Learn how to expose self-hosted Kubernetes services from Traefik.| inlets.dev
The Kubernetes landscape is dynamic, with the Ingress resource defining external traffic flow and the Ingress controller providing crucial routing and load balancing.| NGINX Community Blog
Introduction¶| gateway-api.sigs.k8s.io
Kubernetes load balancer service definition and types. Learn how to set and configure a load balancer and best practices.| Spacelift
Today, the ingress-nginx maintainers have released patches for a batch of critical vulnerabilities that could make it easy for attackers to take over your Kubernetes cluster: ingress-nginx v1.12.1 and ingress-nginx v1.11.5. If you are among the over 40% of Kubernetes administrators using ingress-nginx, you should take action immediately to protect your users and data. Background Ingress is the traditional Kubernetes feature for exposing your workload Pods to the world so that they can be useful.| Kubernetes
Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.| wiz.io
Find out how Inlets, VPC Peering and direct uplinks can be used to connect services into your Kubernetes clusters.| inlets.dev
Learn the different ingress implementations and how ingress and policy interact.| docs.tigera.io
Make your HTTP (or HTTPS) network service available using a protocol-aware configuration mechanism, that understands web concepts like URIs, hostnames, paths, and more. The Ingress concept lets you map traffic to different backends based on rules you define via the Kubernetes API.| Kubernetes
Inlets Uplink is a complete solution for automating tunnels, that scales from anywhere from ten to tens of thousands of tunnels.| inlets.dev
With support for native clustering on Kubernetes, NiFi 2 provides a strong foundation for building scalable data pipelines. Unlocking the potential of NiFi on Kubernetes requires both foundational capabilities and supporting services, along with the knowledge to bring these elements together. The Datavolo distribution of NiFi incorporates best practices for performance and security, enabling customers to focus on creating multimodal data pipelines.| Datavolo
Zero trust architectures should not treat nodes as highly privileged components.| blog.howardjohn.info
The self-hosted version of GitGuardian is deployed as a Kubernetes application. We recommend installing GitGuardian on an existing cluster using Helm. You can find more information on how to choose your installation method on our dedicated page.| docs.gitguardian.com
Fortunately, the external access one has been solved now that we’ve all standardized on the Ingress API. Or is it the Gateway API? Shit.| Navendu Pottekkat
Exploring the new Kubernetes Gateway API and comparing it with the existing Kubernetes Ingress API for handling external traffic.| Navendu Pottekkat
It’s a dangerous business, Frodo, going out your door. Kubernetes and public cloud infrastructure introduce a few layers of abstraction between users and our services. This article unravels some of those layers to help understand what, exactly, happens between the time a user makes a request to a Kubernetes service running in AWS and when the user receives a response. It’s helpful to start by framing a request in terms of the network boundaries involved, so let’s start there.| sookocheff.com
A storytelling guide to starting k8s| Adam Chalmers Programming Blog
)
- tl;dr - I took down my k8s cluster by letting it’s TLS certificates expire. Regenerating certificates, deleting /var/lib/kubelet/pki/kubelet-client-current, restarting the kubelet, recreating service accounts and restarting pods/services/deployments/daemonsets was what got me back to a working system without blowing everything away. Towards the end of 2019 I was visited by a small bit of failure adventure – resuscitating my tiny Kubernetes cluster after it’s TLS certificates had expir...| vadosware.io
)
+ tl;dr - I set up a mailing list (for this blog) with Mailtrain on my tiny k8s cluster. Along the way I created a small rust binary for converting POST-ed forms to mailtrain API calls and a Mithril component for mailing list signupg call-to-actions. UPDATE (06/02/2020) A reader named Damien pointed out that I didn't leave a decent example for how I was using kustomize so I wanted to add to the mrman/makeinfra-pattern repository to point out how.| vadosware.io
)
+ tl;dr - UDP support is coming to traefik soon, so I’m updating my cluster’s traefik to be ready to take advantage of it and all the other new features. Going from v1 -> v2.2 (the latest) requires some config changes so I detail them below. NGINX is one of the most venerated load balancers on the internet and when I first set up my tiny kubernetes cluster I used it.| vadosware.io
)
+ ( || ) DISCLOSURE (03/16/2021) Sitting around after releasing this post I realized that I accepted becoming a "Traefik Ambassador" due to my previous post about Traefik (the one about adding HTTPS settings easily), and submitted the post to their listing when they asked. Such treatment can certainly bea source of bias so I want to make it clear that this is not a sponsored post in any way (I have not been compensated).| vadosware.io
)
- tl;dr - My cluster-wide prometheus scraping config was picking up port 25 as a good place to send GET /metrics requests, and broke my surprisingly fragile email setup (Haraka -> Maddy), simply by inundating it with invalid HTTP requests to a port meant for SMTP. My mailer setup makes use of two pretty good F/OSS tools that I rarely have problems with: Haraka Maddy They work great, and I don’t spend much time thinking about them – I often set up a new maddy instance with separate backups...| vadosware.io
Learn how to access your applications on Kubernetes and the differences between a LoadBalancer, NodePort, port-forwarding and Ingress through examples.| Alex Ellis' Blog