Skip to content
View didiberman's full-sized avatar
😶‍🌫️
4(ish) types of IDPs: https://didibe.dev/blog/idp-approaches-compared
😶‍🌫️
4(ish) types of IDPs: https://didibe.dev/blog/idp-approaches-compared

Sponsoring

@neovim

Block or report didiberman

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
didiberman/README.md
██████╗  ██╗ ██████╗  ██╗
██╔══██╗ ██║ ██╔══██╗ ██║
██║  ██║ ██║ ██║  ██║ ██║
██║  ██║ ██║ ██║  ██║ ██║
██████╔╝ ██║ ██████╔╝ ██║
╚═════╝  ╚═╝ ╚═════╝  ╚═╝

DevOps / Platform Engineer  ·  Kubestronaut  ·  didibe.dev

I build and operate Kubernetes infrastructure and automation pipelines.
Currently exploring Internal Developer Platforms w/ Backstage, Crossplane & Supply Chain Security

Selected Work

Project Description
eks-idp-platform Production IDP on AWS EKS. Terraform modules, ArgoCD, Kyverno, Cilium, Karpenter, and hardened CI with SHA-pinned actions, harden-runner, and Trivy v0.35.0.
AWS Kubernetes Terraform Cilium Karpenter ArgoCD Trivy harden-runner
vcluster-platform Virtual Kubernetes clusters: the isolation of a real cluster at the cost of a namespace (~370 Mi per tenant, ready in ~35s). Self-service platform where teams get clusters by opening a PR - measured benchmarks, blast-radius isolation, GitOps tenant onboarding.
vCluster Kubernetes Terraform ArgoCD
kratix-platform Self-service IDP: Kratix + Backstage + Flux on k3s, deployed from scratch with one command.
Kratix Backstage Crossplane
practical-aks Production-grade AKS build: blank Azure subscription → Workload Identity-secured, Trivy-scanned cluster running a live LLM proxy. CI/CD pipeline includes supply chain hardening: SHA-pinned Actions and harden-runner network egress control - the kind of attack the March 2026 Trivy compromise demonstrated.
Azure Trivy harden-runner
gke-production-patterns Production-grade GKE reference architecture: Cloud SQL, Memorystore, Terraform, Helm, CI/CD, observability, Temporal workflows, and incident response.
Google Cloud Temporal Prometheus
Tokenguard Operator Kubernetes operator scoring ServiceAccount least-privilege by comparing RBAC grants against audit log usage. Detects external IP token abuse. Go, Kubebuilder, controller-runtime.
Kubebuilder
NinjaDevOps Interactive DevOps challenge platform - 80+ real-world challenges covering Linux, Docker, and Kubernetes (CKAD, CKA, CKS) in live GCP VMs. Broken servers, misconfigs, k8s emergencies - all from a browser terminal.
Linux Docker Kubernetes React Firebase Cloud Run
Sovereign-Mesh Multi-tenant AI PaaS on Hetzner: vLLM, Qdrant, and TEI on a hardened K3s cluster with tenant isolation and GitOps via ArgoCD.
ArgoCD Qdrant vLLM

Stack

Kubernetes & Orchestration

Kubernetes Helm Docker Karpenter KEDA vCluster

GitOps & IDP

ArgoCD Flux Kratix Backstage Crossplane

Cloud & Infra

AWS Google Cloud Azure Terraform GitHub Actions

AI, Workflows & Automation

kagent Temporal n8n

Security

Trivy harden-runner


Certifications

AWS-SAA · CKA · CKAD · CKS · KCNA · KCSA · Kubestronaut 🎖️


Other Projects

Show older experiments

📖 Off the clock: I wrote Social Freedom Unleashed, a book on overcoming social anxiety.

Pinned Loading

  1. kratix-platform kratix-platform Public

    Self-service Internal Developer Platform: Kratix + Backstage + Flux + Crossplane on k3s. One command deploys the full stack.

    Shell