Hacker News: KGunnerud

New comment by KGunnerud in "Maybe you shouldn't install new software for a bit"

KGunnerud — Fri, 08 May 2026 07:13:11 +0000

I would rather work with a company that updates continuously, while also building security into multiple layers so that weaknesses in one layer can be mitigated by others.

For example, at one company I worked for, they created an ACL model for applications that essentially enforced rules like: “Application X in namespace A can communicate with me.” This ACL coordinated multiple technologies working together, including Kubernetes NetworkPolicies, Linkerd manifests with mTLS, and Entra ID application permissions. As a user, it was dead simple to use and abstracted away a lot of things i do not know that well.

The important part is not the specific implementation, but the mindset behind it.

An upgrade can both fix existing issues and introduce new ones. However, avoiding upgrades can create just as many problems — if not more — over time.

At the same time, I would argue that using software backed by a large community is even more important today, since bugs and vulnerabilities are more likely to receive attention, scrutiny, and timely fixes.

New comment by KGunnerud in "Copilot edited an ad into my PR"

KGunnerud — Mon, 30 Mar 2026 07:41:02 +0000

Another step into ensh*ttification? https://www.youtube.com/watch?v=T4Upf_B9RLQ

Norwegian Police live charts to rais awareness about abusive material

KGunnerud — Thu, 05 Feb 2026 11:25:13 +0000

Article URL: https://police2peer.politiet.no/

Comments URL: https://news.ycombinator.com/item?id=46898500

Points: 7

# Comments: 4

New comment by KGunnerud in "So you wanna write Kubernetes controllers?"

KGunnerud — Tue, 28 Jan 2025 07:23:11 +0000

I've seen different aproaches to controllers, some times it should have been a generator instead, but the problem with generators is that they don't allow (in the same sense) for abstractions at the same level of controllers.

E.g. at one company I worked, they made a manifest to deploy apps that, in v1 was very close to Deployment. It felt owerkill. As they iterated, suddenly you got ACLs that changed NetworkPolicy in Calico (yes can be done with generator), then they added Istio manifests, then they added App authroizations for EntraID - Which again provisioned EntraID client and injected certificate into pods. All I did was add: this app, in this namespace, can talk to me and I got all this for "free". They code in the open so some of the documentation is here: https://docs.nais.io/explanations/nais/

One day, they decided to change from Istio to LinkerD. We users changed nothing. The point is, the controller was 2 things: 1: for us users to have a golden path and 2: for the plattform team themselves to have an abstraction over some features of kube. Although I do see that it might be easy to make poor abstractions as well, e.g. just because you don't create a Deployment (its done for you), you still have to own that Deployment and all other kube constructs.

I'm currently in a org that does not have this and I keep missing it every, every day.

New comment by KGunnerud in "Monorepo – Our Experience"

KGunnerud — Thu, 07 Nov 2024 06:45:09 +0000

Done that at two different places. This was public sector in both cases so typically many products in the organization. So one product was one monorepo.

Wrote this some years ago: https://dev.to/kgunnerud/our-experience-monorepo-with-java-m...

Nobody in our team wants to go back to nonmonorepo now, although everone was sceptical initially