Codefresh explains a custom Kubernetes scheduler and ballast pods strategy to pack CI workloads and reduce build-start delays.

This guide walks through deploying micro frontends on Kubernetes with ingress routing and CI/CD patterns for team-isolated delivery.

The article shows how to identify insecure RBAC, secret leakage, and risky Helm template behavior using Trivy, GitHub search, and OPA.

This guide covers enabling GPU-accelerated headless Chromium on EKS by wiring host drivers and handling virtual GPU constraints.

Upright is a self-hosted synthetic monitoring system. It provides a framework for running health check probes from multiple geographic sites and reporting metrics via Prometheus. Alerts can then be configured with AlertManager.

A git diff pager based on delta but with a file tree, à la GitHub.

Zvec is an open-source, in-process vector database — lightweight, lightning-fast, and designed to embed directly into applications. Built on Proxima (Alibaba's battle-tested vector search engine), it delivers production-grade, low-latency, scalable similarity search with minimal setup.

tapes is an Agentic telemetry system for content-addressable LLM interactions. It provides durable storage of agent sessions, plug-and-play OpenTelemetry instrumentation, and deterministic replay of past agent messages.

This article explains how to think about Kubernetes as a runtime for declarative infrastructure with a type system rather than just a container orchestrator.

This article explains how to reduce a Kubernetes sidecar container from 421MB to 90MB by building a statically linked Go binary and using a FROM scratch base image.

Wozz is a Kubernetes cost optimization tool that catches expensive resource changes before they merge.

As announced November 2025, Kubernetes will retire Ingress-NGINX in March 2026. Despite its widespread usage, Ingress-NGINX is full of surprising defaults and side effects that are probably present in your cluster today. This blog highlights these behaviors so that you can migrate away safely and make a conscious decision about which behaviors to keep. This post also compares Ingress-NGINX with Gateway API and shows you how to preserve Ingress-NGINX behavior in Gateway API. The recurring risk pattern in every section is the same: a seemingly correct translation can still cause outages if it does not consider Ingress-NGINX's quirks.

I'm going to assume that you, the reader, have some familiarity with Ingress-NGINX and the Ingress API. Most examples use httpbin as the backend.

Also, note that Ingress-NGINX and NGINX Ingress are two separate Ingress controllers. Ingress-NGINX is an Ingress controller maintained and governed by the Kubernetes community that is retiring March 2026. NGINX Ingress is an Ingress controller by F5. Both use NGINX as the dataplane, but are otherwise unrelated. From now on, this blog post only discusses Ingress-NGINX.

Migrate Kubernetes Ingress NGINX to Traefik or Gateway API — CLI + web UI

Siper is a high-performance, XDP-based IP blacklist firewall built with Go and C (eBPF). It allows you to drop malicious traffic at the earliest possible stage in the Linux networking stack—the network driver level. By leveraging XDP (Express Data Path), Siper processes packets before they even reach the kernel's heavy networking subsystem, providing extreme performance even under heavy DDoS conditions.

Since 2023, AWS CSI drivers can be misused to bypass node isolation in multi-tenant clusters.