howardjohn's Blog

Software Engineer at Solo.io. I work on Istio and write about wherever that brings me. Opinions my own.

[AWS Blog] Transforming Istio into an enterprise-ready service mesh for Amazon ECS

How Istio ambient mode brings an enterprise-ready service mesh to Amazon ECS.

November 27, 2024 · External Post

Scaling Ambient In Your Sleep

How ambient achieves massive scale without toil.

November 15, 2024 · 3 min

"Zero to Value" in two steps with Istio ambient mode

When we first started designing what eventually became Istio ambient mode, there were many directions we explored, both in terms of implementation, and what our goals were. What resonated most, though, was that we wanted to provide an incredibly easy onboarding story for a subset of functionality. This subset, ultimately, was getting Mutual TLS deployed for all service-to-service communication within a cluster. I talk a bit more about this here. Since then, I think we have delivered on this promise... and gone even further! In this post, I wanted to highlight some of the areas that I think ambient helps deliver some serious value to users with minimal complexity. ...

November 5, 2024 · 5 min

Looking back on "Building Better Controllers" 2 years later

Over 2 years ago, I started working on some ideas to build better Kubernetes controllers. In this post, I wanted to give a bit of a retrospective on how things have gone since then. Over the years working on Istio and other projects, I observed a number of major issues with controllers: Most code was about error-prone event handling and state reconciliation, rather than business logic. Most tests, in turn, were about the same. This, in turn, made the code extremely complex, brittle, and often incorrect. This complexity lead to user facing compromise: incorrectness and performance issues. You might argue I should just write a better controller that is faster and without bugs. Maybe, but probably not. ...

November 3, 2024 · 7 min

[Cloud Native Now Blog] How Istio Ambient is Revolutionizing Cloud Connectivity

External Blog Post.

November 1, 2024 · External Post

On-Demand Development Environments

Tools to create reproducible development environments are basically everywhere these days, from Development Containers to Nix wrappers to questionable Docker hacks. However, all of these (that I have found) have a common flaw that bothers me: they all require eagerly fetching the entire environment to get anything done. This kills the premise of these environments providing any easy on-ramp for users when the first step is to download GBs of binaries. Across projects I work on, we have probably 5-10GB of dependencies, but its extremely unlikely a single developer will use more than a fraction of these at a time. Even for repeat contributors, updates to these are not always incremental (though some are), bringing continued pain as time goes on. ...

October 22, 2024 · 5 min

Inline (YAML) Langauge Injection in JetBrains IDEs

JetBrains IDEs (IntelliJ, GoLand, etc) have a nifty feature called Language Injection that lets you get full language features when a language is embedded within another. For example, a SQL query within a string within a Go file. A few of these come out of the box, but they are pretty limited -- I only had some XML ones prior to enabling the Databases plugin which added a few SQL ones. Fortunately, there is the ability to add custom ones. Unfortunately, this is expressed in a proprietary language with, as far as I can tell, zero documentation. ...

September 27, 2024 · 1 min

I just want mTLS on Kubernetes

An overview of options to deploy mTLS on Kubernetes

 · August 12, 2024 · 8 min

NetworkPolicy: the wrong solution to the right problem

Core problems with the API make it a challenging to use in a secure, scalable manner.

August 9, 2024 · 6 min

Stop Trusting Your Nodes

Zero trust architectures should not treat nodes as highly privileged components.

August 9, 2024 · 6 min