Kubernetes Moving to Native Sidecars Upgrading all our sidecar containers to Kubernetes Native Sidecars, including cloudsql-proxy and istio-proxy.
Istio Upgrading to Istio 1.21.x Upgrading Istio from 1.20 to 1.21. Issues with JWT auth in dynamicMetadata and AuthorizationPolicies.
Kubernetes Alert and Incident Enrichment Evolution of Alerting and Incident Management: Navigating Chaos in a Remote Work Era. From Desk Huddles to Digital Collaboration and how we adapted.
Kubernetes To Auto Scale or not to Auto Scale, that is the question The challenges of Auto Scaling, from cold start impact, tech debt, and cost realities. Prioritising scaling as code and shared responsibility for optimal performance in cloud efficiency.
Istio Scaling the Sidecar Scaling Istio Sidecars, and how we consider the relationship of Sidecar resources tightly coupled to the application.
Kubernetes Enabling GZIP Response Compression with EnvoyFilter How to enable GZIP compression of responses using EnvoyFilter
Kubernetes Managing Services: Metadata Capturing, validating, storing and discovering service metadata. Keeping that metadata consistent across numerous integration points.
Kubernetes Cold Start Applications Using Istio, Kubernetes and Prometheus to build dynamically scaling infrastructure that can scale unused workloads to zero.
Istio Using EnvoyFilters to Debug Requests Using EnvoyFilter to debug HTTP requests, and locate those missing important tracing headers
Kubernetes Kubernetes Service Discovery Storing rich metadata as Custom Resources on the Kubernetes API to enable Service Discovery.
Istio CI for Istio Mesh How we build, test and release Istio across 5 environments using a custom release process + chart.
Istio Upgrading to Istio 1.8 & 1.9 Some good news! 1.8 and 1.9 were a lot less painful than previous releases, so I bundled them into a single blog post. Remember that you shouldn't skip-version upgrade so if you're still on 1.7, go through 1.8 to 1.9. This
Istio Upgrading Istio to 1.7 Upgrade from 1.6 to 1.7 was less effort, but caused more impact than previous releases. Memory usage jumped again, but there's light at the end of the tunnel.
Istio Upgrading Istio to 1.6 Upgrade to Istio 1.6 was quite painful. This post details all the issues we faced and how we tackled them - to hopefully save others some time.
Istio Istio Upgrades: Prometheus SDS How to handle the migration to Istio SDS in your prometheus instances.
Istio Istio at Scale: Sidecar Configuring Istio using the Sidecar resource to minimise the load and footprint of both the control and data plane at scale
Istio Locality Aware Routing Talking through the Pros and Cons of the default-enabled Locality Aware Routing on Istio and the steps you can take to make it work for you.
Istio Reduce Istio Sidecar metric cardinality How to configure the Istio stats EnvoyFilter to reduce the cardinality of metrics in istio-proxy to greatly reduce the load on Prometheus
Prometheus Featured Federated Prometheus to reduce Metric Cardinality How to reduce Istio metric cardinality following a migration to telemetry v2 - using Prometheus Federation and Rollup recording rules
Istio Istio: 503's with UC's and TCP Fun Times 503 errors are commonly seen by Istio users, but it's a bit of a catch-all error code. This blog helps you debug them using tcpdump and istio-proxy logs
GCP Managing your costs on Kubernetes I've been doing quite a lot of work around managing cost in Public Cloud recently, specifically with Kubernetes and Google Cloud Platform. One of the key topics of conversation that always gets brought up during on-prem/private cloud to public cloud migrations is cost. There is generally a
Nginx Creating an OpenWAF solution with Nginx, ElasticSearch and ModSecurity Creating an OpenWAF solution using NGINX, ElasticSearch and ModSecurity.
AWS Serverless vs Kubernetes Serverless vs Kubernetes, and why I think they're trying to achieve the same thing - virtualised infrastructure abstraction.
Kubernetes NGinx Lua scripting to reload configuration Bear with me... I know the first thing you're probably thinking is "why the hell would he want to do that?!", well, let me explain... I was recently building a horizontally scalable deployment of NGinx pods [https://github.com/Stono/docker-nginx-letsencrypt] on kubernetes. They had shared