Skip to content
View didiberman's full-sized avatar

Sponsoring

@neovim

Block or report didiberman

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
didiberman/README.md
██████╗  ██╗ ██████╗  ██╗
██╔══██╗ ██║ ██╔══██╗ ██║
██║  ██║ ██║ ██║  ██║ ██║
██║  ██║ ██║ ██║  ██║ ██║
██████╔╝ ██║ ██████╔╝ ██║
╚═════╝  ╚═╝ ╚═════╝  ╚═╝
$ kubectl describe deployment didi

Name:          didi
Role:          DevOps / Platform Engineer
Status:        Kubestronaut
Focus:         Internal Developer Platforms · Supply Chain Security
Exploring:     Backstage · Crossplane · Kyverno

Events:
  Reason           Message
  ------           -------
  ProjectLaunched  kubewhy - an LLM assistant that root-causes
                   Kubernetes issues with evidence
  BlogPublished    The Trivy CI/CD Hack: hijacked pipeline secrets
                   and the Kubernetes clusters they could reach

🔗 didibe.dev


$ kubectl get projects -l tier=featured
  • 🧠 kubewhy - Read-only Kubernetes assistant: an LLM inspects the cluster step by step, explains each check in plain English, and returns the root cause with evidence.
  • 🏗️ eks-idp-platform - Production IDP on AWS EKS: Terraform, ArgoCD, Kyverno, Cilium, Karpenter, and supply-chain-hardened CI (SHA-pinned actions, harden-runner, Trivy).
  • 🔐 tokenguard-operator - Kubernetes operator that scores ServiceAccount least-privilege by comparing RBAC grants against audit-log usage and detects external IP token abuse. Go, Kubebuilder, controller-runtime.
  • 🥷 NinjaDevOps - Interactive DevOps challenge platform: 80+ real-world scenarios (Linux, Docker, CKA/CKAD/CKS) on live GCP VMs, all from a browser terminal.
  • 🧬 vcluster-platform - The isolation of a real cluster at the cost of a namespace: teams get virtual Kubernetes clusters by opening a PR, with GitOps tenant onboarding.
  • 🛠️ self-service-idp - Self-service IDP assembled from open-source parts (Kratix, Backstage, Flux) on k3s - the work was the integration. One command deploys the whole stack.
  • 🛡️ practical-aks - Blank Azure subscription → Workload Identity-secured, Trivy-scanned AKS running a live LLM proxy, with supply-chain-hardened CI/CD (the attack it defends against).
$ kubectl get projects -l tier=platform  - 2 more platform builds
  • gke-production-patterns - Production-grade GKE reference architecture: Cloud SQL, Memorystore, Terraform, Helm, observability, Temporal workflows, incident response.
  • Sovereign-Mesh - Multi-tenant AI PaaS on Hetzner: vLLM, Qdrant, and TEI on a hardened K3s cluster with tenant isolation and ArgoCD GitOps.

$ helm list -n stack

Kubernetes & Orchestration   Kubernetes Helm Docker Karpenter KEDA vCluster

GitOps & IDP   ArgoCD Flux Kratix Backstage Crossplane

Cloud & Infra   AWS Google Cloud Azure Terraform GitHub Actions

AI, Workflows & Automation   kagent Temporal n8n

Security   Trivy harden-runner


$ kubectl get certifications

CKA ✓   CKAD ✓   CKS ✓   KCNA ✓   KCSA ✓   AWS-SAA ✓   →   KUBESTRONAUT 🧑‍🚀
$ kubectl get projects -n archive  - older experiments

📖 Off the clock: I wrote Social Freedom Unleashed, a book on overcoming social anxiety.

Pinned Loading

  1. kratix-platform kratix-platform Public

    Self-service Internal Developer Platform: Kratix + Backstage + Flux + Crossplane on k3s. One command deploys the full stack.

    Shell