Lucas Käldström
Kubernetes contributor, CNCF Ambassador
Running the Kubernetes meetups in Finland
Generic control planes and authorization at Upbound
- Cedar Policy joins the CNCF! 🚀 The cloud native community can now rely on a fast, safe, expressive, analyzable and formally verified authorization library when implementing access control🔓 This is a game-changer for implementing ACLs both safely & quickly aws.amazon.com/blogs/openso...
- [Not loaded yet]
- Cool, send me a message on LinkedIn 👍
- I gave a quote for the launch blog post as follows: “What I appreciate the most about Cedar is the deep knowledge that is encoded into why it works the way it works… the careful balance between expressiveness and analyzability.”
- Want to know how it could be used in the Kubernetes ecosystem? Check out github.com/upbound/kube... on Github and my talks on the Cedar at Speakerdeck: speakerdeck.com/luxas
- This feels very similar to when I first saw Kubernetes more than 10 years ago. A project with the potential to transform an entire industry, with creators that have been facing these problems for a long time, and with already many prior iterations experience is drawn from.
- It was super fun visiting KCD Suisse Romande and CERN, and talking about Kubernetes Access Control! 😁 Thanks Ricardo Rocha and team for organizing and @bridgetkromhout.bsky.social for the pictures 🙌
- Much interesting work in conditional authorization for Kubernetes as explained by @luxas.dev. Check out the KEP: github.com/kubernetes/e... #KCDRomandie
- Super excited to be speaking at KubeCon Atlanta about recent Kubernetes access control developments with @micahhausler.com 🥳🚀
- Very excited to be speaking with @luxas.dev at KubeCon in Atlanta this November! We'll be speaking on how you can better secure Kubernetes, and what the future of K8s authorization looks like sched.co/27FdC
- [Not loaded yet]
- Welcome to the Nordics! Make sure to check Finland out as well and let me know if you do 😁
- [Not loaded yet]
- I spoke with a SPIFFE maintainer about something similar the other day. He prototyped an example of the token equivalent here github.com/spiffe/k8s-s... I wrote in my thesis that it'd be fun to see how far retrofitting SPIFFE into k8s would go in practice.
- [Not loaded yet]
- Awesome!!
- I'm super excited to organize KCD Helsinki today, with my fellow co-organizers 🔥 📈 300+ attendees from 14 countries gathering at the OP Headquarters 🤩 34 talks across 3 tracks from Finnish and international experts 💡 13+ hours of Kubernetes content Let's go! See you there 🚀
- #KCDHelsinki is on! Looking forward to a really interesting day 🙌 @luxas.dev and @annietalvasto.bsky.social kicking of the morning sessions!
- Learning about the history of CEL in Kubernetes. Did you know it was first introduced 10 releases ago!? 🤯 We are fans of CEL in Kubernetes mainly thanks to them making Validating and MutatingAdmissionPolicies possible to avoid those risky webhooks in our clusters! #KubeCon #MaintainersSummit
- It was a great talk!
- Thanks @gregchase.bsky.social for this detailed thread about our talk! 🙌🤩
- Next up: End-to-End Message Authenticity in Cloud-Native Systems #cloudnativerejekts
- Super excited to be speaking at Cloud Native Rejekts 💯 We'll talk about "End to End Message Authenticity in Cloud Native Systems" with @micahhausler.com now 🙌 We'll cover how one can use the HTTP Message Signatures RFC 🔒
- [Not loaded yet]
- Awesome, looking forward to these! 🙌
- [Not loaded yet]
- Congrats, looking forward to it! 🙌
- [Not loaded yet]
- [Not loaded yet]
- Sorry for the delay, haven't been active here for a while, but www.women4cyberfinland.com/aboutus would be my best bet
- [Not loaded yet]
- Congrats!! 🙌🙌
- Kubernetes apparently made it into an NCIS episode - DURING KubeCon. I guess theres any clear indicator that K8s has hit peek adoption, its that it gets used as techno-jargon to explain things in TV 🤣 Thanks @thisisnotapril.bsky.social for the find. youtu.be/AzrHurE_PSI
- [Not loaded yet]
- Wow, nice 😂 maybe CNCF should put into the project graduation criteria that "✅ is part of popular culture" with this as the standard 😂
- [Not loaded yet]
- Hopefully yes! 🤞
- Awesome work from Marek and @madhavjivrajani.bsky.social making the k8s API server cache more efficient! 🔥😍 And I heard more improvements are coming! 📈
- About to watch @jimmy.zelinskie.com and @luxask.bsky.social talk about expanding k8s access control!
- [Not loaded yet]
- Awesome! 💪 Do you think this would apply to Kube SIG Network or more generally some CNCF-wide networking working group? One thing we didn't have time to mention, but I think is interesting is Tetrate's (closed source) implementation of NGAC youtu.be/sdA6wExZaZc?..., another type of ABAC graph system
- [Not loaded yet]
- Hope you enjoyed the talk! Lmk if you have comments or ideas where to apply some of these principles 😊
- @sttts.social and Mangirdas Judeikis dive deep into Generic Control Planes and kcp, showing what is the future of control planes are, with live demos 🔥🚀
- @justingarrison.com on what Kubernetes could learn from other orchestrators Favorite quote "Docker Swarm felt like magic. But I don't ship magic to production"
- With shoutout to Sarah Novotny and similar community builders for building such a strong Kubernetes community 🙌
- [Not loaded yet]
- At rejekts already! 🤩
- Let's go! #CloudNativeRejekts
- [Not loaded yet]
- Just arrived! 🤩
- [Not loaded yet]
- Excited to see you, hope to catch up soon 🤩
- Super excited to speak @jimmy.zelinskie.com about "Expanding the Capabilities of Kubernetes Access Control" 🔐 - principles of authorization in distributed systems and cloud infrastructure -ReBAC, CEL, Cedar k8s integrations 🚀 Can we get to a "docker" moment of authz patterns? 👉 sched.co/1i7m9
- 🎉 Excited to announce what me and our meetup team have been working on lately: Bringing Kubernetes Community Day to Finland on May 6, 2025! 🚀 🤝 We registered a Finnish non-profit named "Cloud Native Finland ry" for the operations. 📰 Read CNCF's announcement here: www.cncf.io/blog/2024/10...
