Analyzing Ark from architecture, semantics, community activity, and engineering paradigms to reveal its impact on 2026 AI Infra trends and the ArkSphere community.
Blog
In-depth articles and insights on open source, AI, cloud-native, DevOps, and software engineering.
In-Depth Analysis of Ark: Kubernetes for the AI Era or a New Engineering Paradigm Shift?
Analysis of McKinsey’s Ark project: architecture, CRDs, control plane, design paradigms, production readiness, and implications for ArkSphere and AI infrastructure.
From Using AI to Relying on AI
AI’s real turning point is moving from using AI tools to building AI systems. Why the era of AI engineering hasn’t begun, and the developer opportunity in the next three years.
How to configure the extension marketplace, install AMP and CodeX plugins, and adjust editor settings to make Antigravity behave like VS Code for AI development.
Cloudflare November 18 Global Outage: The Dangers of Implicit Assumptions in Modern Infrastructure
An analysis of the Cloudflare global outage on November 18, 2025, exploring implicit assumptions, automated configuration pipelines, and systemic risks in modern infrastructure.
The Second Half of Cloud Native: The Era of AI Native Platform Engineering Has Arrived
A decade of cloud native evolution, a look ahead to AI Native platform engineering, technical layers, and key changes. KubeCon NA 2025 signals a new era.
NotebookLM Usage Experience and Best Practices
Based on months of deep usage, this article analyzes how NotebookLM helps me learn new technologies, read complex documents, generate teaching outlines, and shares future improvement expectations.
An analysis of Helm 4’s core changes, including Server-Side Apply, WASM plugin system, kstatus status model, reproducible builds, and content hash caching, with a timeline review of Helm’s history.
Kimi K2 Thinking: The True Awakening of China's Thinking Model
Kimi K2 Thinking’s open source marks China’s entry into thinking models. This article reviews its technical approach and compares it with Claude and Gemini.
TRAE SOLO vs VS Code: AI Engineering Entity Comparison
A comparison of TRAE SOLO and VS Code (Copilot, Agent HQ) via the AI Engineering Entity framework, focusing on automation, collaboration, model transparency, and engineering roles.
Closed-Source Flagships and the Open-Source Twin Phenomenon
Analysis of closed-source model acceleration and open-source ecosystem response, exploring core engineering contradictions and infrastructure evolution.
Lessons from Ingress NGINX Retirement
The retirement of Ingress NGINX reveals technical debt, migration paths, and the trend toward standardized traffic management in cloud native infrastructure.
What Makes an AI Platform Truly Kubernetes-Native?
Discover what defines a truly Kubernetes-native AI platform, key criteria for conformance, and how standardization drives interoperability and growth in cloud-native AI infrastructure.
A developer’s perspective on why ChatGPT Atlas is massive, architecturally complex, fundamentally different from Chrome, and a deep dive into its Agent runtime mechanism and limitations.
Atlas Two-Week Developer Experience
After two weeks using Atlas as my main browser, I break down its architecture, workflow boosts, pain points, and future directions from a developer’s view.
KAITO and KubeFleet: CNCF Is Reshaping AI Inference Infrastructure
CNCF is standardizing AI inference infrastructure for scalable deployment in multi-cluster Kubernetes environments through KAITO and KubeFleet.
Building Efficient LLM Inference with the Cloud Native Quartet: KServe, vLLM, llm-d, and WG Serving
Essential reading for cloud native and AI-native architects: how KServe, vLLM, llm-d, and WG Serving form the cloud native ‘quartet’ for large model inference, their roles, synergy, and ecosystem trends.
The Impact of Istio 1.28 on LLM Inference Infrastructure
Deep dive into Istio 1.28: How InferencePool, Ambient Multicluster, nftables, and Dual‑stack enhance observability, reliability, and high-concurrency networking for LLM inference infrastructure.
The Natural Fit Between AI Inference and Kubernetes
Explore why Kubernetes is the ideal runtime for AI inference — delivering elastic, cost-efficient, low-latency model serving with GPU-aware autoscaling, versioning, and observability.
