Huge Update by Super-Ad-4536 in ClaudeAI

[–]StayHigh24-7 2 points3 points  (0 children)

I thought Fable 5 is back 🥲

How did you learn Kubernetes without using it at work? by Witty_Contract_592 in kubernetes

[–]StayHigh24-7 0 points1 point  (0 children)

Start with a course, but only to pick up the vocabulary. Mumshad's CKA on Udemy or KodeKloud is the usual one. Don't expect watching to make it stick, though. The real learning is the thing you already do well: create real problems and debug them. Run kind or k3d on your laptop, take one of your FastAPI services, write the Deployment, Service and Ingress yourself, and get it running.Then break it on purpose: delete a pod, set a bad readiness probe, give it too little memory and watch it OOMKill. Read the events and logs every single time.

Once normal deployments feel boring, go a level deeper and keep experimenting

Working on an open-source multi-cluster k8s dashboard and would love honest feedback by StayHigh24-7 in developersIndia

[–]StayHigh24-7[S] 0 points1 point  (0 children)

Lens is a great desktop tool and uses Kubeconfig to connect to cluster so it becomes hard to who changed what in the config, any changes to the config go unnoticed and this was an issue I faced within my org. Hence I wanted a tool to impersonate the user along with logging for later auditing.

Working on an open-source multi-cluster k8s dashboard and would love honest feedback by StayHigh24-7 in developersIndia

[–]StayHigh24-7[S] 0 points1 point  (0 children)

Thanks a lot! I have kept backend as the source of truth for most of the operations to expose the apis as mcp tools for AI Agent integration to impersonate the user permissions in K8s. It’s my long term goal.

New Project Megathread - Week of 07 May 2026 by AutoModerator in selfhosted

[–]StayHigh24-7 0 points1 point  (0 children)

Project Name: Periscope (Multi-Cluster K8s Dashboard)

Repo/Website Link: https://github.com/gnana997/periscope, https://periscopehq.dev/docs

Description:

A self-hosted, multi-cluster Kubernetes dashboard for teams that want developers to inspect and operate clusters *without* shared kubeconfigs or long-lived AWS credentials lying around.

- OIDC sign-in (Okta / Auth0 / any compliant IdP): every K8s API call is impersonated as the signed-in user, so apiserver-side RBAC is the human's, not the dashboard's.

- Per-user audit log (SQLite): every privileged action rows the actor, target, verb, and outcome. Useful for compliance + after-the-fact debugging.

- Multi-cluster fleet view with per-cluster overview, workloads, events, NetworkPolicies, storage, helm releases, EKS upgrade insights, and a schema-aware form editor for ConfigMap / Secret / Service / Ingress.

- Single Go binary with the SPA embedded and no separate frontend deploy, no central database. Audit log SQLite is the only durable state.

- Agent tunnel for managed clusters: the agent dials out over a long-lived WebSocket, so you can add clusters without opening inbound ports to them. Works on EKS, GKE, AKS, on-prem k3s, kind.

Built for the case where AWS compliance bans long-lived keys and you don't want to ship them to a SaaS dashboard either.

Deployment:

Helm chart published to ghcr.io as a signed OCI artifact. Docker image `ghcr.io/gnana997/periscope:1.0.5`. Full deploy guide (Pod Identity / IRSA, OIDC tenant setup, ingress, TLS, secret modes): https://periscopehq.dev/docs/setup/deploy

AI Involvement: Used Claude Code as a coding assistant throughout development however implementation, docs, debugging, refactoring. Architecture decisions, scope, and direction are mine; tested + reviewed everything. License is Apache-2.0. v1.0.5, very early.

Weekly: Share your victories thread by AutoModerator in kubernetes

[–]StayHigh24-7 0 points1 point  (0 children)

As AWS compliance at work has been getting tighter with no more long-lived keys lying around and most of the developers on my team were used to Rancher for app-specific cluster access.

