All Posts

A thumbnail image

Authentik Proxy Outpost on Kubernetes: The Parts Nobody Documents

April 2026 — Every Authentik tutorial covers OIDC. Here’s what to do when the app has no OIDC support at all. I run Authentik as my SSO provider on a self-hosted RKE2 cluster.

Apr 24, 2026 - 7 min read
A thumbnail image

cluster-shepherd: The AI Ops Agent That Actually Knows Your Cluster

April 2026 — what happens when you stop treating AI as a search engine and start treating it as a co-pilot with real cluster access

Apr 10, 2026 - 27 min read
A thumbnail image

Ending the commit storm: validating FluxCD manifests locally before they hit the cluster

February 2026 — on the commit history that nobody wants to show their colleagues Every GitOps practitioner has a section of their git history they’d rather not talk about.

Feb 19, 2026 - 5 min read
A thumbnail image

119 commits in one day: what happens when AI meets GitOps without guardrails

January 2026 — a post-mortem on why your branch protections mean absolutely nothing when an AI is at the wheel It started with a reasonable idea I run a self-hosted Kubernetes cluster.

Jan 15, 2026 - 13 min read
A thumbnail image

One curl command to a GitOps-ready RKE2 cluster

December 2025 — because “fresh cluster” should not take a day Every time I’ve needed to spin up a new Kubernetes cluster — new hardware, new lab environment, disaster recovery test — I’ve gone through the same ritual.

Dec 31, 2025 - 5 min read