Talks

09 September 2025 Hamburg, Germany

Kubenix: Declare Your K8s Workloads Fully Declarative

Kubenix allows the generation of Kubernetes manifests by leveraging Nix modules. On top of OpenAPI, Kubenix exposes the core Kubernetes API for the functional language Nix. This enables a fully declarative description of Kubernetes workloads with the best reproducibility, thus making YAML templating obsolete. Kubenix’s Helm wrapper provides access to the large ecosystem of the de-facto package manager for Kubernetes while preserving Nix’s qualities. With the ability to build reproducible OCI container images with Nix, Kubenix both simplifies and improves the definition of Kubernetes workloads. After briefly introducing Nix itself, this talk will showcase Kubenix with practical use cases ranging from simple Kubernetes manifests to complex application stacks. Let’s make our Kubernetes workloads both declarative and reproducible!

31 March 2025 London, United Kingdom

Kubenix: Declare Your K8s Workloads Fully Declarative

Kubenix allows the generation of Kubernetes manifests by leveraging Nix modules. On top of OpenAPI, Kubenix exposes the core Kubernetes API for the functional language Nix. This enables a fully declarative description of Kubernetes workloads with the best reproducibility, thus making YAML templating obsolete. Kubenix’s Helm wrapper provides access to the large ecosystem of the de-facto package manager for Kubernetes while preserving Nix’s qualities. With the ability to build reproducible OCI container images with Nix, Kubenix both simplifies and improves the definition of Kubernetes workloads. After briefly introducing Nix itself, this talk will showcase Kubenix with practical use cases ranging from simple Kubernetes manifests to complex application stacks. Let’s make our Kubernetes workloads both declarative and reproducible!

13 November 2024 Mannheim, Germany

Nixing Challenges of Kubernetes Packaging with Nix

Software supply chain management (SSCM) systems should provide software bill of materials (SBOM) and auditability as well as scanning for vulnerabilities and licensing conflicts. Furthermore, it should offer flexible configuration options and the ability to define comprehensive specifications e.g. for regulatory compliance and every change should undergo a quality assurance (QA) process. These requirements are addressed by Nix, a functional language and package manager allowing to create reproducible, declarative, and reliable builds. We present a packaging of Kubernetes manifests based on Nix and show how this enrichs the features of SSCM and improve reliability and operational safety.

17 October 2024 online

NixOS: A Brief Introduction

This talk introduces NixOS and its fundamental concepts, clarifying the distinction between the Nix language (a functional, lazy, dynamically typed DSL for package management), the large and up-to-date Nixpkgs repository, and NixOS, an immutable Linux operating system with declarative configuration, atomic updates, and easy rollback capabilities. Through practical examples and demonstrations, the unique workflow of NixOS is highlighted—including its management of system generations and reproducible builds via the Nix store and symlinks. The creation of deterministic, minimal container images with Nix is also demonstrated, emphasizing advantages over traditional Docker builds. Attendees receive a concise overview of how Nix, Nixpkgs, and NixOS streamline package management, system configuration, and containerization.

18 July 2023 Munich, Germany

Honey, I Shrunk the Datacenter: Operating Bare-Metal Kubernetes at Home for Fun and Data Sovereignty

Operating a Kubernetes cluster inside your home is not only inherently fun but also provides an excellent environment for learning and experimentation. Last but not least, keeping all data within one's own four walls is an essential prerequisite for consequent data sovereignty when self-hosting for oneself or acquaintances. This talk presents a number of requirements that can be encountered when running Kubernetes in the home environment. Based on the experiences of half a decade, a vanilla Kubernetes in a heterogeneous environment (amd64/arm64) turns out to be a flexible solution allowing continuous replacement and upgrade of both hardware and software. The speaker's individual setup with regard to hardware selection and system architecture will be briefly showcased in order to present potential solutions for energy efficiency, failover and resilience, encryption at rest, storage, computing, network, load balancing, identity management and backup. In addition to discussing challenges in running bare-metal Kubernetes (in the home environment), this talk is intended to inspire and motivate running your own cluster. Reclaim your data sovereignty!