• kubernetes
• istio
• linkerd
• service-mesh
• mtls
• networking
• security

Comparing Istio 1.29 (sidecar mode) and Linkerd 2.19: data plane, mTLS, egress, resource overhead, observability, and when to use each.

• rclone
• nfs
• azure
• s3
• systemd
• bash
• packaging
• backup
• replication

Learn how to sync an NFS share to Azure Blob Storage or S3 with rclone. Production hardening, monitoring, and benchmark strategy for large file trees.

• rust
• kubernetes
• logging
• containers
• devops
• filebeat
• openshift

vigil-log-relay streams logs from Kubernetes pods, HTTP endpoints, or Unix sockets and forwards them as ndjson to any TCP-capable log collector. No DaemonSet, no node-level access, no filesystem mounts — just a single binary with a namespace-scoped ServiceAccount.

• kubernetes
• istio
• envoy
• gateway-api
• networking
• security
• mtls
• service-mesh
• cilium
• aks
• gke

Comparing Istio and Envoy Gateway as Gateway API implementations: mTLS, egress, Cilium, managed cloud specifics (AKS, GKE, OVH MKS), and real client IP.

• envoy
• envoy-gateway
• rate-limiting
• kubernetes
• kustomize
• helm
• valkey
• redis
• xds
• gateway-api

How to wire envoyproxy/ratelimit as a self-hosted service into Envoy Gateway v1.7 using EnvoyPatchPolicy — three xDS patches, namespace-admin self-service, and the pitfalls to avoid.

• rust
• haproxy
• spoe
• deployment
• container
• podman
• kubernetes
• openshift
• systemd

Deploying the haproxy-spoe-rs SPOA agent in production — container image, podman-compose, Kubernetes, HAProxy configuration, health checking, logging, and systemd.

• rust
• haproxy
• spoe
• networking
• performance
• benchmark
• tokio
• async

Building a HAProxy Stream Processing Offload Agent (SPOA) library in Rust — zero-dependency async design, mpsc write batching, 95.9% test coverage, and 2.8–4.9× higher throughput than the Go reference implementation.

• dns
• dnssec
• powerdns
• pdns
• networking
• privacy

How to configure PowerDNS Recursor 5.4 to resolve directly against TLD name servers without depending on the root name servers at runtime, using a local root.zone file loaded via zonetocaches — including DNSSEC validation, trust anchor setup, and the race condition that prevents it from working without a hint file.

• rust
• dns
• dnssec
• hickory-dns
• networking
• privacy
• tls
• prometheus

How to run Hickory DNS as a full recursive resolver starting from the root zone, with DNSSEC validation, TLS-encrypted upstream connections, Happy Eyeballs, and Prometheus metrics — including all configuration options added in the recurser-from-root-zone branch.

• rust
• containers
• devops
• init
• supervisor

vigil-rs is a PID 1 / container init daemon written in Rust. It supervises multiple processes, runs health checks, fires HTTP(S) alerts on state transitions, and exposes a REST API over a Unix socket with native zombie-reaping and per-service stop signals.