Jevons and Baumol Effects in the Age of AI
In the AI era, why are materials like glass getting cheaper, but installation and labor costs keep rising? The answer lies in the interplay of Jevons Paradox and the Baumol Effect.
GitHub Copilot CLI Custom Agents Practice
Learn how to build custom AI assistants with GitHub Copilot CLI Agents to automate tasks, optimize workflows, and boost productivity in your command-line environment.
From Kubernetes to Qwen: How "Open Source" Has Changed in the AI Era
Exploring the transformation of open source in the AI era, from Kubernetes to Qwen, and revealing the fundamental differences and new opportunities in open source strategies between China and the US.
Solaris: The Ocean of Consciousness and the Metaphor of AI Agents
Explore Tarkovsky’s ‘Solaris’ (1972) as a profound meditation on consciousness, memory, and AI, revealing the spiritual dilemmas of human and artificial intelligence.
YAML to Markdown: Exploring Specification Driven Development and AI-Native Paradigms
Exploring the evolution from YAML to Markdown, revealing how specification-driven development in the AI-native era reshapes the behavior and collaboration of intelligent agents.
AI Resource Library Update: 500+ Projects, New Scoring & Display Enhancements
Discover the latest updates to our AI Resource Library, featuring 500+ projects, enhanced filtering, and a new scoring system for efficient project evaluation.
Cloud Native Enterprise Transformation: In-Depth Analysis of the AI-Native Era
An in-depth analysis of the transformation paths of cloud native enterprises in the AI-native era, exploring the impact of generative AI on the industry and future trends.
Chrome DevTools MCP: A New Era of Frontend Automation
The launch of Chrome DevTools MCP and Playwright MCP marks a new stage in frontend automation, enabling AI assistants to deeply control and debug browsers for an unprecedented developer experience.
Beware of a New GitHub Funding Phishing Scam
Explore the GitHub funding phishing scam, its attack process, and defense strategies to protect against Web3 threats in this in-depth analysis.
First Impressions of Verdent: An AI Coding Assistant Supporting Subagents
Exploring the user experience of Verdent AI coding assistant in VS Code, highlighting its unique features and areas for improvement to help developers grow more efficiently in the AI era.
Evolution and Value of Developer Relations: From Personal Practice to DevRel Foundation
Explore the evolution and significance of Developer Relations, highlighting its impact on business value and community engagement in the tech industry.
Deep Dive into Open Source PDF to Markdown Tools: Marker, MinerU, and Alternatives
An in-depth comparison of open source PDF to Markdown tools, evaluating Dolphin, MarkItDown, MinerU, and Marker for features and pros/cons to help you choose the best solution.
Key Factions of AI IDEs: Spec, Patterns, Cloud, and Model Choices
Explore the key divides in AI IDEs—how spec-driven workflows, pattern design, cloud integration, and model selection shape developer choices and engineering outcomes.
The New Era of Cloud Agent Infrastructure: In-Depth Analysis of E2B and Browserbase Global Trends
Explore the new era of cloud agent infrastructure with an in-depth analysis of E2B and Browserbase’s technical architecture and global trends, empowering the future of AI Agents.
Challenges and Transformation of Kubernetes in the AI Native Era
Exploring the challenges Kubernetes faces in the AI Native era and how it can evolve from Cloud Native to AI Native to remain relevant.
Explore how Solo.io open source projects empower Kubernetes AI applications, enhance inference services and automated operations, and help you achieve intelligent transformation.
Understanding MCP: A USB-Like AI Extension Protocol
Deep dive into Model Context Protocol (MCP), exploring its extension capabilities in AI applications with USB-like interface design that helps developers boost efficiency.
Qoder: Alibaba's AI IDE – A Comprehensive Personal Review of Its Capabilities and Future
An in-depth personal experience with Alibaba’s latest Qoder AI IDE, exploring the revolutionary features and future prospects of the Agentic Coding platform.
