Artem Lajko
Head of Platform Engineering at iits-consulting
Hamburg, Germany
Actions
Artem Lajko, certified CNCF Kubestronaut and Head of Platform Engineering, specializes in Kubernetes scalability and GitOps-driven workflows. He is the author of Implementing GitOps with Kubernetes and an IT freelancer writing for various publishers. As a Platform Engineering Ambassador, he supports companies and the community in adopting Platform Engineering, Internal Developer Platforms, and related technologies. Passionate about Open Source, he helps organizations choose the right tools, driving tech adoption and innovation.
Area of Expertise
Topics
When Hub and Spoke GitOps Becomes a Security Risk at Scale
Hub and Spoke GitOps works well for a few clusters. It becomes risky and hard to manage when you scale to 100 or even 1000 clusters. This talk shows why this happens and how an agent based pull model makes GitOps secure and scalable.
The Evolution of GitOps in Platform Engineering
GitOps in 2017 as a simple model for application delivery, built around four core principles. Today, it has evolved into a central part of platform engineering, where teams operate large numbers of clusters and shared platform services.
This talk shows how GitOps has evolved over time, why early approaches break at scale, and how everything-as-code enabled automation while also creating configuration sprawl. Tools like Argo CD, Helm, and Kustomize made scaling possible, but often hide the real state of a system.
We will look at the limits of Git as a state store and why file-based, pull-driven reconciliation does not scale well. This led to OCI-based delivery, Gitless GitOps, and new approaches that aim to provide a real, operable state store.
Platform teams need visibility, regulation like the Cyber Resilience Act requires a clear infrastructure supply chain, and AI-driven operations depend on access to the final, real manifests.
The Evolution of GitOps in Platform Engineering
GitOps in 2017 as a simple model for application delivery, built around four core principles. Today, it has evolved into a central part of platform engineering, where teams operate large numbers of clusters and shared platform services.
This talk shows how GitOps has evolved over time, why early approaches break at scale, and how everything-as-code enabled automation while also creating configuration sprawl. Tools like Argo CD, Helm, and Kustomize made scaling possible, but often hide the real state of a system.
We will look at the limits of Git as a state store and why file-based, pull-driven reconciliation does not scale well. This led to OCI-based delivery, Gitless GitOps, and new approaches that aim to provide a real, operable state store.
Finally, we will explain why this matters now. Platform teams need visibility, regulation like the Cyber Resilience Act requires a clear infrastructure supply chain, and AI-driven operations depend on access to the final, real manifests.
The Evolution of GitOps in Platform Engineering
GitOps in 2017 as a simple model for application delivery, built around four core principles. Today, it has evolved into a central part of platform engineering, where teams operate large numbers of clusters and shared platform services.
This talk shows how GitOps has evolved over time, why early approaches break at scale, and how everything-as-code enabled automation while also creating configuration sprawl. Tools like Argo CD, Helm, and Kustomize made scaling possible, but often hide the real state of a system.
We will look at the limits of Git as a state store and why file-based, pull-driven reconciliation does not scale well. This led to OCI-based delivery, Gitless GitOps, and new approaches that aim to provide a real, operable state store.
Finally, we will explore why this matters now. Platform teams need visibility, regulation like the Cyber Resilience Act requires a clear infrastructure supply chain, and AI-driven operations depend on access to the final, real manifests.
One Platform Could Not Fit Them All
Building a platform sounds right until every team builds its own. At one of the world’s largest retailers, one platform didn’t fit all, but many siloed platforms did not scale. Different products, constraints, and experience levels drove divergence.
In this talk, we show how we addressed this by building an Open Source Platform Framework not as a rigid product, but as a shared foundation. It allows teams to own their platforms while sharing common practices, from standard cloud setups to 15,000+ edge locations.
What you will see:
-> Why Kubernetes alone was not enough, even when managed
-> GitOps as the glue between governance and autonomy using a
hub and spoke, multi-tenant model
-> How we integrated CNCF tools instead of reinventing them
-> Lessons learned taking an internal tool toward open source and why inner source was harder than expected
No platform utopia, just honest lessons from building and operating framework in production for multiple platform teams.
Not All Managed Kubernetes Are Created Equal: A Deep Dive into Control Plane Architectures
Managed Kubernetes doesn't eliminate complexity, it shifts it out of sight. In this talk, we look behind the curtain of Managed Kubernetes to show the architectural building blocks that enable Managed Service Providers (MSPs) to deliver production-ready clusters for customer workloads.
We will walk through different patterns for control plane hosting and node lifecycle management, comparing practical approaches from open source projects like Gardener, Kamaji, and Cluster API. This includes analyzing the tradeoffs of the individual approaches.
The core of the talk is a deep dive into Gardener. Through a live demo, we demonstrate how Shoot clusters are managed by Seed clusters, how control planes run in dedicated namespaces, and what actually happens during real lifecycle operations.
GitOps at Scale: Why Your Hub-and-Spoke Architecture is a Security Risk
Hub-and-Spoke has become the default architecture for many GitOps based platforms. It is easy to understand, promises centralized control, and offers a single pane of glass for operating Kubernetes fleets.
