Arnaud's links

Links per page: 20 50 100

◄Older

page 1 / 218

Istio / Canary Deployments using Istio

Depending on your level of expertise in this area, you may wonder why Istio’s support for canary deployment is even needed, given that platforms like Kubernetes already provide a way to do version rollout and canary deployment. Problem solved, right? Well, not exactly. Although doing a rollout this way works in simple cases, it’s very limited, especially in large scale cloud environments receiving lots of (and especially varying amounts of) traffic, where autoscaling is needed.
March 8, 2026 at 8:41:32 PM GMT+1 * - permalink - - https://istio.io/latest/blog/2017/0.1-canary/

canary istio

Istio / Kubernetes Gateway API

apiVersion: v1
kind: ConfigMap
metadata:
  name: gw-options
data:
  horizontalPodAutoscaler: |
    spec:
      minReplicas: 2
      maxReplicas: 2

  deployment: |
    metadata:
      annotations:
        additional-annotation: some-value
    spec:
      replicas: 4
      template:
        spec:
          containers:
          - name: istio-proxy
            resources:
              requests:
                cpu: 1234m

  service: |
    spec:
      ports:
      - "\$patch": delete
        port: 15021

March 8, 2026 at 7:57:42 PM GMT+1 * - permalink -

- https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/#configuring-a-gateway

istio

Istio / Istio Standard Metrics
March 1, 2026 at 12:07:55 PM GMT+1 - permalink - - https://istio.io/latest/docs/reference/config/metrics/

istio metrics
Library Charts | Helm
- https://github.com/ksemele/demo-helm-library
- https://ksemele.medium.com/how-to-migrate-from-helm-monorepo-to-versioned-charts-66dfe5db321b
February 28, 2026 at 9:51:39 AM GMT+1 - permalink - - https://helm.sh/docs/topics/library_charts/

helm library

Server-Side Diff shows diff on deployment.spec.template.metadata.creationTimestamp in v3.2.0 · Issue #25184 · argoproj/argo-cd · GitHub

  resource.customizations.ignoreDifferences.apps_Deployment: |
    jsonPointers:
      - /spec/template/metadata/creationTimestamp
  resource.customizations.ignoreDifferences.apps_StatefulSet: |
    jsonPointers:
      - /spec/template/metadata/creationTimestamp
  resource.customizations.ignoreDifferences.apps_DaemonSet: |
    jsonPointers:
      - /spec/template/metadata/creationTimestamp

February 27, 2026 at 6:13:05 AM GMT+1 - permalink -

- https://github.com/argoproj/argo-cd/issues/25184#issuecomment-3491499482

argocd

Diff Strategies - Argo CD - Declarative GitOps CD for Kubernetes
Add the following annotation in the Argo CD Application resource:
```
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  annotations:
    argocd.argoproj.io/compare-options: ServerSideDiff=true
```
- upgrade Argo CD
February 25, 2026 at 10:48:47 PM GMT+1 * - permalink - - https://argo-cd.readthedocs.io/en/stable/user-guide/diff-strategies/

argocd
Announcing Linkerd 2.15: Support for VM workloads, native sidecars, SPIFFE, and a new way to get stable releases
- https://linkerd.io/releases/
January 26, 2026 at 12:12:46 PM GMT+1 * - permalink - - https://www.buoyant.io/blog/announcing-linkerd-2-15-vm-workloads-spiffe-identities

linkerd release
Note: istio

Ingress
https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/#troubleshooting

https://istio.io/latest/blog/2018/aws-nlb/

https://istio.io/latest/docs/setup/install/helm/
January 25, 2026 at 9:33:26 AM GMT+1 * - permalink - - https://links.infomee.fr/?X8TDfA

ingress istio
Maximum Throughput, Minimum Resources: Envoy Gateway AWS Load Balancing
January 24, 2026 at 12:46:38 PM GMT+1 * - permalink - - https://tetrate.io/blog/envoy-gateway-with-aws-nlb