Why Are We Becoming Dependent on Dark Mode? — Thoughts from Visual Comfort to Product Philosophy
Analyzing why dark mode is becoming the default design paradigm from the perspectives of visual psychology, product experience, and development practice, with real-world scenarios from Midea Smart Home and my personal website.
Technical Evolution: From Big Data to AI Agents
A comparative analysis of stream data processing in the big data era versus today’s AI-native agent workflows, featuring case studies and trend insights from Dataiku, IBM StreamSets, and n8n. Explores technological evolution and convergence.
n8n Deep Dive: Architecture, Plugin System, and Enterprise Use Cases
An in-depth analysis of n8n’s evolution, technical architecture, plugin system, extension methods, and enterprise use cases, evaluating its advantages and long-term investment value as an open-source low-code AI workflow platform.
Panoramic Comparison and Analysis of Open Source AI Agent & Workflow Platforms
A comprehensive analysis of open source AI Agent and workflow platforms including Coze Studio, Coze Loop, n8n, Dify, FastGPT, RAGFlow, LangGraph, and Fabric. The comparison covers functional positioning, ecosystem extensibility, self-hosting capabilities, license restrictions, and community activity, with a focus on reference criteria for long-term platform investment.
Professional PDF Book Exporter: Export Hugo Markdown Books to PDF
A guide to exporting Hugo-based Markdown books to professional PDFs, covering multilingual support, emoji rendering, code highlighting, image processing, chapter ordering, custom covers, and key technical details. Includes an overview of the PDF Book Exporter architecture and usage, suitable for technical documentation and eBook publishing.
Building 3D Icons with JSON Prompts: The Power of Structured Prompting
Using the example of generating Jelly-style 3D icons, this article delves into the writing and best practices of JSON Prompts to make your AI outputs more precise and efficient.
WisprFlow Is Overrated: Why I Uninstalled It After a Week
WisprFlow promises efficiency but falls short. Discover my week-long experience and why I uninstalled this overrated AI transcription tool.
Building Your AI Capability Map: I've Launched an AI Resource Library for Developers
I’ve launched a new AI page on jimmysong.io, featuring a curated collection of high-quality tutorials, open-source projects, tools, and products for developers. With bilingual support, tag classification, and GitHub comments, it’s continuously updated to explore the endless possibilities of artificial intelligence.
Reflecting on a Journey: From Tetrate to What’s Next
As I wrap up an unforgettable chapter at Tetrate, I reflect on the path from Hadoop to Service Mesh to AI—and look ahead to new possibilities in developer experience and community building.
AWS Kiro First Impression: An AI IDE Focused on Workflow
A hands-on review of AWS’s new AI programming IDE — Kiro, covering its Spec mode, task orchestration capabilities, current shortcomings, and my expectations for its future.
OpenRouter Insights: Behind the Scenes of an Aggregated AI Model Gateway
While researching how to call Claude Code, I took a deep dive into the OpenRouter AI Gateway aggregation platform, exploring its features, business model, and ecosystem, and compared it with other mainstream AI gateway solutions like Portkey, LiteLLM, and Kong.
How to Use Claude Sonnet-4 and Gemini 2.5 Pro for Vibe Coding for Free or at Low Cost
Discover how to leverage Claude Sonnet-4 and Gemini 2.5 Pro for vibe coding at minimal cost, enhancing your development experience with powerful AI tools.
Mac mini M4 Base Model Expansion Experience
A detailed account of the entire process of expanding the Mac mini M4 using a Samsung 990 Pro NVMe SSD, including reasons for purchase, expansion plans, performance comparisons, development environment setup, compatibility migration, daily development experience, and docking station usage insights. The article also shares actual test data and cost breakdowns, providing practical references for developers and office users looking for a cost-effective desktop machine.
Data-Driven: How I Built My Website Content Analysis Dashboard
To better understand my website content, I developed a brand new /analysis page. This article shares its features, build process, and technical implementation, hoping to provide you with inspiration.
