AWS

Building a Hacky AWS Proxy Service with kube-proxy, socat, and Bash August 15, 2025

Disclaimer: My good friend Claude wrote this post. I only created a hack and told him about it.

Ever needed to connect to AWS services like RDS or DocumentDB from your local machine, but they’re locked away in private subnets? Instead of doing something reasonable like setting up a VPN, here’s a solution that involves using your production Kubernetes cluster as an impromptu bastion host. What could possibly go wrong?

Replicating AWS IRSA Workflow for my Homelab with Talos and a Raspberry Pi June 9, 2024

IRSA leverages OpenID Connect to authenticate service accounts, providing a secure and convenient method to access AWS resources. This approach simplifies the management of credentials in your Kubernetes environment.

To test AWS IRSA (IAM Roles for Service Accounts) in a selfhosted Kubernetes cluster, I used a spare Raspberry Pi 4 and Talos (Kubernetes Operating System). This could have easily been done with docker on my mac but I wanted to do a real test so I can migrate the config over to my homelab cluster.