envoy gateway
GitHub - bmad-code-org/BMAD-METHOD: Breakthrough Method for Agile Ai Driven Development
January 8, 2026 at 7:53:59 AM GMT+1 - permalink - - https://github.com/bmad-code-org/BMAD-METHOD

agent ai brainstorm Project
htmx
- django = simple poc
December 26, 2025 at 2:11:57 PM GMT+1 * - permalink - - https://htmx.org/

html
Overprovision Node Capacity For A Cluster | Kubernetes

balloon deployment
Buffer api in progress:
https://github.com/kubernetes-sigs/karpenter/issues/2571
https://github.com/kubernetes/autoscaler/pull/8151

Old proposal: pod headroom
December 26, 2025 at 1:30:24 PM GMT+1 * - permalink - - https://kubernetes.io/docs/tasks/administer-cluster/node-overprovisioning/#:~:text=Node%20overprovisioning%20is%20a%20strategy,in%20traffic%20or%20workload%20demands.

balloon buffer kuberntes overprovision placeholder
Known Limits and Service Quotas - Amazon EKS
AssignPrivateIpAddresses
UnassignPrivateIpAddresses
AttachNetworkInterface
CreateNetworkInterface
- https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-throttling.html (how to ask for limit increase)
- https://docs.aws.amazon.com/ec2/latest/devguide/monitor.html (how to enable metrics)
December 21, 2025 at 10:20:55 AM GMT+1 - permalink - - https://docs.aws.amazon.com/eks/latest/best-practices/known_limits_and_service_quotas.html#_aws_request_throttling

api aws cni limit rate throttle
Note:

scrape node exporter => hostmetrics receiver
scrape kubelet/cadvisor => kubeletstats receiver
scrape kube-state-metrics => k8sclusterreceiver
December 16, 2025 at 8:13:31 AM GMT+1 * - permalink - - https://opentelemetry.io/docs/collector/components/receiver/

metrics otel

Annotations - AWS Load Balancer Controller

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group#health_check

Condensed annotations doc


# INGRESS GROUP

alb.ingress.kubernetes.io/group.name: my-group
# [-1000,1000] default 0, not sure who has priority: bigger or smaller?
alb.ingress.kubernetes.io/group.order:

# TRAFFIC LISTENING

alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
#Once defined on a single Ingress, it impacts every Ingress within IngressGroup.
alb.ingress.kubernetes.io/ssl-redirect: '443'

# TAFFIC ROUTING

alb.ingress.kubernetes.io/load-balancer-name: custom-name
alb.ingress.kubernetes.io/target-type: ip

# protocol to reach backend HTTP, HTTPS
alb.ingress.kubernetes.io/backend-protocol: HTTP

# protocol version to reach backend : HTTP1 (default) or GRPC or HTTP2
alb.ingress.kubernetes.io/backend-protocol-version: HTTP1
# can use subnetName tag!
alb.ingress.kubernetes.io/subnets: subnet-name-a, subnet-name-b, subnet-name-c

# ACCESS CONTROL

# internal or internet-facing
alb.ingress.kubernetes.io/scheme: internal

# When this annotation is not present, the controller will automatically create one security group
# we can use sg name!
alb.ingress.kubernetes.io/security-groups: nameOfSg1, nameOfSg2

# AUTHENTICATION (oidc)
alb.ingress.kubernetes.io/auth-type: oidc
alb.ingress.kubernetes.io/auth-idp-oidc: '{"issuer":"https://example.com","authorizationEndpoint":"https://authorization.example.com","tokenEndpoint":"https://token.example.com","userInfoEndpoint":"https://userinfo.example.com","secretName":"my-k8s-secret"}'
alb.ingress.kubernetes.io/auth-on-unauthenticated-request: authenticate
alb.ingress.kubernetes.io/auth-session-timeout: '86400'
alb.ingress.kubernetes.io/auth-session-cookie: auth-service-a

# HEALTH CHECK

alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
alb.ingress.kubernetes.io/healthcheck-path: /ping

