11 posts with tag kubernetes

• kubernetes
• istio
• linkerd
• service-mesh
• mtls
• networking
• security

Comparing Istio 1.29 (sidecar mode) and Linkerd 2.19: data plane, mTLS, egress, resource overhead, observability, and when to use each.

• kubernetes
• istio
• envoy
• gateway-api
• networking
• security
• mtls
• service-mesh
• cilium
• aks
• gke

Comparing Istio and Envoy Gateway as Gateway API implementations: mTLS, egress, Cilium, managed cloud specifics (AKS, GKE, OVH MKS), and real client IP.

• envoy
• envoy-gateway
• rate-limiting
• kubernetes
• kustomize
• helm
• valkey
• redis
• xds
• gateway-api

How to wire envoyproxy/ratelimit as a self-hosted service into Envoy Gateway v1.7 using EnvoyPatchPolicy — three xDS patches, namespace-admin self-service, and the pitfalls to avoid.

• rust
• haproxy
• spoe
• deployment
• container
• podman
• kubernetes
• openshift
• systemd

Deploying the haproxy-spoe-rs SPOA agent in production — container image, podman-compose, Kubernetes, HAProxy configuration, health checking, logging, and systemd.

• rust
• kubernetes
• logging
• containers
• devops
• filebeat
• openshift

vigil-log-relay streams logs from Kubernetes pods, HTTP endpoints, or Unix sockets and forwards them as ndjson to any TCP-capable log collector. No DaemonSet, no node-level access, no filesystem mounts — just a single binary with a namespace-scoped ServiceAccount.

• fluent-bit
• vector
• filebeat
• logstash
• s3
• azure-blob
• nginx
• log-shipping
• container
• kubernetes
• awffull

A practical guide to shipping web server access logs to AWS S3 or Azure Blob Storage using Fluent Bit, Vector, or Filebeat/Logstash — including persistent buffering, retry configuration, concurrent write safety, and log loss prevention. Covers running AWFFull as a stateless container against object storage logs and serving the generated reports as a static website.

• go
• cert-manager
• dns
• kubernetes
• openshift

How cert-manager-webhook-libdns enables DNS-01 across many DNS providers via libdns, with practical operational improvements, compatibility automation, and a quick Kubernetes deployment path.

• eso
• openshift
• kubernetes

ESO (External Secrets Operator) breaking change in 0.10.0: "secret does not contain needed label... Update secret label to use it with webhook".

• haproxy
• TLS
• SSL
• SNI
• openshift
• podman
• kubernetes

Learn how HAProxy container uses TLS Server Name Indication (SNI) to route encrypted TCP connections without decrypting them — enabling multiple services like Nextcloud and XMPP to share port 443.

• tips-a-tricks
• openshift
• kubernetes

Some Tips and Tricks for openshift and kubernetes

• openshift
• haproxy
• sticky
• kubernetes

How OpenShift and Kubernetes handle session stickiness via HAProxy cookie-based routing.