But at scale, this model becomes dangerous.
In this talk, we explain why traditional (push) Hub-and-Spoke GitOps architectures fail when managing hundreds or thousands of clusters and especially when they are not agent-based. Centralizing privileged cluster credentials in a single management hub creates a “God-mode” security risk: compromise the hub, and you compromise the entire fleet.
We start with a short comparison of Argo CD and Sveltos, two open-source GitOps tools with fundamentally different architectural approaches. From there, we dive deep into the real challenges of GitOps at scale:
- Security risks caused by storing highly privileged cluster credentials in the hub
- Hub scalability limits and bottlenecks (resources, performance, blast radius)
- Why inbound connectivity (hub -> firewall -> cluster) is risky — or impossible in edge, semi-air-gapped, or regulated environments
- How multi-tenancy breaks down when the hub deploys applications, add-ons, and third-party tools for many teams
We show how an agent-based, pull-driven GitOps approach allows teams to keep the familiar Hub-and-Spoke model without inheriting its risks: no inbound access, no centralized superuser credentials, reduced blast radius, and clean multi-tenancy boundaries.
This is not a theoretical discussion. We will prove it with a live demo, showing GitOps at scale using an agent-based push and pull architecture in practice.
Demystifying Managed Kubernetes
Managed Kubernetes doesn’t eliminate complexity, it shifts it out of sight. In this talk, we look behind the curtain of Managed Kubernetes to show the architectural building blocks that enable Managed Service Providers (MSPs) to deliver production-ready clusters for customer workloads.
We will walk through different patterns for control plane hosting and node lifecycle management, comparing practical approaches from open source projects like Gardener, Kamaji, and Cluster API.
The session closes with a live Gardener demonstration, illustrating how the "Kubernetes on Kubernetes" model can support high-density multi-tenancy, control plane isolation, and resilient lifecycle automation.
How to Build a Multi-Tenancy Internal Developer Platform with GitOps and vCluster
An Internal Developer Platform is more than just a user interface or a set of APIs. It is about creating the core functionality that enables self-service for development teams. In this talk, we will show how GitOps and vCluster can help build a scalable and cost-efficient platform that supports multiple teams.
What makes this approach exciting is that we will use tools that the customer already had in place at the enterprise level. The goal was to create a first version of the platform that fits into the existing environment instead of introducing completely new technology.
Reverse Engineering a Kubernetes Platform: From UI to GitOps
Most teams build platforms layer by layer, often from the bottom up. But what if we flip the perspective?
When building a platform, it helps to think in planes rather than layers. This perspective separates concerns like control, data, and developer experience into distinct planes, providing a clearer mental model and a more scalable way to reason about platform design.
In this talk, we introduce the planes concept as a new way of looking at platform engineering, one that changes how we approach building and operating platforms at scale.
We then reverse engineer a real Kubernetes platform, starting at the top with the developer portal and working our way down. Like deconstructing a burger from the upper bun, we explore how each visible piece maps to underlying services, components, and architectural decisions.
This talk is not about building something new. It’s about understanding what you already have and how to make it better by looking at it from a new angle.
How to Build a Multi-Tenancy Internal Developer Platform with GitOps and vCluster
An Internal Developer Platform is more than just APIs or a UI—it enables true self-service for development teams. This talk explores how GitOps and vCluster help build a scalable, cost-efficient IDP using existing enterprise tools.
Road to a self-healing infrastructure with HolmesGPT and a private LLM
In this talk, we will demonstrate how to set up your own private, on-premise, container-based LLM with Terraform and Kubernetes. We will delve deeper and show how to add gigabytes of documents and interact with your private, sensitive data. During the live demo we will also show how to connect it to HolmesGPT and let the private LLM auto solve your Kubernetes issues.
Source Code: https://github.com/iits-consulting/otc-terraform-template/tree/ollama
Keywords: LLM, HolmesGPT, OpenTelekomCloud, Kubernetes, Terraform, AI, Ollama, Airbyte, RAG
Øredev 2026 Sessionize Event Upcoming
Cloud Native Days Austria 2026 Sessionize Event Upcoming
ContainerDays Hamburg 2026 Sessionize Event Upcoming
KubeCon + CloudNativeCon Japan 2026 Sessionize Event Upcoming
KCD Istanbul 2026 Sessionize Event Upcoming
Cloud Native Summit 2026 Sessionize Event Upcoming
PlatformCon 2026 Sessionize Event Upcoming
Cloud Native Days Italy 2026 Sessionize Event
Cloud Native Days Austria Sessionize Event
ContainerDays Conference 2025 Sessionize Event
PlatformCon 2025 Sessionize Event
Cloud Native Conference
Keynote: Why companies fail when introducing an Internal Developer Platform (IDP)
- IDPs are older than containers – but what exactly makes a good developer platform? A look at the history, definition, and misconceptions surrounding IDPs
- From the DevOps promise to platform engineering – why many companies fail because they build platforms but don't do real platform engineering
- Lessons learned from talking to 100+ experts – the five most common mistakes when introducing IDPs and how to avoid them
ContainerDays Conference 2024 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top