Observability & Telemetry
- How block storage in Cortex reduces operational complexity for running Prometheus at massive scale
While Cortex runs massive scaled observability clusters, and does this blazing fast for millions over millions of entries; the internal complexity increases as well as by the current implementation many new features are blocked. Now, the community introduces the usage of block storage and two new components that solve some of their issues.
- Logging in Kubernetes: EFK vs PLG Stack
The EFK (ELK) stack is for many years the default setup for logging infrastructure. However, since Grafana Loki enters the game, the momentum can turn. This short comparison gives you a good comprehensive overview and when which solutions fit best.
Cloud Native Development
- UPDATE: UBER DELETED ORIGINAL POST - Introducing Domain-Oriented Microservice Architecture
Uber moved a couple of years ago from their monolithic architecture over to a microservice architecture but lately discovered a difficult to manage complexity. Therefore Uber developed the Domain-Oriented Microservice Architecture, which logically outlines services with high cohesion and packs them together into layers that have clearly described interfaces. No innovation, but a great approach!
- 5 Kubernetes security incidents and what we can learn from them
What has Capital One, Docker Hub, and Tesla in common? Right, they messed up with their Kubernetes, leading to security incidents that you should have a look at.
- GKE Networking Best Practices for Security and Operation
Googles managed Kubernetes is by default still quite open, as with every K8s you need to take actions in preventing the possibility to abuse these threads and lock down the access to various resources on the GKE.
- The Seccomp Notifier – New Frontiers in Unprivileged Container Development
With secure computing, you can restrict the syscalls down to a very limited/specific set of functions. The notifier gives you more transparency about the filters loaded and, therefore, more insights into the actual task handling.
- Two Quick Ways to Apply Zero Trust in Kubernetes
Zero Trust means, well ..., to not trust anyone at any time on any infrastructure. Within K8s this can be fast achieved by the utilization of Network Policies and SPIFFE/SPIRE.
- Baremetal Loadbalancer Porter
Porter is an open source load balancer designed for bare metal Kubernetes clusters. It's implemented by a physical switch and uses BGP and ECMP to achieve the best performance and high availability.
- How we migrated Dropbox from Nginx to Envoy
Dropbox is on their way to migrate from Nginx to Envoy for many reasons, read about their journey and why you should think about it too.
A Kubernetes-native Virtual Desktop Infrastructure