Note-Taking Like Coding: My VS Code + GitHub + Hugo Workflow
From VS Code editor to GitHub version control, and Hugo static site generation, this workflow makes note-taking as efficient and elegant as coding.
Envoy Jaeger Tracing Example Explained
This article provides a detailed analysis of the official Envoy example ‘jaeger-tracing’, explaining its construction process, related files, and functionality. It aims to supplement the Envoy documentation on Jaeger tracing, showcasing the architectural concept of service mesh and laying the foundation for learning service mesh technologies like Istio.
A curated list of high-quality open source tools I’ve personally tested and used for over a decade, covering development, writing, productivity, and more.
In-Depth Analysis of AI Gateway: The New Generation of Intelligent Traffic Control Hub
Deep dive into the differences between AI Gateway and traditional API Gateway, mainstream product comparisons, core functionalities, development trends, and real-world application cases.
Deep Dive into Envoy Dynamic Module: Principles, Development, and End-to-End Demo
A comprehensive guide to Envoy Proxy Dynamic Module—principles, configuration, development, and hands-on demo—with official Rust SDK and multi-language capabilities. Step by step, learn how to achieve high-performance native extensions.
Understanding Envoy's Extension and Integration Mechanisms: From Built-in Filters to Dynamic Modules
Overview of Envoy extension and integration options (C++, Lua, Wasm, dynamic modules, ext_proc, ext_authz) with a recommendation favoring dynamic modules for performance.
Step-by-Step Guide: Moving from ingress-nginx to Envoy Gateway
This blog guides users through migrating from ingress-nginx to Envoy Gateway using the Gateway API. It covers the reasons for migration, step-by-step instructions on Minikube, and how the ingress2gateway tool simplifies the transition to a more modern ingress architecture.
Observability Guide for Envoy Gateway Data Plane
A hands-on guide to configuring observability for the data plane of Envoy Gateway using Prometheus, Loki, and Tempo.
Leveraging EnvoyPatchPolicy to Extend the Capabilities of Envoy Gateway
Learn how to use EnvoyPatchPolicy to dynamically modify xDS resources in Envoy Gateway, including practical examples such as customizing local replies. Based on Envoy Gateway v1.3.2.
KubeCon EU 2025 Recap: Insights and Trends Shaping the Cloud Native Landscape
I attended KubeCon EU 2025 in London and summarized the conference highlights and trends in a slide deck for you.
Beyond Sidecar: A Deep Dive into Istio Ambient Mode Traffic Mechanism and Cost Efficiency
Overview of Istio Ambient Mode: background, components, traffic flow, and comparison with Sidecar to help you evaluate and adopt this efficient data plane model.
Understanding L7 Traffic Management in Istio Ambient Mode: From ztunnel to Waypoint Proxy
An in-depth exploration of Istio ambient mode’s L7 traffic path, covering transparent interception, policy application, and traffic forwarding from ztunnel to waypoint proxy.
In-Depth Analysis of Istio Installation Methods: Selection and Practical Guide
A deep dive into Istio installation: istioctl recommended, Helm as an alternative, Operator deprecated, API explained for real-world use.
Istio Ambient Mode: Illustrated Terminology and Concept Interpretation
This article provides a detailed glossary of Istio Ambient Mode, helping you understand its key concepts and underlying technical implementation.
Envoy’s ext_proc filter enables flexible request and response processing through gRPC integration.
Implementing HTTP/2 CONNECT Tunnels with Envoy: Concepts and Practical Guide
A deep dive into creating transparent tunnels using HTTP/2 CONNECT, including technical principles, practical workflows, and example code.
Packet Lifecycle and Traffic Optimization in Istio Ambient Mode
An in-depth analysis of the detailed processing of initial packets in Istio Ambient Mode, followed by fast forwarding and traffic optimization strategies for subsequent packets.
In-Pod IPtables Rule Injection in Istio Ambient Mode Explained
A deep dive into how iptables rules in Istio ambient mode enable transparent traffic interception and control within Pods.
