Arik Grahl
Senior Software Engineer with experience in full-stack development and operation of bare metal infrastructure
Berlin, Germany
Actions
Arik Grahl is a Senior Software Engineer living between Berlin and Barcelona and has more than 13 years of experience in full-stack development and operation of infrastructure on bare metal.
At the moment he mainly develops Golang applications close to Kubernetes and the broader cloud native ecosystem.
Furthermore, he is excited about everything evolving around Nix(OS) and enjoys contributing to Nixpkgs.
He studied computer science (BSc. in 2017, MSc. in 2021) at Technical University (TU) in Berlin.
During this time he worked on freelance projects as a full-stack developer and supervised the corresponding IT infrastructure.
He also gained experience with co-founding two companies (2014, 2015) during this time with a focus on web development for small and medium-sized companies.
At his former job, he worked as a DevOps engineer where he also had the leading role in developing a mass-market product.
He modernized and implemented operations and infrastructure at this company: containerization of all applications, an implementation of a CI/CD infrastructure, the operation of a self-hosted Kubernetes cluster on Bare Metal together with a Gluster and Ceph storage cluster in various locations in Europe, together with state-of-the-art observability stack.
In addition, he was also intensively involved in the further training of employees concerning these technologies.
Currently, he works as an SRE at SysEleven, where he is involved in the Golang development of the software supply chain management on top of the managed Kubernetes.
He is interested in IT security, data protection as well as network politics, and is an enthusiastic advocate of free and open-source software (FOSS).
He is happy to take part in meetups and conferences to exchange ideas about technology.
In his free time, he runs numerous services of everyday digital life on a home Kubernetes cluster, passionately cooks vegan food, does strength training, and listens to heavy metal.
Area of Expertise
Topics
Beyond Docker Builds: Declarative, Reproducible and Secure OCI Containers with Nix
The Open Container Initiative (OCI) standardized the foundation of cloud-native infrastructure. However, most build systems lack determinism due to network access during builds, leading to non-reproducible artifacts and complicating software supply chain security (SSCS). While OCI supports layering for storage and cache efficiency, reflecting shared dependencies across artifacts remains complex.
Nix, as a package manager, enables declarative and reproducible builds in hermetic, network-isolated sandboxes, requiring all dependencies to be specified up front for long-term reproducibility.
Dependencies are treated as first-class citizens, making it easy to generate accurate Software Bill of Materials.
With `dockerTools` in the Nix standard library, these benefits reach the OCI ecosystem.
This talk highlights the advantages of fully declarative, reproducible OCI builds with Nix, offering deep insights and benefits to SSCS.
Let's not just build containers, let's declare them reproducibly!
Kubenix: Declare Your K8s Workloads Fully Reproducible
Kubenix allows the generation of Kubernetes manifests by leveraging Nix modules.
On top of OpenAPI, Kubenix exposes the core Kubernetes API for the functional language Nix.
This enables a fully declarative description of Kubernetes workloads with the best reproducibility, thus making YAML templating obsolete.
Kubenix's Helm wrapper provides access to the large ecosystem of the de-facto package manager for Kubernetes while preserving Nix's qualities.
With the ability to build reproducible OCI container images with Nix, Kubenix both simplifies and improves the definition of Kubernetes workloads.
After briefly introducing Nix itself, this talk will showcase Kubenix with practical use cases ranging from simple Kubernetes manifests to complex application stacks.
Let's make our Kubernetes workloads both declarative and reproducible!
Honey, I Shrunk the Datacenter: Operating Bare-Metal Kubernetes at Home for Fun and Data Sovereignty
Operating a Kubernetes cluster inside your home is not only inherently fun but also provides an excellent environment for learning and experimentation.
Last but not least, keeping all data within one's own four walls is an essential prerequisite for consequent data sovereignty when self-hosting for oneself or acquaintances.
This talk presents a number of requirements that can be encountered when running Kubernetes in the home environment.
Based on the experiences of half a decade, a vanilla Kubernetes in a heterogeneous environment (amd64/arm64) turns out to be a flexible solution allowing continuous replacement and upgrade of both hardware and software.
The speaker's individual setup with regard to hardware selection and system architecture will be briefly showcased in order to present potential solutions for energy efficiency, failover and resilience, encryption at rest, storage, computing, network, load balancing, identity management and backup.
In addition to discussing challenges in running bare-metal Kubernetes (in the home environment), this talk is intended to inspire and motivate running your own cluster.
Reclaim your data sovereignty!
Container Days London Sessionize Event
ContainerDays Conference 2025 Sessionize Event
Kubernetes Community Days Munich 2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top