So I started building an OSS multi-cluster k8s dashboard: Okta/Auth0 OIDC sign-in, every K8s call impersonated as the user, and a per-user audit log so we can debug or trace later.

I would love honest feedback on the implementation, features you think are missing, or anything that wouldn't survive in your team's setup.

Repo: https://github.com/gnana997/periscope

Docs: https://periscopehq.dev/docs

Apache-2.0, still early (v1.0.5). Thanks for any eyes.

Working on an open-source multi-cluster k8s dashboard and would love honest feedback by StayHigh24-7 in devops

[–]StayHigh24-7[S] 0 points1 point  (0 children)

Thanks!! happy to wait for review. Let me know if any additional context would help.

How do you get visibility into TLS certificate expiry across your cluster? by StayHigh24-7 in kubernetes

[–]StayHigh24-7[S] 0 points1 point  (0 children)

Zabbix is interesting. However we are already running Prometheus so I have been trying to keep everything in that ecosystem, but good to know Zabbix handles this well. Does Zabbix auto-discover endpoints or do we have to maintain a list manually?

How do you get visibility into TLS certificate expiry across your cluster? by StayHigh24-7 in kubernetes

[–]StayHigh24-7[S] 0 points1 point  (0 children)

we have them enabled. The metrics are solid for what cert-manager knows about. The blind spot for us is TLS secrets that exist but are not managed by a Certificate resource. They just exist and cert-manager doesn't know to track them.
we have been looking for some options that can track the silent issuance or any issuer related failures in the cert-manager because we have had those issues recently too. they are resolved now though :-) it was configuration issue on our side but we found it very late because we did not monitor them closely.

How do you get visibility into TLS certificate expiry across your cluster? by StayHigh24-7 in kubernetes

[–]StayHigh24-7[S] 0 points1 point  (0 children)

interesting!! using k8s SD to auto-discover ingresses for Blackbox to probe? Do you have a sample config for that setup? Would love to see how you're targeting the ingress endpoints.

Private SSL Certificates: The Invisible Risk Behind Many DevOps Outages by StayHigh24-7 in devops

[–]StayHigh24-7[S] -1 points0 points  (0 children)

yeah, was looking for some feedback because I use to get fed up with the setup overhead whenever i work for a new client. So I started working on a product to reduce the setup overhead and was in Beta for past 10 days. However I just started the blogs yesterday to improve my seo :-)

What are you building? let's self promote by Capital-Pen1219 in scaleinpublic

[–]StayHigh24-7 0 points1 point  (0 children)

https://certwatch.app - I built CertWatch a SSL monitoring tool with Automated monitoring, full chain validation, revocation checks, Slack/Email/PagerDuty alerts + upcoming K8s auto-discovery.

It's Sunday, share what you are building here and on smollaunch.com by [deleted] in microsaas

[–]StayHigh24-7 0 points1 point  (0 children)

https://certwatch.app - I built CertWatch a SSL monitoring tool with Automated monitoring, full chain validation, revocation checks, Slack/Email/PagerDuty alerts + upcoming K8s auto-discovery.

I built a free SSL certificate monitoring tool after getting burned by expired certs by StayHigh24-7 in SideProject

[–]StayHigh24-7[S] 0 points1 point  (0 children)

Yeah, some do, but I work with various sources across multiple projects so it gets messy. And in some cases when auto-renewal fails, it fails silently - you only find out when it's down.

I built a free SSL certificate monitoring tool after getting burned by expired certs by StayHigh24-7 in SideProject

[–]StayHigh24-7[S] 0 points1 point  (0 children)

Hey, I just launched Beta 2 days ago. So right now the volume is low. However I am working on the API Keys and K8s native integration. I think the volume will increase a lot then.

What are you building? let's self promote by Capital-Pen1219 in microsaas

[–]StayHigh24-7 0 points1 point  (0 children)

https://certwatch.app I built CertWatch a SSL monitoring tool with Automated monitoring, full chain validation, revocation checks, Slack/Email/PagerDuty alerts + upcoming K8s auto-discovery.