2026-06-29
AI Tool Gateways: Sandboxing Agent Access in Kubernetes
AI agents have unlimited ambition and undefined access boundaries. You have sandboxed everything else. Here is how to sandbox your agents too.
9 min2026-06-15Network Control with Cilium and Kyverno: Policies That Actually Work
Network policies in most Kubernetes clusters are cargo cult. Teams write them, Kubernetes accepts them, and nothing changes. Cilium actually enforces them — and shows you the traffic.
8 min2026-06-13Keyless GCP Secrets in GitHub Actions: Workload Identity, Scoped to One Secret
Drop the service-account JSON key. Federate GitHub Actions into GCP with OIDC, then scope the service account to read one named secret — not the whole project.
9 min2026-03-01Authentication 101: A Complete Guide to Modern Identity Methods
Authentication gets easier when you separate login, delegated access, SSO, and workload identity. This guide shows where each one fits.
22 min