI Toolkit