Networking

cartoon cover for: How Do You Prevent a Compromised Pod From Calling Your Database?

🛡️ How Do You Prevent a Compromised Pod From Calling Your Database?

Default Kubernetes is a flat network. Every pod can reach every other pod. In a cluster with ten services, that’s ten potential blast radiuses instead of one.

cartoon cover for: Same Hostname, Two Traffic Paths: Local HTTPS Without a VPN

🔐 Same Hostname, Two Traffic Paths: Local HTTPS Without a VPN

No open ports. Real TLS at home. One IngressRoute per app. This is the networking setup I landed on after ruling out everything that required a compromise.