• Posts
ebpf-bng
gitops
socat
gitops-pr-diffs

Killing the ISP Appliance: An eBPF/XDP Approach to Distributed BNG

I used to work for an ISP startup that was building next-generation infrastructure. The company didn’t make it, but the problems we were trying to solve stuck with me. So I spent a few weeks building what we never got to: an open-source, eBPF-accelerated BNG that runs directly on OLT hardware. This post explains the architecture and why I think it’s the future of ISP edge infrastructure. The Problem: Centralised BNG is a Bottleneck Traditional ISP architecture looks like this:

• ebpf
• xdp
• networking
• isp
• distributed-systems
• go
• linux

Friday, January 16, 2026 | 6 minutes Read

Practical GitOps Pattern

Introduction If you’ve spent any time working with Kubernetes, you’ve probably heard of GitOps -a methodology that treats Git as the source of truth for defining and operating infrastructure and applications. In this post, I’ll walk you through a GitOps setup that uses a hierarchical folder structure, combining Helm, Helmfile, and Kustomize to give you robust, testable, and scalable deployments. We’ll also see how tools like Flux and Tilt fit into the workflow, enabling both automated deployments and seamless local development.

Tuesday, February 25, 2025 | 6 minutes Read

GitOps PR Diffs: Review What You Deploy

Introduction A common pattern I see promoted is using tools that show you what will change in your cluster at sync time - after your code is already merged. In my view, this is already too late and goes against GitOps principles. How can Git be the source of truth if there are extra steps between merge and understanding impact? In this post, I’ll show you how to generate manifest diffs during PR review, so reviewers see exactly what will change in the cluster before they approve.

Tuesday, January 14, 2025 | 6 minutes Read

Using socat to backdoor via kubernetes

Sometimes when you’re developing or debugging locally you need access to resources that are exposed to your cluster. Typically, most organisations use VPN’s to enable you to access these resources, but there’s a much easier way. Socat. The alpine/socat image is perfect for enabling backdoor access to private or internal services that are available to your cluster without having to set up and manage VPN’s. How it works is pretty simple. We run a socat pod exposing a service that’s viewable by the pod but not by us.

Friday, January 22, 2021 | 1 minute Read