A running log of useful discoveries. Mostly technical, occasionally not.
There are multiple api versions of Kubernetes Gateway API resources. For
example, when using Azure Application Gateway for Containers with end-to-end
TLS, you’ll want to use the BackendTLSPolicy with apiVersion: alb.networking.azure.io/v1 instead of apiVersion: gateway.networking.k8s.io/v1. This makes sense, as the Gateway API spec
defines general-purpose resources, while cloud providers offer their own API
versions with provider-specific extensions and capabilities.
In AKS clusters with managed Prometheus, Windows node metrics aren’t collected by default. You need to manually enable Windows node metrics in the metrics ConfigMap, unlike Linux nodes which are enabled automatically.
CPU limits in Kubernetes are harmful because they prevent pods from using available resources even when the node has spare capacity, leading to unnecessary throttling. The recommended best practice is to use accurate CPU requests without limits, which guarantees each pod its requested CPU while allowing it to burst higher when resources are available.
In Domain-Driven Design, the Aggregate pattern isn’t just about grouping related entities. It’s about defining transactional boundaries. Each Aggregate should have only one root entity that external code references, ensuring invariants are maintained consistently within that boundary.