Cilium

cartoon cover for: My Second Brain Weeds Itself Now

🌱 My Second Brain Weeds Itself Now

I gave my markdown knowledge base a nightly gardener — an AI that finds orphan notes and missing links and fixes them, every change a reviewable git commit. The fun part was the Kubernetes wall I hit on the way.

Three walls of multi-tenant isolation on Kubernetes, verified end-to-end

🧱 How Do You Isolate Two n8n Tenants on Kubernetes — and Prove Each Wall Holds?

Multi-tenant isolation is easy to assert and hard to verify. Three walls — network, secret, resource — and the actual 403s, timeouts, and admission rejections that prove each one holds.

cartoon cover for: How Do You Prevent a Compromised Pod From Calling Your Database?

🛡️ How Do You Prevent a Compromised Pod From Calling Your Database?

Default Kubernetes is a flat network. Every pod can reach every other pod. In a cluster with ten services, that’s ten potential blast radiuses instead of one.