MFA generator in External Secrets Operator

MFA Generator in External Secrets Operator Today, I’m happy to announce that external-secrets-operator will have an MFA / TOTP token generator once this PR is merged and released. This opens up some exciting new features. For example, imagine having an AWS session that requires MFA, or you have an Azure flow that requires a TOTP token. Now, you can achieve that using automation and an MFA generated in a secret. Just define a generator: ...

May 18, 2025 · 2 min · hannibal

In-depth look at CRDs and how they work under the hood

In-depth look at CRDs and how they work under the hood Today, we are going to walk through how a CRD looks like, what it does, what it contains, how it works and how it alters Kubernetes. The design, the api extension and links and snippets to the code ( accurate at the time of writing ) where it happens. Let’s dive in. What are CRDs CRDs as described in the official Kubernetes Documentation page are objects that can extend the API of Kubernetes. ...

May 12, 2025 · 18 min · hannibal

CNCF Project Showcases

CNCF Project Showcases Hi there, hello. Long time no see. I was very busy these past months. I thought about a series though that I would like to lead. Every week or month or so, I’m going to randomly pick a CNCF project for this CSV - CNCF Projects. I will explore it and write about it. See what it does, why, how, and for what reason. I know some folks that already do this, but I don’t care. I’m doing it for myself. ...

May 10, 2025 · 1 min · hannibal

External Secrets Operator template rendering tool

External Secrets Operator template rendering tool Once this1 pull request is merged, ESO will be extended with a tool that has the ability to render templates in an object. Let’s step back a little… what are templates even? But… what is ESO even? Okay, so… ESO is external-secrets-operator2. It’s Kubernetes operator than can sync secrets between an external provider, like AWS Parameter/Secret Store, and a cluster. This is bi-directional. Meaning ESO can sync the secret back as well using something called a PushSecret3. The secret will then be pushed to the provider. This way, secrets can be backed up or straight Generated4 to provide ephemeral access to certain resources. ...

January 11, 2025 · 2 min · hannibal

Missing out on jobs because of LeetCode

Missing out of jobs because of LeetCode At the end of the last year, my previous workplace ( Weaveworks ) went bankrupt. I found myself without a job. I didn’t have to interview for a long time and I certainly wasn’t planning on it any time soon. I enjoyed my work. Thus, I started to learn a bit because I forgot how to interview. I refreshed my knowledge on LeetCode, I did some exercises, I read some books, post, whatever. I refreshed my algo knowledge because that’s what people most likely will ask, right? ...

January 9, 2025 · 2 min · hannibal

Notetaking with ADHD

Notetaking with ADHD After several years, I finally have my official diagnosis. ADHD. I had it as a kid as well, in hindsight, it was pretty fucking obvious. I could reminisce about those days for a long time. How things now fit together, how everything suddenly fell into place. Why the things happened to me as they did and how I was always always in the middle of every shit-storm. ...

January 8, 2025 · 2 min · hannibal

CORScapade; the story why cty doesn't support git flow on web

CORScapade; the story why cty doesn’t support git flow on web Recently, I implemented git based discovery for cty. It means, that the user can provide a git repo URL and cty will clone the content and look for any valid CRDs and discover them. I wanted ot provide this through the front-end as well. However, I ran into some issues… CORS Plain HTTP requests are working fine only if raw.githubusercontent.com is being used. That service doesn’t have CORS. ...

January 7, 2025 · 3 min · hannibal

Using ORAS as a library to interact with OCI repositories

Introducing ORAS into a Library This post talks about using ORAS as a library to interact with OCI repositories. First and foremost I like to keep things simple. I was seeing basic usages around the project I’m working in and some common behaviour that started to emerge. Looking at that behaviour I drawn a preliminary interface. This interface is also something similar that docker remote implementation has in containerd. Looks something like this: ...

January 6, 2025 · 10 min · hannibal

Write something every day

This year I want to do somerhinf different. For the whole year I’ll attempt to write a blogpost everyday. I might miss a day during holiday or being sick or something but the point is that by the end of the year I should have at least 365 blog posts. I also want them to be somewhat meaningful so be about some kind of technology or discovery or whatever. So posts like ‘This is a post’ are not valid. ...

January 5, 2025 · 1 min · hannibal

Add Suggest Edit to Posts

Added Suggest Edit to Post link to all my posts I added “Suggest edit” to all my posts in a way to open my blob to the community. I accept all kinds of contriubtions be they simple grammar fixes or more accurate descriptions of something. Feel free to suggest changes. I’m also toying with the idea of accepting completely new content but that remains to be seen. Thank you, and have a happy new year! ...

January 2, 2025 · 1 min · hannibal