This article explains how to reduce a Kubernetes sidecar container from 421MB to 90MB by building a statically linked Go binary and using a FROM scratch base image.

Wozz is a Kubernetes cost optimization tool that catches expensive resource changes before they merge.

As announced November 2025, Kubernetes will retire Ingress-NGINX in March 2026. Despite its widespread usage, Ingress-NGINX is full of surprising defaults and side effects that are probably present in your cluster today. This blog highlights these behaviors so that you can migrate away safely and make a conscious decision about which behaviors to keep. This post also compares Ingress-NGINX with Gateway API and shows you how to preserve Ingress-NGINX behavior in Gateway API. The recurring risk pattern in every section is the same: a seemingly correct translation can still cause outages if it does not consider Ingress-NGINX's quirks.

I'm going to assume that you, the reader, have some familiarity with Ingress-NGINX and the Ingress API. Most examples use httpbin as the backend.

Also, note that Ingress-NGINX and NGINX Ingress are two separate Ingress controllers. Ingress-NGINX is an Ingress controller maintained and governed by the Kubernetes community that is retiring March 2026. NGINX Ingress is an Ingress controller by F5. Both use NGINX as the dataplane, but are otherwise unrelated. From now on, this blog post only discusses Ingress-NGINX.

Migrate Kubernetes Ingress NGINX to Traefik or Gateway API — CLI + web UI

Siper is a high-performance, XDP-based IP blacklist firewall built with Go and C (eBPF). It allows you to drop malicious traffic at the earliest possible stage in the Linux networking stack—the network driver level. By leveraging XDP (Express Data Path), Siper processes packets before they even reach the kernel's heavy networking subsystem, providing extreme performance even under heavy DDoS conditions.

Since 2023, AWS CSI drivers can be misused to bypass node isolation in multi-tenant clusters.

Understanding CoreDNS, Forwarders, ndots, and Name Resolution Flow

Continuously reconcile CRDs in the cluster with template validation before apply.

A lightweight tool for deploying and managing containerised applications across a network of Docker hosts. Bridging the gap between Docker and Kubernetes

Lightweight Dockerfile linter that helps you write better Dockerfiles. Get instant feedback with quality scores, security checks, and 60+ best practice rules.

Kaniop is a Kubernetes operator for managing Kanidm.

Kanidm is a modern, secure identity management system that provides authentication and authorization services with support for POSIX accounts, OAuth2, and more.

Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS.

A Kubernetes CSI (Container Storage Interface) driver for TrueNAS Scale 25.10+.

witr helps inspect why processes are running by PID, name, or port with a terminal UI.