Author’s Note: I have contributed to the KCL project and have run thousands of KCL programs while exploring the language and executing its test suite. These insights and benchmarks come from hands‑on experience. While I currently do not use KCL in production, I've focused on solving real platform engineering challenges with it.

The Pain of YAML Sprawl

As teams adopt Kubernetes and GitOps, they wrestle with thousands of YAML files. YAML is human‑readable but offers no abstraction, so companies build their own templating and validation tools, leading to fragile, hard‑to‑validate manifests that drift over time.

The result? A monolithic repo full of brittle YAML that breaks at deployment. Teams use Helm, Kustomize, or custom Python scripts, but validation still happens at runtime, creating a painful "write → validate → deploy" cycle. When was the last time you updated a Helm values file to realise after deployment that the change has no effect because you have a typo in the YAML structure and Helm silently ignored the entire thing? Or even better: you created a Kustomize patch that lead to an invalid Kubernetes resource definition, leading to a ArgoCD sync failure?

I have seen this firsthand on a project. We use Go templating in ArgoCD ApplicationSets with dig expressions for lookups and default values. However, as our platform definition is pure YAML, we felt the need to introduce CUE for schema validation and custom Python scripts to ensure dig expressions resolve. At this point, we are using more than three complex technologies just create abstractions in a relatively safe manner.

KCL tackles this head‑on. It "compiles" KCL source files into plain YAML. While doing so, it validates schemas, enforces constraints, and guarantees correct abstraction usage.

Over the past few months I have invested some time to contribute to an open source project I find fascinating: wasmCloud. As a platform engineer and architect, I am very familiar with how software platforms are typically built in practice. However, with the ubiquity of Kubernetes, you run the risk to being stuck in the "doing it the Kubernetes way" line of thinking. But then again, are there any better ways? This is where wasmCloud caught my attention. A modern platform building on proven concepts from Kubernetes, but with some significant differences. In this article I want to introduce wasmCloud, how it compares to Kubernetes, what its internal architecture looks like, and what ideas are, in my humble opinion, a step up from "the Kubernetes way of things".

Kubernetes offers amazing capabilities to improve compute density compared to older runtimes such as virtual machines. However, in oder to leverage the capabilities of the platform, these tend to host applications from various tenants. This introduces a strong need for properly crafted controls and well-defined compliance to ensure the tenants use the platform correctly and do not affect one another. The RBAC capabilities provided out of the box by Kubernetes are quickly insufficient to address this need. This is where policy engines such as Kubewarden come into play. In this post we will look at how Kubewarden can be leveraged to ensure correct usage of a platform, how it compares to other policy engines, and how to best adopt it.

Making my development workflow as fast as possible is a big passion of mine. From customizing my development setup to get the last inkling of efficiency out of it, to thinking how to manage notes and knowledge resources to access them as quickly as possible. With the sudden ubiquity of AI in development tools, I came to wonder how AI could help me write code faster. Being quite the skeptic when it comes to AI actually generating code for me (using tools such as Cursor or GitHub Copilot), I came to investigate AI agents which specialise in code reviews. In this blog post I will share my experience using such an agent on a real world case. I will explore where such agents shine and where they are severely lacking.

GitOps is getting adopted more and more. However, there still seems to be some confusion as to what GitOps is, how it differs from regular CI/CD pipelines, and how to best adopt it. In this post we will quickly cover what GitOps is, and the three main lessons learned from using GitOps to manage infrastructure at scale both on premise and in the cloud.