software

Rust, open source, cloud tech, kubernetes

roleplaying

dungeon mastering, universe, ideas, homebrew

gaming

solutions, theorycrafting, minmaxing, speedrunning

music

classical, piano, violin

life

tab accidentally left blank

misc

photography, harware, cooking, offtopic

Impersonating kube service accounts

Bypassing complicated kubernetes identity providers

Authenticating with large kubernetes clusters often risks you dealing with complicated provider logic and sometimes policies outside your control.

While controllers and operators authenticate with service accounts directly, this is only true inside the cluster. That is, unless you can impersonate the service account from outside.

[Read More]

shipcat introduction

Building a secure yaml api for kubernetes

At babylon health we have a ton of microservices running on kubernetes that are, in turn, controlled by hundreds of thousands of lines of autogenerated yaml.

So for our own sanity, we built shipcat - a standardisation tool (powered by rust-lang and serde) to control the declarative format and lifecycle of every microservice.

[Read More]