Blog post: k3s + SSM, a platform of one #17

New issue

Closed

opened 2026-05-23 20:55:41 +00:00 by coilysiren · 1 comment

coilysiren commented

2026-05-23 20:55:41 +00:00

Owner

Originally filed by @coilysiren on 2026-05-03T19:53:24Z - https://github.com/coilysiren/website/issues/1343

🤖 Filed by Claude Code on Kai's behalf.

Working title: k3s + SSM, a platform of one

Hook: Building a "platform" usually implies a team. This is what the same shape looks like when the entire ops org is one person: k3s on a single box, SSM as the secret store, GitHub Actions as the deploy plane, a small wrapper CLI as the operator interface.

Beats:

The substrate: kai-server, k3s topology, why single-node and not multi-node.
Secrets: SSM SecureString as canonical, no Vault, why that's the right call here.
Deploy: GH Actions assumes a role, talks to k3s via API server, applies manifests. The full path.
Operator interface: coily wraps the privileged ops, audit-logs, denies the obviously-bad.
Observability: what's actually instrumented and what isn't (this is also the gap).
Lessons: what scales down well from "real platform engineering" and what doesn't.

Why now: hits AWS + K8s + observability in one piece. Closest single post to "here is the public evidence of the bio."

Audience: platform engineers who want to run their own stuff but get scared off by the team-scale tooling discourse.

🤖 Filed by Claude Code on Kai's behalf.

Moved from coilysiren/coilyco-ai#13.

_Originally filed by @coilysiren on 2026-05-03T19:53:24Z - [https://github.com/coilysiren/website/issues/1343](https://github.com/coilysiren/website/issues/1343)_ > 🤖 Filed by Claude Code on Kai's behalf. **Working title:** k3s + SSM, a platform of one **Hook:** Building a "platform" usually implies a team. This is what the same shape looks like when the entire ops org is one person: k3s on a single box, SSM as the secret store, GitHub Actions as the deploy plane, a small wrapper CLI as the operator interface. **Beats:** - The substrate: kai-server, k3s topology, why single-node and not multi-node. - Secrets: SSM SecureString as canonical, no Vault, why that's the right call here. - Deploy: GH Actions assumes a role, talks to k3s via API server, applies manifests. The full path. - Operator interface: coily wraps the privileged ops, audit-logs, denies the obviously-bad. - Observability: what's actually instrumented and what isn't (this is also the gap). - Lessons: what scales down well from "real platform engineering" and what doesn't. **Why now:** hits AWS + K8s + observability in one piece. Closest single post to "here is the public evidence of the bio." **Audience:** platform engineers who want to run their own stuff but get scared off by the team-scale tooling discourse. > 🤖 Filed by Claude Code on Kai's behalf. --- *Moved from coilysiren/coilyco-ai#13.*

coilysiren commented

2026-05-30 05:43:02 +00:00

Author

Owner

Iceboxed in the 2026-05-29 backlog burn-down: Speculative blog post draft. Reopen anytime if it becomes real.

coilysiren

2026-05-30 05:43:03 +00:00

closed this issue
added the
icebox
label

No labels

icebox

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilysiren/website#17

No description provided.

Rows
Columns