Detailed Explanation of Transparent Traffic Interception in Istio ambient mode
This article is the first in a series on Istio ambient mode, focusing on how transparent traffic interception enables a sidecar-free service mesh. It provides an in-depth analysis of the interactions among the Istio CNI Node Agent, ztunnel, and pod network namespaces.
Improve Istio mesh tracing capabilities and flexibility by migrating to the Telemetry API and configuring the SkyWalking provider.
Network Cost Comparison Between Istio Sidecar and Ambient Modes
In-depth comparison of network costs and performance between Istio sidecar and ambient modes, and analysis of their locality awareness and troubleshooting methods.
Deep Dive into Istio Ambient Mode Traffic Paths: The Powerful Combination of eBPF and Istio
An in-depth exploration of the perfect combination of Cilium, eBPF, and Istio Ambient mode in Kubernetes clusters. This article provides detailed traffic path analysis in kube-proxy-free environments, complete deployment guides, and best practices.
Migrating from AWS App Mesh to Istio: A Comprehensive Guide
Guide on migrating from AWS App Mesh to Istio. Focuses on benefits of cloud-native, Kubernetes-friendly solution. Explore differences, advanced features and Tetrate Istio Migration Tool for easy, efficient transition.
This article focuses on implementing PKI for Istio in a multi-cluster environment. It details the combination of EJBCA and cert-manager, including setup steps and emphasizes the importance of PKI best practices for secure and compliant service mesh.
How the Envoy Proxy Handles User Requests for Tracing
An in-depth exploration of how the Envoy proxy processes user requests in a cloud-native environment to enable distributed tracing and enhance application observability.
Introducing Kmesh: Revolutionizing Service Mesh Data Planes with Kernel-Native Technology
Kmesh utilizes eBPF and kernel enhancements to achieve a high-performance, low-latency service mesh data plane. It revolutionizes the traditional Sidecar architecture, reduces resource consumption, and is suitable for modern cloud-native applications.
Service Mesh Data Plane Deployment Modes Explanation
This article introduces the four plane deployment modes of service meshes, analyzing their advantages and disadvantages, and provides recommendations based on their performance, reliability, and security.
Istio Sidecar vs Ambient Mode: Comparing Network Costs and Performance
Explore the network cost differences between Istio’s Sidecar and Ambient modes.
Istio Configuration Security: How to Avoid Misconfigurations
Explore common Istio configuration errors and their solutions to enhance the security and stability of your service mesh.
KubeCon China 2024 Recap: Leading the Frontiers of Cloud Native Technology
A deep dive into the cloud native technology developments at KubeCon China 2024, focusing on the integration of Istio’s Ambient mode and API gateways and their profound impact on the industry.
Navigating the Service Mesh Architecture Debate: Sidecar vs. Sidecarless
Explore the evolving debate between sidecar and sidecarless service mesh architectures with insights from top industry experts on performance, security, and complexity.
Integrating Envoy Gateway as an Ingress Gateway in Istio Service Mesh
This article describes how to integrate Envoy Gateway as an ingress gateway in the Istio service mesh to enhance application security and accessibility.
Securing Istio: Addressing Critical Security Gaps and Best Practices
Exploring security gaps in Istio and effective mitigation strategies, combined with best practices for multi-layered security.
How to Migrate from Kubernetes Ingress to the Gateway API
This article delves into the connections, differences, and migration strategies between Kubernetes Gateway API, Istio, and Ingress.
A Definitive Guide to Cross-Cluster Seamless Access in Multicluster Istio Service Mesh
Explore how to effectively implement cross-cluster seamless access in the Istio multicluster mesh using SPIRE federation, DNS proxy, and east-west gateway technologies. This guide provides detailed configuration examples and steps to help you overcome deployment challenges and ensure efficient, secure communication between services.
How to Integrating Third-Party Service Registries with Istio?
This article provides a detailed introduction on how to integrate third-party service discovery mechanisms such as Consul and Eureka with Istio, achieving seamless service discovery integration.
How to Implement Single Sign-On (SSO) with OIDC in API Gateway using Envoy Gateway?
