| |
| 🔗 Stories, Tutorials & Articles |
| |
|
| |
| Extending AI gateways with Rust ✅ |
| |
| |
Every gateway ships with a set of built-in policies. Authentication. Rate limiting. Request routing. Prompt guards. These cover most use cases. But what about the ones they don’t cover?
What if you need to add a custom header based on a database lookup? What if you need to transform a request body in a way no existing filter supports? What if your business has unique logic that no off-the-shelf gateway can anticipate?
You build your own extension.
This article walks through exactly how to do that using agentgateway, Envoy, and Rust. In this tutorial, you’ll learn how to:
- Build a custom Envoy dynamic module in Rust
- Package it into a production-ready Docker image
- Deploy it to Kubernetes with kgateway and agentgateway
- Test the entire stack with a mock LLM endpoint
|
|
| |
|
| |
|
| |
| When AI agents become contributors: How KubeStellar reached 81% PR acceptance |
| |
| |
| The KubeStellar Console team learned that AI coding agents improve after engineers build deterministic feedback loops into the codebase. Engineers who grant more autonomy give agents more room to guess, with no new correction signal. |
|
| |
|
| |
|
| |
| v1.36: Deprecation and removal of Service ExternalIPs |
| |
| |
Kubernetes v1.36 deprecates Service.spec.externalIPs and starts the removal path, finally closing CVE-2020-8554, the trust-everyone hole the field has carried since the early days.
The project has recommended disabling it via the DenyServiceExternalIPs admission controller since v1.21, but SIG Network held off blocking it by default because the break was considered too large. If you still rely on externalIPs for cloud-load-balancer-style behavior on bare metal, migrate to a real load balancer implementation (MetalLB, kube-vip, or a Gateway API equivalent) before upgrading. |
|
| |
|
| |
|
| |
| Mirantis has entered into an agreement to be acquired by IREN |
| |
| |
| Mirantis has agreed to an acquisition by IREN. The companies have announced no customer-facing product changes. |
|
| |
|
| |
|
| |
| What kubectl debug doesn’t tell you: The silent evidence gap |
| |
| |
kubectl debug sessions leave almost no forensic trace: by design, EphemeralContainerStatus has no lastState or restartCount, so the exit code, session duration, target container, and debugger logs disappear from the Kubernetes API the moment anything else updates the pod.
That breaks incident handoffs (the next engineer can't verify what the previous one did) and breaks audit requirements like PCI-DSS 10.3 and SOC 2, since you cannot answer "who looked at what container, for how long" from Kubernetes audit logs alone.
Workarounds today are application-level: write findings to a shared volume before exit, tail kubectl logs -f in parallel, or watch pod events and capture the Terminated transition externally; the author argues it's time for a KEP from SIG Node or SIG Instrumentation to add a minimal lastState to ephemeral containers. |
|
| |
|
|
| |
👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community. |
