Kubernetes & Containers
Engineering notes and deep-dives on Kubernetes & Containers, with practical examples and lessons from experience.
-
Istio Ambient Mesh: sidecarless and the end of the double hop
Ambient took Envoy out of every pod. Where that removes the double hop and the overhead — and where the sidecar is still justified.
Read -
Cilium and eBPF: replacing kube-proxy and removing iptables from Kubernetes networking
Everyone sees eBPF as a speedup, but the real value is a decision rule: where replacing kube-proxy pays off, and where iptables still wins.
Read -
Ingress NGINX reaches EOL: migrating to Gateway API without panic
Why the end of kubernetes/ingress-nginx is about risk, not roadmap, and how to move to Gateway API in stages.
Read -
OOMKilled forensics: from pmap to cgroups memory.stat
Exit code 137 leaves no stack trace and no final log line, while the dashboard swears there was plenty of memory. The tools that answer «where did the memory go» — while the pod is still alive.
Read -
Kubernetes 1.36 (Haru): What Actually Changes in Production
Mutating webhooks have started dying, Ingress NGINX is retired, HPA scale-to-zero is still alpha. A pragmatic 1.36 triage for the platform team — without the blogosphere hype.
Read -
A Kubernetes Debugging Agent: Query Templates or Scripts?
Zinchenko hands the LLM MetricsQL templates; my VM skill feeds the agent a finished aggregate. I dissect the flexibility-versus-reproducibility axis and why read-only by blacklist is weaker than an allowlist.
Read