- Published on
- 9 min read
AI Tool Gateways: Sandboxing Agent Access in Kubernetes
AI agents have unlimited ambition and undefined access boundaries. You have sandboxed everything else. Here is how to sandbox your agents too.
All Posts
Observations, reflections, and technical deep-dives on building resilient systems and applied AI.
- Published on
- 8 min read
Observing LLM Inference: The Metrics That Actually Matter
TTFT is your SLO, not throughput. Here is what to measure for LLM inference, and what Google ADK, LangChain, and LangGraph give you out of the box.
- Published on
- 8 min read
Network Control with Cilium and Kyverno: Policies That Actually Work
Network policies in most Kubernetes clusters are cargo cult. Teams write them, Kubernetes accepts them, and nothing changes. Cilium actually enforces them — and shows you the traffic.
- Published on
- 8 min read
Multi-Tenant Observability: LGTM at Platform Scale
Your tenants want dashboards. Your security team wants isolation. Your SREs want a single pane of glass. Here is how to build all three with the LGTM stack.
- Published on
- 7 min read
Gateway API in Practice: From Ingress Migration to Envoy Debugging
The Kubernetes community deprecated Ingress in spirit years ago. Gateway API replaces it with a model that actually separates platform concerns from application concerns.
- Published on
- 6 min read
Running Local Kubernetes with kind: Ephemeral by Design, Production-Honest by Default
kind runs real kubeadm in Docker containers — the same setup Kubernetes CI, Cilium docs, and Envoy Gateway quickstarts use. Here is why that matters for local platform work.
- Published on
- 12 min read
The M5 Pro Setup: Same Mac, Different Era
Why 48GB changes a Mac from coding laptop into an AI workstation for local models, parallel agents, and platform engineering.
- Published on
- 6 min read
Git Commit Signing with GPG on macOS
A practical GPG commit signing setup on macOS, with GitHub verification, pinentry-mac, GPG_TTY, and the parts that usually break.
- Published on
- 8 min read
SSH Git Commit Signing for Busy Engineers
A clean SSH commit signing setup on macOS, with separate auth and signing keys, local verification, and none of the usual GPG hassle.
- Published on
- 22 min read
Authentication 101: A Complete Guide to Modern Identity Methods
Authentication gets easier when you separate login, delegated access, SSO, and workload identity. This guide shows where each one fits.
- Published on
- 12 min read
Google's GAIL Certification: Useful Strategy, Thin Engineering
Notes on Google's GAIL certification from a platform engineer: useful for strategy conversations, thin on the messy reality of shipping AI.
- Published on
- 7 min read
GKE to AWS Identity Federation: A Guide to Keyless Access
Run workloads on GKE and access AWS without static keys. This guide shows how to federate a Kubernetes service account into an AWS IAM role.
- Published on
- 8 min read
Terraform and Terragrunt: Why We Added Terragrunt at Scale
Why we added Terragrunt to Terraform to manage 100 plus services without copy paste, backend sprawl, or one giant state layout.
- Published on
- 10 min read
7 Books That Shaped How I Build Platforms Developers Actually Use
Seven books that shaped how I build platform products people trust, adopt quickly, and keep using.
- Published on
- 4 min read
Boost Your Productivity: My Zshrc Configuration for Platform Engineers
A deep dive into my zshrc configuration, featuring shortcuts for Kubernetes, Cloud Platforms, and AI tools to streamline your daily workflow.
- Published on
- 5 min read
The "It's Not Much, But It's Mine" Mac Setup
A guide to setting up your and high-likely my Mac for development, including tools, configurations, and best practices. As favorite tools and practices change, this guide will be updated. "It's not much, but it's mine" - Every $5000 Setup.
- Published on
- 9 min read
Writing a Go Client Library Worth Using
Most Go client libraries are a pain to use, test, or extend. Here's how to write one that isn't, covering functional options, context propagation, rich errors, retries, and testability.
- Published on
- 10 min read
Running Deep Learning Models at the Edge with Intel OpenVINO
A practical guide to deploying deep learning and computer vision models on Intel edge hardware with OpenVINO, from IR conversion to device trade-offs.
- Published on
- 14 min read
SUSE Cloud Native Foundations: My Study Notes
Structured study notes from the SUSE Cloud Native Foundations scholarship. Covers cloud native design, Docker, Kubernetes basics, and open source PaaS.
- Published on
- 3 min read
gRPC on Cloud Run
Cloud Run supports gRPC out of the box — once you understand how it handles TLS and HTTP/2. Here's the full picture, in Go.