This is the start/index post for a series of blog posts about the internals of Terraform. In this series, I will deep dive into different parts of Terraform and explain how they work under the hood.

The end-goal of this is to enable the reader to develop a deeper understanding of Terraform and how it works. After reading this, I would hope you are able to contribute to Terraform itself, add a new block to the language, or change existing behavior. I will not try to cover every single detail of Terraform, but I will try to cover the most important parts and give you a good overview of how different parts of Terraform work together.

My hope is that this series helps the reader to at least get a step closer to understanding the internals of Terraform. I won’t be covering anything related to language design and graph theory here; there are too many holes in my knowledge there as well. Maybe I’ll write something to that end in the future as well, probably not.

Open-source platform replacement for Terraform Enterprise.

In this article, I'll show how the Argo Workflows Executor Plugin lets you extend the Argo Workflows controller without maintaining your own fork—simply by implementing a small HTTP server in any language. As a bonus, this same mechanism reduces the number of extra pods in your DAGs and lightens the load on the Kubernetes scheduler. If you're new to Argo, I'll briefly cover the architecture and where plugins fit in. We'll finish with practical examples and key configuration details.

K8sQuest is a local, game-based Kubernetes training platform with an interactive GUI-like terminal interface. Each mission breaks something in Kubernetes. Your job is to fix it.

kimspect is a kubernetes container image inspection tool that provides comprehensive visibility into container images running inside your cluster. kimspect can get image information by pod, namespace, and node. Built for performance and reliability, kimspect enables container image insights with a simple, intuitive command-line interface.

KAOS is a Kubernetes-native framework for deploying and orchestrating AI agents with tool access, multi-agent coordination, and seamless LLM integration.

A K9s-inspired terminal UI for monitoring Flux GitOps resources in real-time.

Mount /nix into Kubernetes pods using the CSI Ephemeral Volume feature. Volumes share lifetime with Pods and are embedded into the Podspec.

Cartography is a Python tool that maps infrastructure assets and their relationships into a Neo4j-backed graph view.

Morgan Stanley explains how it scaled Flux across 500+ clusters over five years, including security, performance, and observability lessons.

Every container image you pull from registry.k8s.io got there through kpromo, the Kubernetes image promoter. It copies images from staging registries to production, signs them with cosign, replicates signatures across more than 20 regional mirrors, and generates SLSA provenance attestations. If this tool breaks, no Kubernetes release ships. Over the past few weeks, we rewrote its core from scratch, deleted 20% of the codebase, made it dramatically faster, and nobody noticed. That was the whole point.

This covers safer Kubernetes debugging with least-privilege RBAC, short-lived identity-bound credentials, and audited SSH-style access paths.

Agent Sandbox adds a declarative Kubernetes API for isolated, stateful AI agents with strong execution boundaries and stable network identities.

At the beginning of 2025, the OpenTelemetry Developer Experience SIG published the results of its first community survey. One of the strongest themes was clear: teams want more real-world examples of how the OpenTelemetry SDKs and the OpenTelemetry Collector are actually used in production.

To help close that gap, the SIG began collecting stories directly from end users—across industries, architectures, and company sizes. This post kicks off a new series focused specifically on organizations’ real world stories, starting with a small but uniquely challenging case.

This first story features Mastodon, a non-profit organization operating at global scale with a remarkably small team.