Guide to configure Envoy Gateway with OIDC (using Auth0) to enable Single Sign-On at the API gateway level for secure, centralized authentication.
Introduction to Envoy xDS and Configuration Distribution in Istio
This article shares the components of xDS and the process of configuration distribution in Istio, as well as the two modes of xDS, SotW and Delta xDS.
Deep Dive into Istio 1.22: New Features and Practical Application Advice
Explore the new features and practical advice of Istio 1.22, including the delta xDS, path template support, and API upgrades, to optimize service mesh management.
A Journey in Paris — Capturing the Spring of France
In March 2024, I visited Paris during KubeCon EU, experiencing the local culture, cuisine, and daily life nuances.
Dragon Boat Festival Road Trip in Xinjiang: Experiencing Majestic Landscapes
A Dragon Boat Festival road trip through Ili, Xinjiang, exploring majestic landscapes and local delicacies, capturing unforgettable moments.
How to Add Instant Search to Your Hugo Website
This article introduces how to add instant search functionality to a Hugo website, and outlines ways to optimize it.
Detailed Explanation of Common Authentication Methods in Microservices
This article introduces several common authentication methods in microservices, helping you choose the appropriate authentication scheme when designing and implementing microservice systems.
Why Does Istio Ambient Mode Enforce mTLS?
Deep dive into the technical principles, architectural differences, and practical recommendations behind Istio Ambient Mode’s mandatory mTLS enforcement.
Istio CNI Unveiled: Streamlining Service Mesh Connectivity
This article provides a detailed explanation of the design principles, implementation methods, and how to enhance security and permission management through Ambient Mode in the Istio CNI plugin.
CNI Essentials: Powering Kubernetes' Network
This article provides an in-depth explanation of the basic concepts of Container Network Interface (CNI), its core components, and its relationship with Container Runtime Interface (CRI).
Envoy Gateway Overview: Modern Kubernetes Ingress with Envoy Gateway and the Gateway API
This article explores the advantages of deploying Envoy Gateway on Kubernetes, its relationship with other service mesh components, and why it’s the ideal choice for exposing services to the public internet.
Analysis of the Limitations of Istio Ambient Mode
In-depth discussion on the Ambient mode in Istio 1.22, comparison with the traditional Sidecar mode, and its limitations.
KubeCon EU 2024 Transparency Report Interpretation
A detailed interpretation of the key data and highlights from KubeCon Europe 2024.
In-depth Analysis of CNCF's Cloud Native AI Whitepaper
During KubeCon EU 2024, CNCF released its first Cloud Native Artificial Intelligence (CNAI) whitepaper. This article provides an in-depth analysis of the content of this whitepaper.
TVS: Istio and Envoy CVE Scanning Solution
This article will introduce Tetrate’s newly launched tool – Tetrate Vulnerability Scanner (TVS), a CVE scanner customized for Istio and Envoy.
KubeCon EU 2024: Impressions and Recap from Paris
Explore KubeCon EU 2024: From the latest developments in Istio and Cilium to an in-depth interpretation of cloud native trends such as AI convergence, the rise of Wasm, and enhanced observation.
ICA Certification: Latest Changes and Exam Preparation Guide for Istio Skills
Learn about ICA certification’s origin, changes, exam prep. Evolved from CIAT, it assesses Istio skills. Familiarize with Istio docs and take Tetrate’s tutorial for better prep.
Maintaining Traffic Transparency: Preserving Client Source IP in Istio
This article focuses on how to maintain transparency of the client source IP in the Istio service mesh.
Deciphering Istio Multi-Cluster Authentication & mTLS Connection
This blog deeply analyzes the initial authentication and mTLS connection process of remote gateways in Istio’s primary-remote deployment mode.
Enhancing Istio with TIS: Comprehensive Installation and Monitoring Guide
In this blog, I’ll guide you through installing Tetrate Istio Subscription (TIS) and activating its monitoring add-on.
Introducing Istio Advisor Plus GPT
Unlock the Power of Istio Advisor GPT with ChatGPT Integration.
