Anomaly Alerting in Prometheus At Auto Trader, we strive to build alerts that the majority can benefit from out-of-the-box, rather than hard coded alerts for specific scenarios. We want you to be able to deploy a service and just get value from the platform - particularly when it comes to observing and alerting on
Kubernetes Enabling GZIP Response Compression with EnvoyFilter How to enable GZIP compression of responses using EnvoyFilter
Kubernetes Managing Services: Metadata Capturing, validating, storing and discovering service metadata. Keeping that metadata consistent across numerous integration points.
Kubernetes Cold Start Applications Using Istio, Kubernetes and Prometheus to build dynamically scaling infrastructure that can scale unused workloads to zero.
Istio Using EnvoyFilters to Debug Requests Using EnvoyFilter to debug HTTP requests, and locate those missing important tracing headers
Kubernetes Kubernetes Service Discovery Storing rich metadata as Custom Resources on the Kubernetes API to enable Service Discovery.
Istio CI for Istio Mesh In my Last Blog Post I mentioned that I "don't trust operators". This raised a few eyebrows with people considering the Istio operator is one of the primary supported means of installing Istio. So I've decided to take a little time out and explain why I said that, and also
Istio Upgrading to Istio 1.8 & 1.9 Some good news! 1.8 and 1.9 were a lot less painful than previous releases, so I bundled them into a single blog post. Remember that you shouldn't skip-version upgrade so if you're still on 1.7, go through 1.8 to 1.9. This blog will cover the
Istio Upgrading Istio to 1.7 Upgrade from 1.6 to 1.7 was less effort, but caused more impact than previous releases. Memory usage jumped again, but there's light at the end of the tunnel.
Istio Upgrading Istio to 1.6 Upgrade to Istio 1.6 was quite painful. This post details all the issues we faced and how we tackled them - to hopefully save others some time.
Istio Istio Upgrades: Prometheus SDS How to handle the migration to Istio SDS in your prometheus instances.
Istio Istio at Scale: Sidecar Configuring Istio using the Sidecar resource to minimise the load and footprint of both the control and data plane at scale
Istio Locality Aware Routing Talking through the Pros and Cons of the default-enabled Locality Aware Routing on Istio and the steps you can take to make it work for you.
Istio Reduce Istio Sidecar metric cardinality How to configure the Istio stats EnvoyFilter to reduce the cardinality of metrics in istio-proxy to greatly reduce the load on Prometheus
Prometheus Federated Prometheus to reduce Metric Cardinality How to reduce Istio metric cardinality following a migration to telemetry v2 - using Prometheus Federation and Rollup recording rules
Istio Istio: 503's with UC's and TCP Fun Times 503 errors are commonly seen by Istio users, but it's a bit of a catch-all error code. This blog helps you debug them using tcpdump and istio-proxy logs
Cloud Hosting Ghost for (almost) nothing How to host a Ghost blog, with domain, and TLS for around £10/year.
GCP Managing your costs on Kubernetes I've been doing quite a lot of work around managing cost in Public Cloud recently, specifically with Kubernetes and Google Cloud Platform. One of the key topics of conversation that always gets brought up during on-prem/private cloud to public cloud migrations is cost. There is generally a shift towards
Nginx Creating an OpenWAF solution with Nginx, ElasticSearch and ModSecurity So many technologies in one title! Recently I've been spending quite a bit of time investigating ModSecurity as a potential replacement Web Application Firewall, and I've had some really positive results. The purpose of this post is to share with you how I've set this up, so you can do
Docker Securing microservices in the Enterprise I've had a couple of really interesting conversations over the past few months about the complexities of deploying microservices in typical large enterprises, so decided to take some time to pull my thoughts together. Before we start however, I want to ground some terminology: Microservice: Everyone loves a good buzzword,
AWS Serverless vs Kubernetes I'm currently at Craft Conf, where the vast majority of the topics seem to focus around either Kubernetes or server-less architecture. As a result, a discussion broke out around which is better. And I am willing to bet that you read the title of this post expecting a brutal showdown.
Nginx Securing your website I recently took this website from a rather poor 'F' rating, to an 'A+' on Observatory. I wanted to share with you the tweaks I made, as no doubt some of you are going through, or need to go through the same journey! For context, I use Nginx as
Kubernetes NGinx Lua scripting to reload configuration Bear with me... I know the first thing you're probably thinking is "why the hell would he want to do that?!", well, let me explain... I was recently building a horizontally scalable deployment of NGinx pods on kubernetes. They had shared storage for the HTTPS certificates they used
Docker Using Docker containers as Systemd services If you've read any of my recent posts, you'll know I've recently swithed from MacOSX to Linux. One of the things this has done is made me realise just how much stuff I had installed with brew on MacOSX - for example; Redis, which I use a lot. As much