# The range is 5-300. Default to 30
alb.ingress.kubernetes.io/healthcheck-interval-seconds: 5

# The range is 2–120 seconds, default to 6
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: 2

#  The range is 2-10. Defaults to 3.
alb.ingress.kubernetes.io/healthy-threshold-count: 2

# The range is 2-10. Defaults to 3.
alb.ingress.kubernetes.io/unhealthy-threshold-count: 2

# TLS
# can be discovered automatically see https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/guide/ingress/cert_discovery/
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx

# CUSTOM

# enable access log to s3
alb.ingress.kubernetes.io/load-balancer-attributes: access_logs.s3.enabled=true,access_logs.s3.bucket=my-access-log-bucket,access_logs.s3.prefix=my-app

# enable http2 support
alb.ingress.kubernetes.io/load-balancer-attributes: routing.http2.enabled=true

Main Ingress example

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: shared-ingress-a
  namespace: default
  annotations:
    # Ingress group
    alb.ingress.kubernetes.io/group.name: shared-ingress-a
    # Traffic Listening
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
    alb.ingress.kubernetes.io/ssl-redirect: '443'
    # Traffic routing
    alb.ingress.kubernetes.io/load-balancer-name: shared-ingress-a
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/subnets: subnet-name-a, subnet-name-b, subnet-name-c
    # Access control
    alb.ingress.kubernetes.io/scheme: internal
    alb.ingress.kubernetes.io/security-groups: nameOfSg1, nameOfSg2
    # Health check
    alb.ingress.kubernetes.io/healthcheck-protocol: HTTP
    alb.ingress.kubernetes.io/healthcheck-path: /ping
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: 5
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: 2
    alb.ingress.kubernetes.io/healthy-threshold-count: 2
    alb.ingress.kubernetes.io/unhealthy-threshold-count: 2
    # TLS => should be autodiscovered
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx

spec:
  ingressClassName: alb

Child Ingress example

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-service-a
  namespace: my-service-a
  annotations:
    alb.ingress.kubernetes.io/group.name: shared-ingress-a
    alb.ingress.kubernetes.io/group.order: 
spec:
  ingressClassName: alb
  rules:
    - host: my-service-a.example.com
      http:
        paths:
          - path: /*
            pathType: ImplementationSpecific
            backend:
              service:
                name: "my-service-a"
                port:
                  number: 80

September 6, 2025 at 9:38:13 AM GMT+2 * - permalink -

- https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/guide/ingress/annotations/#health-check

alb ingress

Troubleshooting | Karpenter
August 27, 2025 at 1:24:24 PM GMT+2 * - permalink - - https://karpenter.sh/docs/troubleshooting/#maxpods-is-greater-than-the-nodes-supported-pod-density

karpenter maxPods
Assign more IP addresses to Amazon EKS nodes with prefixes - Amazon EKS
August 27, 2025 at 1:23:59 PM GMT+2 * - permalink - - https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html

aws cni prefix
gRPC Load Balancing on Kubernetes without Tears | Kubernetes
September 8, 2024 at 8:58:36 PM GMT+2 * - permalink - - https://kubernetes.io/blog/2018/11/07/grpc-load-balancing-on-kubernetes-without-tears/

grpc kubernetes
Crossplane project on LinkedIn: KubeCon Europe 2024: Watch these 8+ Crossplane-y talks
April 22, 2024 at 9:21:06 PM GMT+2 * - permalink - - https://www.linkedin.com/posts/crossplane_kubecon-europe-2024-watch-these-8-crossplane-y-activity-7188201362034233349-i3d7

crossplane k8s
aws/amazon-ec2-spot-interrupter: The ec2-spot-interrupter is a simple CLI tool that triggers Amazon EC2 Spot Interruption Notifications and Rebalance Recommendations.
April 14, 2024 at 11:42:33 AM GMT+2 - permalink - - https://github.com/aws/amazon-ec2-spot-interrupter

aws ec2 karpenter spot tools

Links per page: 20 50 100

◄Older

page 1 / 218