Maximilian Marschall
Unit Lead - Cloud Native International @ evoila
Vienna, Austria
Actions
One of Austria’s first five Kubestronauts. Enthusiastically immersed in the ever-evolving world of technology, he finds joy in pushing boundaries and continually venturing into uncharted territories. His current focus centers around Kubernetes, platform engineering, and the realm of automation, with a particular penchant for Kubernetes and ArgoCD to streamline and optimize processes. In the fascinating journey of technology exploration, his homelab has flourished, expanding to a scale that rivals the capabilities of some enterprise-level cloud infrastructures.
Badges
Area of Expertise
Topics
Building a Kubernetes Platform — Think Big, Think in Planes
Building a Kubernetes platform often starts with layers like infrastructure, tooling, security and delivery. But real platforms do not grow vertically, they grow horizontally.
In this talk we introduce thinking in planes as a practical mental model for designing scalable Internal Developer Platforms.
You will learn how the plane model, covering control, service, observability, security and resource concerns, helps teams structure complexity, centralize what needs control and scale what needs independence without turning the platform into YAML spaghetti.
As a real world example, we showcase OpenChoreo, a fresh CNCF Sandbox project that is secure by default and designed around planes from day one. OpenChoreo is also based on Cell Based Architecture (CBA). Each project becomes a cell, a secure, isolated and observable unit that enforces domain boundaries through well defined ingress and egress paths, with policies enforced via Cilium and eBPF.
The session includes a live demo you can try yourself right after the talk. Instead of using Kubernetes in Docker (KinD), we use vCluster in Docker (VinD), a brand-new approach that enables fast and isolated platform experiments on your local machine.
Reverse Engineering a Kubernetes Platform: From UI to GitOps
Most teams build platforms layer by layer — often from the bottom up. But what if we flip the perspective?
In this talk, we reverse-engineer a real Kubernetes platform — starting at the top, with the developer portal, and working our way down. Like deconstructing a burger from the upper bun, we explore how each visible piece maps to underlying services, components, and architectural decisions.
We’ll break down how observability, secrets management, security, and multi-tenancy are integrated — and how GitOps holds it all together behind the scenes. Along the way, we’ll analyze actual YAMLs to understand where vulnerabilities hide and how platform design impacts both developer experience and operational risk.
This talk is not about building something new. It’s about understanding what you already have — and how to make it better by looking at it from a new angle.
Intercepting PromQL for Fun and Compliance - Multi-Tenant Access Control for Observability-Data
You've built a shared observability platform. Multiple teams, one Grafana, one set of datasources. Now someone asks: "Can team A see team B's production logs?" And you realize you don't have a good answer.
Native multi-tenancy in the Prometheus/Loki/Tempo ecosystem relies on tenant IDs, a single header that grants all-or-nothing access to an entire tenant's data. But real organizations don't work that way. You need developers to see their namespace but not production secrets. You need the platform team to see everything. You need external contractors limited to a single service. Tenant IDs can't express these boundaries.
The alternatives? Run separate datasource instances per team (operational nightmare). Build custom authorization middleware for each query language (maintenance burden). Or trust everyone to add the right label filters manually (security theater).
This is why we built Janus, an open-source (AGPLv3) proxy that sits between Grafana and your datasources. It extracts identity from OAuth2 tokens, resolves policies, and automatically injects label filters into PromQL, LogQL, and TraceQL queries. Users query naturally - Janus enforces boundaries transparently.
We'll walk through the architecture, show deployment patterns for multi-tenant Kubernetes environments, and discuss the challenges of parsing and rewriting three distinct query languages. You'll leave with practical strategies for securing shared observability infrastructure, without sacrificing usability.
Cloud Native Vienna: 10 Years of CNCF in Vienna
GitOps - The CNCF Movement That Changed How We Operate Clusters
Over the last decade, GitOps has evolved from a clever hack for cluster state management into a CNCF-backed operating model adopted by leading platform teams worldwide. In this talk, we’ll explore the origins of GitOps, how tools like Argo and Flux reshaped Kubernetes operations, and why Git has become the single source of truth for modern infrastructure. We’ll also discuss what worked, what didn’t, and how GitOps is now the backbone of platform engineering and self-service developer experiences.
Cloud Native Days Austria Sessionize Event
evoila envision
3 Säulen einer modernen Cloud-Plattform: Self-Service, Automatisierung und Observability
Von Projektifizierung zu Produktifizierung: Ein Beispiel aus dem Defense Bereich
Cloud Native Vienna Meetup
Boundless Monitoring: Thanos for Distributed Kubernetes Environments
vUpdate
Speaker at VMware Roadshow "vUpdate" presenting "Whats new on Tanzu?" three times: Vienna, Linz & Graz
vmexplore
https://www.youtube.com/watch?v=w5QBrVQJarA&list=PLnopqt07fPn2PCdilRfavaJ1XMDv1VyTd&index=2
CODE2861BCN - vSphere Supervisor & ArgoCD: Automating Workload Cluster Deployments: the GitOps Way
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top