Kubernetes
Using Bitwarden Secrets Manager with Kubernetes
Lessons Learned
Managing secrets in Kubernetes is one of those topics that looks simple at first and slowly becomes more opinionated the deeper you go. Over time, tooling choices start to matter less in theory and much more in day-to-day operations. Recently, I...
Run NGINX Securely in Kubernetes
Why You Should Stop Using the Default Image
When deploying NGINX in Kubernetes, many teams still use the default nginx image from Docker Hub, it’s what most quick-start examples show, so it feels natural. But there’s a hidden problem: that image runs as root by default. That might not sound...
From Observability to Action: Using Falco for Kubernetes Threat Detection
Learn how to integrate Falco into your cluster for real-time alerts, custom rules, and enhanced runtime security.
Modern cloud-native environments built on Kubernetes offer unprecedented flexibility and scalability, but with this power comes a new set of security challenges. Containers are ephemeral, workloads are dynamic, and threats can appear and disappear...
CIS Benchmark for Kubernetes
A kube-bench Approach
In today’s rapidly evolving IT landscape, ensuring the security and compliance of container orchestration platforms like Kubernetes is more critical than ever. The kube-bench tool, developed by Aqua Security, plays a pivotal role in this domain. It...
Hardening Kubernetes Nodes on Ubuntu
A CIS Benchmark Approach
Hardening a Kubernetes cluster begins at the node level. This guide explains how to secure Ubuntu-based Kubernetes nodes by applying the CIS (Center for Internet Security) Benchmark, which provides a detailed set of best practices for reducing...
Understanding the Components of Kubernetes
Understanding the Basics Part 2
Kubernetes is renowned for its ability to orchestrate containerized applications at scale. To fully appreciate how it works, it’s important to understand the key components that make up its architecture. In this article, we’ll dive into the core...
Introduction to Kubernetes
Understanding the Basics
Kubernetes has emerged as one of the leading platforms for managing containerized applications at scale. In this article, we’ll provide a high-level overview of Kubernetes, explore its core architecture and highlight how it compares to Docker or...
Configuring ArgoCD with Zitadel via Helm
Using External Secrets for OIDC
When integrating ArgoCD with an OpenID Connect (OIDC) provider like Zitadel, managing secrets securely is crucial. While the official documentation provides comprehensive guidance, this article focuses on a Helm-based setup where ArgoCD retrieves...
Integrating Zitadel as an OIDC Provider in Grafana
Improve your Grafana authentication flow with Zitadel’s OpenID Connect integration
While securing my Grafana instance with Zitadel as an OpenID Connect (OIDC) provider, I encountered several challenges and gained valuable insights. Since documentation on this integration is limited, I’m sharing my step-by-step guide to help others...
Resume
About Me I build Kubernetes platforms that scale, secure, and simplify complex systems. Senior Platform Engineer with 8+ years of experience designing and operating cloud-native platforms across on-premise and cloud environments. I specialize in...
EntraWatch
Internal observability and governance tool for Azure Entra ID, built to monitor identity hygiene, credential expiry, and tenant-level compliance signals. Design and development of EntraWatch, an internal cloud-native tool for monitoring and...
Homelab
Everything I run at home, from DNS and reverse proxies to media servers and monitoring. Fully declarative and reproducible.
Kaniko Contributions
Open-source contributions to Kaniko, a widely used container image build tool for Kubernetes environments. Active contributor to the Kaniko project, focusing on improving build performance, caching mechanisms, and testing infrastructure for...
KIM (Kommunikation im Medizinwesen)
Secure, highly available email platform for healthcare communication within Germany’s Telematikinfrastruktur (gematik). Design, implementation, and operation of a highly available and secure platform for KIM (Kommunikation im Medizinwesen), enabling...
kubecertmetrics
Lightweight Prometheus exporter and CLI tool for monitoring TLS certificate expiration across Kubernetes workloads and infrastructure. Designed and implemented a production-ready monitoring tool to detect and alert on expiring TLS certificates. The...
TI-Messenger (Product Platform)
Production-grade platform for secure, scalable, and interoperable real-time communication within Germany’s Telematikinfrastruktur. Operation and continuous development of a TI-Messenger (TIM) product platform built on top of the gematik reference...
TIMRef (TI-Messenger Referenzimplementierung)
Kubernetes-based reference platform for secure, interoperable real-time communication in Germany’s Telematikinfrastruktur (gematik). Design, implementation, and operation of highly available Kubernetes clusters forming the core platform...