Skip to content

Instantly share code, notes, and snippets.

View christian-posta's full-sized avatar

Christian Posta christian-posta

1.2k followers · 6 following
View GitHub Profile
@christian-posta
christian-posta / uber-agent-identity-platform.md
Created May 22, 2026 00:04

Clip source: Solving the Identity Crisis for AI Agents

Introduction

Uber is at the forefront of leveraging AI, empowering engineers to build AI solutions to improve productivity. In early 2025, the company built an internal Agent platform that allows teams to compose, deploy, and operate production-grade agents at scale. Additionally, Uber’s microservices tech stack comprising thousands of services was made AI-ready by enabling MCP® (Model Context Protocol) support over existing service APIs.

Increasing agentic autonomy necessitates strict oversight of the agents and the actions they execute. Accountability, the ability to answer “who did what, when and why” is critical for auditing, compliance, and executive trust. Without clear attribution, security controls can be harder to enforce, incident response may slow, and trust may be impacted.

This blog outlines the major updates to Uber’s identity and access technology stack in 2025 to accommodate AI agents. To maintain a proactive stance as AI adoption acc

@christian-posta
christian-posta / agentgateway-cel.md
Last active June 2, 2026 05:14

Agentgateway Objects context

CEL name Rust field When / where it’s set
request request HTTP request (method, uri, host, scheme, path, version, headers, body, startTime, endTime). Set from live request or from RequestSnapshot.
response response HTTP response (code, headers, body). Only set when the executor is built with a response (e.g. new_request_and_response, new_response, or logger with response).
jwt jwt JWT claims. Present when JWT auth is enabled and a token was verified.
apiKey api_key API key claims. Present when API key auth is enabled.
@christian-posta
christian-posta / mcm-auth.yaml
Last active February 10, 2026 20:34
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: public-oauth-mcp
namespace: enterprise-agentgateway
spec:
parentRefs:
- name: agentgateway
rules:
- matches:
@christian-posta
christian-posta / k8s-tools-agw.yaml
Created January 20, 2026 00:44
Simple agent gateway installation of a Kubernetes mcp server
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: agentgateway
namespace: gloo-system
spec:
gatewayClassName: enterprise-agentgateway
listeners:
- name: http
port: 8080
@christian-posta
christian-posta / nim-instructions-for-real.md
Created January 22, 2025 18:54
@christian-posta
christian-posta / nim-instructions.md
Created January 22, 2025 18:49
Completely Made Up Instructions for NVIDIA NIM + GKE

Here's a step-by-step guide to create a cost-conscious Kubernetes cluster in Google Kubernetes Engine (GKE), configure nodes with GPUs, and set up NVIDIA NGC Infrastructure Manager (NIM) along with deploying an LLM that uses the OpenAI API.

Step 1: Prerequisites

  1. Google Cloud Account: Ensure you have an active Google Cloud account.
  2. gcloud CLI: Install the Google Cloud SDK.
  3. kubectl: Install kubectl if it's not already installed.
  4. NVIDIA GPU Driver Support: Ensure you have access to NVIDIA resources and APIs.
@christian-posta
christian-posta / ksniff.sh
Created September 10, 2020 22:25
SOURCE_NAME=$(kubectl get po -A -o wide | grep $1 | head -n 1 | awk '{print $2}')
TARGET_NAME=$(kubectl get po -A -o wide | grep $2 | head -n 1| awk '{print $2}')
SOURCE_IP=$(kubectl get po -A -o wide | grep $1 | head -n 1 | awk '{print $7}')
TARGET_IP=$(kubectl get po -A -o wide | grep $2 | head -n 1 | awk '{print $7}')
echo "Source: $SOURCE_NAME, Target: $TARGET_NAME"
echo "Source: $SOURCE_IP, Target: $TARGET_IP"
echo "Running command: sh -c \"kubectl sniff -i eth0 -o ./local.pcap $SOURCE_NAME -f '((tcp) and (net $TARGET_IP))'\""
sh -c "kubectl sniff -i eth0 -o ./local.pcap $SOURCE_NAME -f '((tcp) and (net $TARGET_IP))'"
@christian-posta
christian-posta / squashctl-debug-gloo.sh
Created February 13, 2020 16:22
Script to Debug Gloo with Squash
GLOO=${1:-gloo}
POD=$(kubectl get po -n gloo-system | grep $GLOO | awk '{ print $1 }' | head -n 1)
echo "gloo pod to debug '$POD'"
PF_CMD=$(squashctl --debugger dlv --namespace gloo-system --machine --pod $POD)
echo "PF CMD: $PF_CMD"
K_CMD=$(echo "$PF_CMD" | jq .PortForwardCmd | sed s/:/2345:/)
@christian-posta
christian-posta / ServiceMeshReview.md
Created January 17, 2020 15:49

Review of service mesh 2019:

In 2019 the common themes for service mesh were:

  • more service-mesh distributions! everyone in the API/software networking space is coming up with their own distributions of service mesh. I think this is natrually a good thing for the market as it shows there is some value to be provided here and that different approaches should be explored. this will also lead us to a point of convergence soon in the future.

  • more organizations are POCing service mesh (up from just having architectural discussions from previous year)

  • usability is key! mesh technology like linkerd has shown how a mesh can be simpler to use and operate, with other mesh technologies taking note and improving their usability

@christian-posta
christian-posta / banking-vs.yaml
Last active January 16, 2020 13:49
Blog on decentralized API for API Management
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
name: banking-vs
namespace: gloo-system
spec:
virtualHost:
domains:
- 'banking.api.solo.io'
routes: