Last year I bought a used Lenovo ThinkStation P510 from BestBuy to replace my cluster of RPIs that I had running in my home. With this change, I wanted a more reliable configuration for my services instead of the ad-hoc approach I took previously. One of the main challenges I encountered was trying to troubleshoot a broken service that I configured 6 months ago and remembering all the changes I had previously made. This is how I stumbled upon NixOS and from my experience it has the following pros & cons.

In this blog post I will talk about implementing RBAC policies within a Kubernetes cluster to enforce multi-tenancy isolation. I essentially wanted to prevent different development teams working within the same cluster from stepping on eachother’s toes (which can happen quite easily if everyone has cluster-admin privileges). I achieved this by developing a custom Helm chart that creates and tracks all the necessary Kubernetes objects needed to enforce this isolation.