AI Tool Gateways: Sandboxing Agent Access in Kubernetes
AI agents have unlimited ambition and undefined access boundaries. You have sandboxed everything else. Here is how to sandbox your agents too.
9 min2026-06-22Observing LLM Inference: The Metrics That Actually Matter
TTFT is your SLO, not throughput. Here is what to measure for LLM inference, and what Google ADK, LangChain, and LangGraph give you out of the box.
8 min2026-06-15Network Control with Cilium and Kyverno: Policies That Actually Work
Network policies in most Kubernetes clusters are cargo cult. Teams write them, Kubernetes accepts them, and nothing changes. Cilium actually enforces them — and shows you the traffic.
8 min2026-06-13Keyless GCP Secrets in GitHub Actions: Workload Identity, Scoped to One Secret
Drop the service-account JSON key. Federate GitHub Actions into GCP with OIDC, then scope the service account to read one named secret — not the whole project.
9 min2026-06-13Serving a Next.js Static Site on Cloudflare (Like This One)
A Next.js static export on Cloudflare is fast, free, and has no server to patch — the whole setup, MDX to Terraform, in a clonable starter repo.
10 min2026-06-08Multi-Tenant Observability: LGTM at Platform Scale
Your tenants want dashboards. Your security team wants isolation. Your SREs want a single pane of glass. Here is how to build all three with the LGTM stack.
8 min2026-06-01Gateway API in Practice: From Ingress Migration to Envoy Debugging
The Kubernetes community deprecated Ingress in spirit years ago. Gateway API replaces it with a model that actually separates platform concerns from application concerns.
7 min2026-05-25Running Local Kubernetes with kind: Ephemeral by Design, Production-Honest by Default
kind runs real kubeadm in Docker containers — the same setup Kubernetes CI, Cilium docs, and Envoy Gateway quickstarts use. Here is why that matters for local platform work.
6 min2026-02-22Google's GAIL Certification: Useful Strategy, Thin Engineering
Notes on Google's GAIL certification from a platform engineer: useful for strategy conversations, thin on the messy reality of shipping AI.
12 min2025-09-10GKE to AWS Identity Federation: A Guide to Keyless Access
Run workloads on GKE and access AWS without static keys. This guide shows how to federate a Kubernetes service account into an AWS IAM role.
7 min2025-07-20Terraform and Terragrunt: Why We Added Terragrunt at Scale
Why we added Terragrunt to Terraform to manage 100 plus services without copy paste, backend sprawl, or one giant state layout.
8 min2025-07-017 Books That Shaped How I Build Platforms Developers Actually Use
Seven books that shaped how I build platform products people trust, adopt quickly, and keep using.
10 min2025-06-22Boost Your Productivity: My Zshrc Configuration for Platform Engineers
A deep dive into my zshrc configuration, featuring shortcuts for Kubernetes, Cloud Platforms, and AI tools to streamline your daily workflow.
4 min2021-06-15SUSE Cloud Native Foundations: My Study Notes
Structured study notes from the SUSE Cloud Native Foundations scholarship. Covers cloud native design, Docker, Kubernetes basics, and open source PaaS.
14 min