Photo by Laila Gebhard on Unsplash

Every organization with a couple of microservices needs to control who can access those services, and under what conditions. An API gateway is an inevitable solution to this problem.

But should you use an existing configurable proxy like Envoy, Ngnix, Zuul, Kong, aws API gateway ( and the list can go on )? Every one of those projects has its pros and cons, its own configuration language, user community, books, docs, and tutorials.

In this post, I will argue that for you don’t, That everything you need can be achieved using a few golang lines.

This is possible because of…


Photo by Claudia Soraya on Unsplash

GitHub actions are awesome. I relay love them. But often it is necessary for a build step to connect to a private resource in your cloud. For example a mysql server running in a private network, or a private k8s cluster. This can become a real obstacle, what you should definitely not do, is open your resource to the world. The internet is full of threats and bad stuff can happen if don’t lock infrastructure behind private networks. …


Photo by Kelly Sikkema on Unsplash

When shit will hit the fan, you better be ready. Having a disaster recovery plan will save your ass one day in the future. For example, what will happen if someone will accidentally delete your k8s cluster ? If your organization is using GitOps deployment style, which by itself is a DRP friendly way of deploying stuff, ( all k8s/helm yaml files are safely stored in git ). And ArgoCD applies those files on the cluster for you. Argo is another thing that might get screwed / deleted. It stores its state in k8s config maps , secrets and CRD’s…


Photo by Loic Leray on Unsplash

If you are writing an api gateway, you need TLS termination (https requests), and you probably don’t want to manage SSL certificates (public keys signed by someone all the internet trust), yourself . If you use GKE. A simple solution can be achieved using a k8s ingress a CRD named ManagedCertificate and a couple of annotations, all you need to do is follow the documentation, which I did, and stumbled upon so many issues that it became a real pain. Google did a great job implementing the feature, but a really shitty one documenting it. …


Photo by Glen Carrie on Unsplash

As it turns out. The way to integrate code coverage into your build pipeline with GitHub actions is to use a third-party solution, like codcov.io and others. Those solutions are fantastic but can cost up to 20$ / month per user. And they come with many advanced features that not everybody needs. For a basic code coverage check on pull requests and a code coverage badge in the README.md I don’t want to pay a monthly subscription.

After digging the Internet for a free solution I found nothing useful. And decided to hack my way around.

In this post, ill…


Photo by Raquel Martínez on Unsplash

Java once-famous motto: “Write once and run everywhere” is pretty much obsolete these days, the only place we want to run code is inside a container. Where a “Just in time” compiler does not make any sense.

For this reason, probably, the Java ecosystem is in the midst of its transformation in order to become better suited for the cloud. Oracle’s GraalVm allows compiling byte code to Linux executables (ELF) and Rad Heat’s Quarkus, and other frameworks, aspire to make it as easy as bootstrapping a react app. Quarkus also leverages Netty and Vertx.x


Photo by Antonio Grosz on Unsplash

It is sometimes useful to know for every log message at what point in time of the service life it was logged, for example, errors caused by memory leaks may be logged only after the service was up for days, and request latency warnings may be logged only at the first seconds/minutes after it was deployed. It is also interesting how fast the service opened all its database connections or responded to the first successful health check. A simple solution to this might be to log the time stamp on bootstrap and calculate the offset manually. Or logging the uptime…


gRPC, JSON, or maybe graphQL? Each method has its advantages, a JSON RESTful API is the simplest, oldest, and most commonly used. However its simplicity comes with a price. Integrating with a REST API requires manually writing client code, which needs to be tested. Tests that tend to become slow since they need to start/stop a web server. Moreover, there are conventions and guidelines for designing RESTful APIs, and once you break one ( include a verb in the path by mistake for example ) and release to production, changing it will require to break backward compatibility, which is never…


In the age of k8s and micro-services its important to start fast, especially if your cluster is running on spot instances, but also if you want a to easily scale-out, restart after a database fail-over or even your own service memory leak.

CPU fractions/millicores/nanocores is something java and its echo-system was not designed and optimized for. For example libraries like Netty that use the number of available processors to decide the size of the multi-event loop, or HikaeriCP a popular jdbc connection pool that uses the number of processors to determine the connection pool size. All those tools and the…


Here at Innovid, a leading video marketing platform where we serve 1.3 million hours of video per day, we love to share command line tools to boost our productivity (or just for fun).

If you have a bunch of useful scripts and you want other Mac users to be able to install/uninstall them and even occasionally update them, while all the dependencies of those scripts are magically available on their machines — Homebrew is the tool for you! On top of that, it is also secure and open source.

In this post I will show you how to create your…

Igor Domrev

No country for code monkey.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store