Ilia Gusev

Your NetworkPolicy uses IP addresses. Your pods change IPs on every restart. See the problem? Cilium fixes this with identity-based security. No IPs. Just labels. podostack.com/p/cilium-ebpf-…

We replaced 47 NetworkPolicies with 12 CiliumNetworkPolicies. Same security posture. L7 visibility we never had before. The policies became readable. That alone was worth it. Full identity + L7 guide: podostack.com/p/cilium-ebpf-… 🛠️

Scaling becomes a non-issue. Pods come and go. IPs change. Replicas scale from 3 to 30. The policy says "app=payments" - not a list of IPs. Zero policy updates when you scale. Zero drift.

What if you could see every network request between your services - not in logs, but live? Hubble does this. From the kernel. Zero instrumentation. podostack.com/p/cilium-ebpf-…

Your query scans 50M rows to return 10. A covering index makes it read zero table pages. Same query. Same data. 100x faster. podostack.com/p/covering-ind…

One covering index turned a 4.2s dashboard query into 38ms. No app changes. No caching layer. Just the right columns in the right index. Full guide with EXPLAIN examples and sizing math: podostack.com/p/covering-ind… 🛠️

When NOT to use them: - Wide indexes waste memory (buffer pool pressure) - High-write tables pay on every INSERT/UPDATE - If you SELECT *, nothing is covering Best for: read-heavy queries with known column lists. Dashboards, reports, API endpoints returning the same fields.

We used to spend hours debugging connectivity issues. Now it takes 30 seconds with hubble observe. The best part? It's built in. Install Cilium, enable Hubble, done. Full Hubble deep dive: podostack.com/p/cilium-ebpf-… 🛠️

Policy troubleshooting becomes trivial. "Why can't pod A reach pod B?" Run hubble observe --verdict DROPPED. It tells you which policy denied it and why. No more guessing. No more kubectl describe on 15 NetworkPolicies.