大部分團隊第一次裝 Kubernetes 時，拿到的都是一個「超級使用者」的 kubeconfig，裡面就躺著一組可以幹掉整個叢集的憑證。於是這份檔案開始在 Slack、Email、筆電之間被複製來複製去，沒有人知道目前誰還留著副本、哪個離職員工的 kubeconfig 還能用。

這篇文章要示範如何用 kubelogin 搭配 AuthGate，在 k3s 上建立一條 OIDC 登入流程：使用者打 kubectl get pods 的瞬間，瀏覽器自動跳出 AuthGate 的登入頁面，登入完成 token 寫回 kubeconfig，整個叢集不再需要共用那份 admin.kubeconfig。

Gitea Act Runner is the execution component of Gitea Actions, responsible for fetching CI/CD tasks from the Gitea Server and reporting execution results. As more teams self-host Gitea, the HTTP request volume between Runners and the Server has become a bottleneck on the Server side. This article documents how we analyzed and resolved this problem, reducing the request volume from approximately 1,300 req/s to approximately 170 req/s for 200 Runners — an 87% reduction.

Gitea Act Runner 是 Gitea Actions 的執行元件，負責從 Gitea Server 領取 CI/CD 任務並回報執行結果。隨著越來越多團隊自架 Gitea，Runner 與 Server 之間的 HTTP 請求量成為了 Server 端的瓶頸。本文記錄我們如何分析並解決這個問題，將 200 個 Runner 的請求量從約 1,300 req/s 降到約 170 req/s，降幅 87%。

In previous posts, I introduced the concept of Agent Skills and showed how to build an AI-driven development workflow with Claude Code + GitHub Copilot Review. As more products and teams embrace AI Agents, a clear architectural pattern is emerging: API + CLI + Skills. This isn’t a framework or protocol — it’s a pragmatic three-layer architecture that enables any product to become “agent-friendly” quickly.

在之前的文章中，我分別介紹了 Agent Skill 的概念以及如何用 Claude Code + GitHub Copilot Review 打造 AI 驅動的開發流程。隨著越來越多產品和團隊開始擁抱 AI Agent，一個清晰的架構模式正在浮現：API + CLI + Skills。這不是某個框架或協議，而是一種務實的三層架構，讓任何產品都能快速變得「對 Agent 友善」。

As a developer who maintains multiple open-source projects on GitHub, my daily work goes far beyond writing code. I also deal with a constant stream of issues, PR reviews, releases, and other tasks that are tedious but critical. As projects grow, this workload quickly exceeds what one person can handle efficiently.

Over the past few months, I’ve integrated Claude Code and GitHub Copilot Review into my daily development workflow, and the results have been remarkable — tasks that used to take half a day now often get done in 1-2 hours. This post shares my complete workflow and explains why I believe the developer’s own technical ability is the key to using AI tools effectively.

身為一個在 GitHub 上長期維護多個開源專案的開發者，我每天面對的不只是寫程式，還有大量的 Issue 處理、PR Review、版本發佈等瑣碎但重要的工作。隨著專案規模成長，這些工作量已經遠超一個人能高效處理的範圍。

過去一段時間，我開始將 Claude Code 和 GitHub Copilot Review 整合進我的日常開發流程，結果讓我非常驚艷——原本需要半天的工作，現在經常在 1-2 小時內就能完成。這篇文章將分享我的完整流程，以及為什麼我認為開發者本身的技術能力，才是善用 AI 工具的關鍵。

隨著 AI Agent 技術的快速發展，一個全新的概念正在改變軟體開發的工作方式：Agent Skill（代理技能）。如果你有使用過 Claude Code、Cursor 或其他 AI 輔助開發工具，可能已經接觸過類似的概念。本篇文章將深入介紹什麼是 Agent Skill，以及它如何對軟體產業帶來根本性的變化。

With the rapid evolution of AI Agent technology, a new concept is reshaping how software development works: Agent Skill. If you’ve used Claude Code, Cursor, or other AI-assisted development tools, you may have already encountered something similar. This article takes a deep dive into what Agent Skill is and how it brings fundamental changes to the software industry.

In 2025, I introduced MCP (Model Context Protocol) at the iThome Taiwan Cloud Summit. At that time, I mentioned that the official team has been continuously revising the authentication protocol to address complex authentication flows. The previous design involved DCR (Dynamic Client Registration), so as expected, on 2025/11/25, a new Authorization mechanism was released. This authentication mechanism is called “Client ID Metadata Documents, abbreviated as CIMD”.

When installing a Model Context Protocol (MCP) server, the most challenging part is often not the protocol itself, but how to establish trust between the client and server. If you’ve ever tried to connect an MCP client to an MCP server it has never encountered before, you’ve probably run into what’s known as the “registration wall”.

Pre-registering with every possible authorization server is simply not scalable, and while Dynamic Client Registration (DCR) helps, it lacks reliable mechanisms to verify client identity, making it vulnerable to phishing attacks. Beyond security concerns, DCR also creates operational overhead by generating an ever-growing number of duplicate client identities that need to be managed.