Truly Extensible Proxies
Exploring an extreme service mesh architecture to maximize extensibility.
Proxy Layers
The OSI model attempts to build a model for network communications, where increasingly high level layers are built upon lower layers. This is only slightly useful in practice, as the real world is not so simple. In service mesh, generally discussion is reduced to L4 and L7, or TCP and HTTP. This oversimplifies the problem, leading to some confusion. Thinking in terms of termination Simply saying "HTTP" is not really clear about what is going on....
Service Mesh Proxy Classes
When looking at service mesh (or even general networking) architectures, the basic idea is to send network traffic through some component, which handles various functionality. This could be authentication, authorization, encryption, observability, reliability, networking, etc. There are a few different classes of components that can do this, though: Different types of proxy deployments Native application enhancement. The application itself is compiled in with functionality. This could be something like gRPC (or, even more "meshy", gRPC with xDS), Finagle, Hystrix, etc....
User space isn't slow
In-kernel networking solutions, such as WireGuard, are not always faster than user space.
An optimal CI/CD system
Exploring an (unfortunately, hypothetical) CI/CD system for end to end tests on Kubernetes.
Istio Ambient is not a "Node Proxy"
The common messaging around Istio Ambient Mesh is that is a "node proxy." For example, from The New Stack ... architecture that moves the proxy functionality from the pod-level to the node-level. While this is technically accurate, it is misleading and really missing the point and benefits of Ambient. A brief history of service mesh architectures This skips quite a bit of information, but is close enough. One of the earlier service meshes on the market was Linkerd 1 - not to be confused with Linkerd 2, which most people just call "Linkerd" today....
Waypoint Proxies The Hard Way
How to achieve an architecture similar to "Waypoint Proxies" without ambient mesh, or even Istio.
Building a lot of docker images
Fully utilizing buildkit's potentional
GOMAXPROCS and GOMEMLIMIT in Kubernetes
How and why to easily these fields
Saying No In Open Source
As an open source maintainer, I am reviewing roughly 25 ideas per day - whether they are feature requests, design proposals, or pull requests. Inevitably, this leads to saying "No" quite a bit as well. Usually, this is in a softer for like "No, not right now", "No, not in its current form", or "No, unless someone else approves", but the outcome is the same: the change is not accepted, and the emotional impact on the reviewer and contributor is similar....