Skip to content

Instantly share code, notes, and snippets.

View rkoster's full-sized avatar

Ruben Koster rkoster

87 followers · 127 following
  • Rabobank
  • Netherlands
View GitHub Profile
@rkoster
rkoster / rfc-draft-domain-scoped-mtls-gorouter-v2.md
Created March 25, 2026 13:05
RFC: Domain-Scoped mTLS for GoRouter (Revised with Access Policy API)

Meta

  • Name: Domain-Scoped mTLS for GoRouter
  • Start Date: 2026-02-16
  • Author(s): @rkoster, @beyhan, @maxmoehl
  • Status: Draft
  • RFC Pull Request: community#1438

Summary

@rkoster
rkoster / README.md
Created March 20, 2026 11:14
Experiment: GoRouter route tags with shared routes (CF mTLS RFC)

Experiment: GoRouter Route Tags with Shared Routes

Context

Cloud Foundry's RFC for Domain-Scoped mTLS on GoRouter proposes scope-based authorization that uses GoRouter's existing route-emitter tags (organization_id, space_id) to enforce "same org/space" boundary checks at the domain level. This experiment verifies that the tags carry the correct information when routes are shared across spaces.

Question

When a route is shared from Space A to Space B (and both spaces have apps mapped to it), do the GoRouter route table tags reflect:

  • (a) The route owner's org/space (Space A for all endpoints), or
@rkoster
rkoster / README.md
Created March 11, 2026 14:10
Analysis: Why cf-deployment use-compiled-releases.yml is stuck on stemcell 1.423

Why use-compiled-releases.yml is Stuck on Stemcell 1.423

Summary

The operations/use-compiled-releases.yml file in cf-deployment references stemcell version 1.423 for all compiled releases, even though newer stemcells are available. This is due to how the CI pipeline is configured to only recompile all releases on major stemcell version bumps.

Root Cause

1. The update-stemcell-and-recompile-releases Job Only Triggers on Major Bumps

@rkoster
rkoster / README.md
Last active February 20, 2026 09:39
Comparison of bosh-agent PR #396 (AWS NVMe Instance Storage) vs PR #402 (Azure NVMe Support)

Comparison: bosh-agent PR #396 vs PR #402

Overview

Both PRs address NVMe device discovery challenges but for different cloud providers with fundamentally different approaches.

Aspect PR #396 (AWS) PR #402 (Azure)
URL cloudfoundry/bosh-agent#396 cloudfoundry/bosh-agent#402
Cloud Provider AWS Azure
@rkoster
rkoster / README.md
Last active March 12, 2026 09:15
Diego: Full mTLS for App-to-App Traffic - Current State and Implementation Plan

Meta

  • Name: Domain-Scoped mTLS for GoRouter
  • Start Date: 2026-02-16
  • Author(s): @rkoster, @beyhan, @maxmoehl
  • Status: Draft
  • RFC Pull Request: community#1438

Summary

@rkoster
rkoster / .envrc
Created November 6, 2020 18:59
Direnv nix config files for installing specific version on the fly cli when entering project dir.
use nix
@rkoster
rkoster / gist:f5cdab0c5955a149b9b5df669b3437c5
Last active September 15, 2020 13:15
Comparison between ixgbevf shipped with linux-aws and intel: https://sourceforge.net/projects/e1000/files/ixgbevf%20stable/
https://packages.ubuntu.com/xenial/linux-aws-source-4.4.0 ixgbevf 2.12.1-k
❯ diff ubuntu/linux-4.4/drivers/net/ethernet/intel/ixgbevf upstream/ixgbevf-2.12.1/src | wc -l
3424
❯ diff ubuntu/linux-4.4/drivers/net/ethernet/intel/ixgbevf upstream/ixgbevf-4.1.2/src | wc -l
3897
❯ diff ubuntu/linux-4.4/drivers/net/ethernet/intel/ixgbevf upstream/ixgbevf-4.6.3/src | wc -l
5348
❯ diff ubuntu/linux-4.4/drivers/net/ethernet/intel/ixgbevf upstream/ixgbevf-4.8.1/src | wc -l
5475
@rkoster
rkoster / gist:75aebfd9ab82f6378b82154c6a3f5dbc
Last active June 26, 2018 08:09
Verifying my Blockstack ID is secured with the address 1NVzvRRTvvoQ6UgngVVarthwGkpqLNy3uM https://explorer.blockstack.org/address/1NVzvRRTvvoQ6UgngVVarthwGkpqLNy3uM
@rkoster
rkoster / gist:82635b2ee5aef044a9dfe6d5cae65b40
Last active April 16, 2018 19:16
Verifying my Blockstack ID is secured with the address 1NVzvRRTvvoQ6UgngVVarthwGkpqLNy3uM https://explorer.blockstack.org/address/1NVzvRRTvvoQ6UgngVVarthwGkpqLNy3uM
@rkoster
rkoster / grouped_alerts.json
Created May 16, 2017 17:28
{
"receiver": "default-receiver",
"status": "resolved",
"alerts": [
{
"status": "resolved",
"labels": {
"alertname": "BOSHJobProcessUnhealthy",
"bosh_deployment": "cf",
"bosh_job_index": "0",