What’s New in Istio 1.19: Gateway API and Beyond
I’m delighted to present Istio’s most recent release—Istio 1.19. This blog will provide an overview of the updates bundled in this release.
CNCF and Tetrate’s Istio certification marks 1 month, boosting Kubernetes skills in microservices, security, and traffic management.
Implementing GitOps and Canary Deployment with Argo Project and Istio
This article discusses how to use Deployment, ArgoCD, and Istio to implement GitOps and canary deployment.
How to Use GraphQL to Query Observability Data from SkyWalking with Postman
This article explains how to use GraphQL to query observability data from SkyWalking with Postman. It first introduces GraphQL and SkyWalking, then explains how to set up Postman to send GraphQL queries, and finally provides some example GraphQL queries that can be used to query observability data from SkyWalking.
Istio 1.18 Released, Now with Ambient Mode Available
This article introduces Istio 1.18, the latest release of the service mesh platform. It highlights the new features and improvements, such as ambient mode, which allows Istio to run on any Kubernetes cluster without requiring a dedicated control plane. It also explains how to get started with Istio 1.18 using Tetrate’s distribution and support.
Using Geneve Tunnels to Implement Istio Ambient Mesh Traffic Interception
This article introduces Geneve tunnels, a network virtualization protocol that can intercept Istio ambient mesh traffic more flexibly and securely than VXLAN. It also explains how Istio Ambient Mesh uses Geneve tunnels and the new eBPF mode in Istio 1.18.
Envoy Gateway 0.4.0: Extending the API for Customization
In this blog post, we will discuss the new customizations available in this release and their significance for users.
Useful AI Tools to Optimize Your Workflow
Are you looking for ways to optimize your workflow and increase productivity? Here are some useful AI tools for you.
How Are Certificates Managed in Istio?
This blog post will explain how Istio handles certificate management.
L7 Traffic Path in Ambient Mesh
This article describes in detail the L7 traffic path in Ambient Mesh in both diagrammatic and hands-on form.
How Istio's Ambient Mode Transparent Proxy - tproxy Works Under the Hood
Tproxy is used to intercept traffic in Istio Ambient mode.
How to Use SkyWalking for Distributed Tracing in Istio?
This blog will guide you to use SkyWalking for distributed tracing with Istio.
Managing Certificates in Istio with cert-manager and SPIRE
This article describes how to integrate SPIRE and use cert-manager to achieve fine-grained certificate management and certificate rotation.
How Istio’s mTLS Traffic Encryption Works as Part of a Zero Trust Security Posture
This article introduces TLS and mTLS, and describes how to enable mTLS in Istio and its application scenarios.
Transparent Traffic Intercepting and Routing in the L4 Network of Istio Ambient Mesh
This article details transparent traffic intercepting and L4 traffic paths in Ambient Mesh in both diagrammatic and hands-on form.
The Future of Istio: the Path to Zero Trust Security
The future of Istio lies in being the infrastructure for zero-trust network and hybrid cloud.
Why the Gateway API Is the Unified Future of Ingress for Kubernetes and Service Mesh
This article introduces the ingress gateway and Gateway API in Kubernetes, the new trend of them with service mesh.
The Current State and Future of the Istio Service Mesh
This article explains the background of Istio’s birth, its position in the cloud-native technology stack, and the development direction of Istio.
Why Would You Need Spire for Authentication With Istio?
This article explains what SPIRE means for zero-trust architectures and why you would need SPIRE for authentication in Istio.
In-Depth Understanding of Istio: Announcing the Publication of a New Istio Book
By the Cloud Native Community(China)
This article will guide you on how to compile the Istio binaries on macOS.
Understanding the Sidecar Injection, Traffic Intercepting & Routing Process in Istio
Learn the sidecar pattern, transparent traffic intercepting and routing in Istio.
Istio Data Plane Pod Startup Process Explained
This article will explain Istio’s Init container, Pod internal processes and the startup process.
This article will give you a brief introduction to iptables, its tables and the order of execution.
