AMAmit Malhotrainbuoyantcloudinc.hashnode.dev·May 6 · 6 min readMulti-Cluster GKE Migration with Istio: Implementation GuideMulti-Cluster GKE Migration with Istio: A Practical Implementation Guide Most enterprise migrations to GKE don't start clean. You have workloads running on AWS EKS, on-prem Kubernetes, or a legacy GKE setup that can't all move at once. I've watched t...00
AMAmit Malhotrainbuoyantcloudinc.hashnode.dev·Apr 29 · 5 min readGKE Gateway API for Production Traffic Management GuideHow to Implement GKE Gateway API for Production Traffic Management Kubernetes Ingress served its purpose for simple HTTP routing. It breaks down when you need canary deployments, multi-domain TLS with automatic certificate rotation, or cross-namespac...00
AMAmit Malhotrainbuoyantcloudinc.hashnode.dev·Apr 22 · 6 min readGKE Hardening: Secrets Injection & Control Plane AccessGKE Hardening: Secrets Injection and Control Plane Access with IAM + DNS Two GKE security patterns that teams consistently defer: how secrets reach pods, and how CI/CD pipelines access the control plane. After reading this guide, you'll have producti...00
AMAmit Malhotrainbuoyantcloudinc.hashnode.dev·Apr 1 · 6 min readIAM Recommender + BigQuery for Zero Trust at ScaleHow to Use IAM Recommender and BigQuery for Zero Trust Policy Enforcement at Scale Least privilege is the goal. Nobody achieves it manually across a GCP org with dozens of projects and hundreds of service accounts. I've worked with SaaS companies who...00
AMAmit Malhotrainbuoyantcloudinc.hashnode.dev·Mar 25 · 5 min readEliminate GCP Service Account Keys with Workload IdentityEliminating GCP Service Account Keys with Workload Identity Federation Static service account keys remain the single biggest identity risk in GCP environments. I find them in production across most new client engagements—embedded in CI/CD environment...00