Many developers use Docker the old-fashioned way -- a docker build and a docker run. Some non-obvious ways to use Docker. As a compiler. I gave a talk at DockerCon back in 2019 about the potential to use Docker as a compiler, and the idea is finally coming to fruition.

Concepts and resources behind networking in Kubernetes.

Overview Data transfer costs can play a significant role in determining the overall design of a system. Amazon Elastic Container Registry (Amazon ECR), Amazon Elastic Container Service (Amazon ECS), and Amazon Elastic Kubernetes Service (Amazon EKS) can incur data transfer charges depending on a variety of factors. It can be difficult to visualize what that means […]

p We've all been there - it's frustrating seeing deletion of Kubernetes resource getting stuck, hang or take a very long time. You might have i"solved"...

For every deploy, scale down event, or pod termination, users of GitLab's Pages service were experiencing 502 errors. This explains how we found the root cause and rolled out a fix for it.

Configuration affecting network reachability of a sidecar.

Amazon Elastic Kubernetes Service (Amazon EKS) managed service makes it easy to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane. When Amazon EKS was made generally available in 2018, it supported self-managed node groups. With self-managed node groups, customers are responsible for configuring the Amazon Elastic Compute […]

Me writing YAMLModern infrastructure work is, by many measures, better than it has ever been. We live in a time when a lot of the routine daily problems have been automated away by cloud providers, tooling or just improved workflows. However in the place of watching OS upgrades has come

Threat Modeling Process on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

Mac Chaffee's tech blog

Data transfer charges are often overlooked when operating Amazon Elastic Kubernetes Service (Amazon EKS) clusters; understanding these charges would help reduce cost while operating your workload on Amazon EKS at production scale. Common scenarios for data transfer charges on EKS Understanding general data transfer charges on AWS will help you better understand the EKS networking […]

Configure the Secrets Store CSI driver with HashiCorp Vault to securely inject secrets into Flux or other GitOps tools on Kubernetes.

Overview Karpenter is a high-performance Kubernetes cluster autoscaler that can help you autoscale your groupless nodes by letting you schedule layered constraints using the Provisioner API. Karpenter also makes node upgrades easy through the node expiry TTL value ttlSecondsUntilExpired. This blog post will walk you through all of the steps to make this possible, and […]

DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)...

GitHub Gist: instantly share code, notes, and snippets.

Just-in-time Nodes for Any Kubernetes Cluster

Apache Spark is an open-source lightning-fast cluster computing framework built for distributed data processing. With the combination of Cloud, Spark delivers high performance for both batch and real-time data processing at a petabyte scale. Spark on Kubernetes is supported from Spark 2.3 onwards, and it gained a lot of traction among enterprises for high performance and […]

You don't need `lifecycle: { preStop: { exec: { command: ["sleep", "30"] } } }` - foriequal0/pod-graceful-drain: You don't need `lifecycle: { pre...

You can now deploy managed ClickHouse on ARM instances with Altinity.Cloud. Why should you care about ARM? What does ARM support mean? What’s the process? Learn here.

Our learnings about Istio’s packet flow and how it manages the immense traffic.

**HELP WANTED**. my free machine will be recycled next Month (April, 2022). could someone continue build this until official support? - querycap/istio: **HELP WANTED**. my free machine will be recy...

An engineer's journal on the experiences with service mesh

Describe the feature request It should be possible to enable gzip compression for the Envoy stats endpoint (http://127.0.0.1:15090/stats/prometheus) to save some bandwidth. Currently it does not se...

FEATURE STATE: Kubernetes v1.21 [deprecated] Note: This feature, specifically the alpha topologyKeys API, is deprecated since Kubernetes v1.21. Topology Aware Hints, introduced in Kubernetes v1.21, provide similar functionality. Service Topology enables a service to route traffic based upon the Node topology of the cluster. For example, a service can specify that traffic be preferentially routed to endpoints that are on the same Node as the client, or in the same availability zone.