Istio Component Ports and Functions in Details
This article will introduce you to the various ports and functions of the Istio control plane and data plane.
Traffic Types and Iptables Rules in Istio Sidecar Explained
This article will show you the six traffic types and their iptables rules in Istio sidecar, and take you through the whole diagram in a schematic format.
In February 2022, Istio released 1.13.0 and 1.13.1. This blog will give you an overview of what’s new in these two releases.
Service Mesh in 2021: The Ecosystem Is Emerging
A review of the development of Service Mesh in 2021.
Introducing Slime and Aeraki in the Evolution of Istio Open-Source Ecosystem
In this article, I’ll introduce you two Istio extension projects: Aeraki and Slime.
The Debate in the Community About Istio and Service Mesh
There is no shortage of debate in the community about the practicability of service mesh and Istio – here’s a list of common questions and concerns, and how to address them.
Service Mesh - An Integral Part of Cloud-Native Applications
This article will explore the relationship between service mesh and cloud native.
Using Istio Service Mesh as API Gateway
What is the relationship between the service mesh and the API gateway? How does Istio’s gateway work? What are the ways to expose the services in the Istio mesh? This article gives you the answer.
Multicluster Management With Kubernetes and Istio
This article explains three patterns/tools for debugging microservices in Kubernetes and the changes brought by the introduction of Istio for debugging microservices.
How to Debug Microservices in Kubernetes With Proxy, Sidecar or Service Mesh?
This article explains three patterns/tools for debugging microservices in Kubernetes and the changes brought by the introduction of Istio for debugging microservices.
Happy Istio 4th Anniversary -- Retrospect and Outlook
Today is Istio’s 4 year birthday, let’s take a look back at Istio’s four years of development — and look forward to Istio’s future.
What Is Istio and Why Does Kubernetes Need it?
This article will explain how Istio came about and what it is in relation to Kubernetes.
Why Do You Need Istio When You Already Have Kubernetes?
Discover why Istio is essential for Kubernetes users, enhancing traffic management, security, and observability in cloud-native applications.
Why You Should Choose NGAC as Your Access Control Model
This article will introduce you to the next generation permission control model, NGAC, and compare ABAC, RABC, and explain why you should choose NGAC.
Istio 1.8: A Virtual Machine Integration Odyssey
Istio 1.8 revolutionizes virtual machine integration with smart DNS proxy and WorkloadGroup, making VMs first-class citizens in service mesh management.
This article will take you through what a service mesh is, as well as its architecture, features, and advantages and disadvantages.
Istio 1.8: A Smart DNS Proxy Takes Support For Virtual Machines A Step Further
WorkloadGroup is a new API object. It is intended to be used with non-Kubernetes workloads like Virtual Machines and is meant to mimic the existing sidecar injection and deployment specification model used for Kubernetes workloads to bootstrap Istio proxies.
How to Integrate Virtual Machines Into Istio Service Mesh
Learn how to seamlessly integrate virtual machines into the Istio service mesh for enhanced management and security in your microservices architecture.
New Beginning - Goodbye Ant, Hello Tetrate
Today is my last day at Ant and tomorrow I’m starting a new career at Tetrate.
Service Mesh - The Microservices in Post Kubernetes Era
This article is a rework of previously written content and is included in the Istio Handbook of the ServiceMesher community . Other chapters are still being compiled.
Cloud Native Sandbox: A Comprehensive Guide
Set up a lightweight Kubernetes and Istio environment on your laptop with Cloud Native Sandbox for fast, efficient development.
Understanding How Envoy Sidecar Intercept and Route Traffic in Istio Service Mesh
Explore how Envoy Sidecar intercepts and routes traffic in Istio Service Mesh, enhancing your understanding of traffic management and service communication.
Cloud Native With Me - The Past, Current, and Future
Today, I am honored to announce that I have become a CNCF Ambassador.
High Level Cloud Native From Kevin Hoffman
Kevin Hoffman address that 15 Factors of Cloud Native.