Looking back on "Building Better Controllers" 2 years later

Over 2 years ago, I started working on some ideas to build better Kubernetes controllers. In this post, I wanted to give a bit of a retrospective on how things have gone since then. Over the years working on Istio and other projects, I observed a number of major issues with controllers: Most code was about error-prone event handling and state reconciliation, rather than business logic. Most tests, in turn, were about the same. This, in turn, made the code extremely complex, brittle, and often incorrect. This complexity lead to user facing compromise: incorrectness and performance issues. You might argue I should just write a better controller that is faster and without bugs. Maybe, but probably not. ...

November 3, 2024 · 7 min

[Cloud Native Now Blog] How Istio Ambient is Revolutionizing Cloud Connectivity

External Blog Post.

November 1, 2024 · External Post

On-Demand Development Environments

Tools to create reproducible development environments are basically everywhere these days, from Development Containers to Nix wrappers to questionable Docker hacks. However, all of these (that I have found) have a common flaw that bothers me: they all require eagerly fetching the entire environment to get anything done. This kills the premise of these environments providing any easy on-ramp for users when the first step is to download GBs of binaries. Across projects I work on, we have probably 5-10GB of dependencies, but its extremely unlikely a single developer will use more than a fraction of these at a time. Even for repeat contributors, updates to these are not always incremental (though some are), bringing continued pain as time goes on. ...

October 22, 2024 · 5 min

Inline (YAML) Langauge Injection in JetBrains IDEs

JetBrains IDEs (IntelliJ, GoLand, etc) have a nifty feature called Language Injection that lets you get full language features when a language is embedded within another. For example, a SQL query within a string within a Go file. A few of these come out of the box, but they are pretty limited -- I only had some XML ones prior to enabling the Databases plugin which added a few SQL ones. Fortunately, there is the ability to add custom ones. Unfortunately, this is expressed in a proprietary language with, as far as I can tell, zero documentation. ...

September 27, 2024 · 1 min

[Solo.io Blog] Egress Gateways Made Easy

How Istio ambient mode greatly simplifies and improves egress gateway use cases.

August 19, 2024 · External Post

[Solo.io Blog] HTTP Observability Without Compromises

How Gloo mesh brings HTTP observability to your mesh, without compromises.

August 13, 2024 · External Post

I just want mTLS on Kubernetes

An overview of options to deploy mTLS on Kubernetes

 · August 12, 2024 · 8 min

NetworkPolicy: the wrong solution to the right problem

Core problems with the API make it a challenging to use in a secure, scalable manner.

August 9, 2024 · 6 min

Stop Trusting Your Nodes

Zero trust architectures should not treat nodes as highly privileged components.

August 9, 2024 · 6 min

The Past, Present, and Future of Istio Installation

Istio's installation has a long, winding, complex history, leading to an interesting current state. In this post, I hope to explain some of the historical context of how we arrived to the current state, and where I think the project is going. This is all my personal perspective and memory of things that happened years ago, so there is likely some divergence from reality. The Past When I first started working on Istio in 2019, Istio 1.0 had just been released. The ecosystem was a pretty difference place back then. ...

August 9, 2024 · 8 min