Working as a solutions architect while going deep on Kubernetes security — prevention-first thinking, open source tooling, and a daily rabbit hole of hands-on learning. I make the mistakes, then figure out how to fix them (eventually).
Nothing here yet.
Feb 16 · 7 min read · In Part 1, we stayed close to the kernel. We watched a process call uname(), attach a seccomp filter, and then get shut down at the syscall boundary. No permissions debate. No LSM policy. No capability check. The kernel simply said: that syscall does...
Join discussion
Feb 5 · 10 min read · Introduction We’ve already covered two Linux security mechanisms that show up in Kubernetes securityContext: LSMs (mainly AppArmor) Capabilities. Both matter. Both do real work. But there’s a third piece that’s just as important: seccomp. If capa...
Join discussion
Jan 29 · 7 min read · Introduction Start with Linux. On macOS, if you want to do real container or Kubernetes work, the first decision isn’t Kubernetes at all, but rather how you’re going to run Linux. So far, my default approach has been a full Linux VM via UTM, with the...
Join discussion
Jan 22 · 9 min read · Kubernetes has a talent I don’t: making hard problems feel solved the moment you put them in YAML. securityContext is the best example. Most people talk about it like it’s a “Kubernetes security feature.” It’s not. Kubernetes doesn’t enforce the thin...
Join discussion
Jan 16 · 4 min read · Over the last year (actually 8 months), I managed to publish 23 posts on this blog. It meant a lot of long days, numerous lab rebuilds, half-finished markdown litter, and more time than I care to admit staring at Kubernetes YAML wondering why somethi...
Join discussion
