Jan 26 · 6 min read · Subtitle: How we transformed a GKE cluster from a "Development Playground" into a "Zero Trust Fortress" using Policy-as-Code and Sidecar-less Mesh. Introduction: The Missing Layer Welcome back to the Building a Production-Grade SRE Platform on Kubern...
Join discussion
Jan 23 · 8 min read · You get a Slack message at 8 PM. A critical production service is down. After an hour of frantic debugging, you find the cause: a developer deployed a new version without resource limits, and the pod went rogue, triggering a cascading failure. We've ...
Join discussion
Jan 19 · 9 min read · In a previous article, we laid the foundations for governing Kubernetes clusters, focusing on how admission policies act as essential gatekeepers. They ensure that only compliant, secure, and well-formed resources make it into your environment. But w...
Join discussion
Jan 17 · 5 min read · Introduction: The Silent Guardian of the API Server Maintaining a Kubernetes cluster often feels like a constant battle against configuration drift. As teams scale, the anxiety of "who deployed what and why" grows. Without a gatekeeper, your API serv...
Join discussion
Dec 12, 2025 · 4 min read · Strengthening your Kubernetes supply chain starts with controlling where images are pulled from. Allowing workloads to pull directly from public registries introduces unnecessary risk, slows down deployments, and removes your ability to govern what e...
Join discussion
Nov 5, 2025 · 15 min read · Kubernetes does a lot of things automatically — scheduling, networking, scaling. But trust isn’t one of them. If someone pushes an image to a registry with your project’s name on it, Kubernetes won’t ask questions. It’ll just pull and run. Of course,...
Join discussion
Sep 23, 2025 · 17 min read · This blog post reviews the talk from Lead Software Engineer titled as “Containers without right to escape“ held at KazHackStan 2025 CyberSecurity Conference in Almaty. Speaker outlined three main topics to be discussed and demonstrated them with prac...
Join discussion
Aug 20, 2025 · 6 min read · Last night, I attended an insightful CNCF Cloud Native Live session hosted by the creators of the Kyverno project. They walked us through how Agentic AI, powered by Kyverno and Kagent, is transforming Kubernetes governance. If you’re managing Kuberne...
Join discussion
Aug 20, 2025 · 11 min read · You can get a lot done in Kubernetes just by blocking bad stuff at admission time. That’s where we left things in Part 2. We installed Kyverno, wrote policies, and saw workloads getting stopped before they cause trouble. We also saw things like mutat...
Join discussion
Aug 13, 2025 · 4 min read · Why Image Signing Matters In the world of cloud-native application delivery, speed is a priority — but so is trust.You can automate your build, test, and deploy pipeline until it hums, but here’s a critical question every Kubernetes or container-base...
Join discussion