Rust, open source, cloud tech, kubernetes


dungeon mastering, universe, ideas, homebrew


solutions, theorycrafting, minmaxing, speedrunning


classical, piano, violin


tab accidentally left blank


photography, harware, cooking, offtopic

Impersonating kube service accounts

Bypassing complicated kubernetes identity providers

Authenticating with large kubernetes clusters often risks you dealing with complicated provider logic and sometimes policies outside your control.

While controllers and operators authenticate with service accounts directly, this is only true inside the cluster. That is, unless you can impersonate the service account from outside.

[Read More]

shipcat introduction

Building a secure yaml api for kubernetes

At babylon health we have a ton of microservices running on kubernetes that are, in turn, controlled by hundreds of thousands of lines of autogenerated yaml.

So for our own sanity, we built shipcat - a standardisation tool (powered by rust-lang and serde) to control the declarative format and lifecycle of every microservice.

[Read More]