Documenting what I learn along the way.
Your app is running on Kubernetes, but can you actually tell when something breaks? Here's how to set up metrics, logs, dashboards, and Slack alerts from scratch with Prometheus, Loki, and Grafana.
Running PostgreSQL on Kubernetes is one thing. Making sure backups and restores actually work is another. Here’s a hands-on walkthrough with CloudNativePG and S3.
From Dockerfile to running pod — a complete walkthrough of building images with BuildKit, storing them in Harbor, and deploying them to Kubernetes through GitLab CI.
Anyone can push an image to your registry. The real question is: how do you make sure your cluster only runs the ones you actually built? Image signing with Cosign and policy enforcement with Kyverno.
Hardcoded secrets in manifests, base64 "encryption", credentials scattered everywhere — sound familiar? Here's how to fix it with HashiCorp Vault and FluxCD, the GitOps way.
No more kubectl apply. Set up FluxCD so your Kubernetes cluster stays in sync with Git automatically — handle deployments, catch drift, and roll back with confidence.
A serverless app that works is great. One that's actually locked down is better. Applying least privilege, RBAC, and IAM Identity Center across a real Lambda + API Gateway stack with Terraform.
What happens to your app when an entire AWS region goes down? Building an automated failover system with Global Accelerator, Route 53, and Lambda so your users never notice.
Taking a simple to-do app from localStorage to a full serverless backend on AWS. Authentication, API, database, and deployment — one piece at a time.
Push to main, site is live. Setting up a proper CI/CD pipeline for a static site with GitHub Actions, S3, and CloudFront — including cache invalidation and infrastructure as code.
A contact form sounds simple until you need it to scale, not lose messages, and actually send emails reliably. Building an event-driven serverless system with API Gateway, Lambda, and SES.
Deploying a Next.js site shouldn't mean clicking through the AWS console. Using CDK to define the entire Amplify hosting setup as code, with automatic builds on every push.
ClickOps resources, no version history, and deployments done by hand. Migrating a real AWS setup to CDK with automated CI/CD through GitHub Actions.
Everyone logging in as root with the same password — that was the starting point. Here's how to go from there to proper IAM groups, MFA, and role-based access with Terraform.
