My Blog Posts

June 25, 2025
in tailscale, vpn, kubernetes, networking, devops
3 min read

Swapping VPN for Tailscale: A Five-Day Internal Infra Upgrade

originally posted at LinkedIn at June 25, 2025

We recently started migrating away from our traditional VPN setup—and toward something simpler, faster, and cheaper: Tailscale.

This wasn’t a full rip-and-replace. In just five days, we moved a core set of internal Kubernetes services behind Tailscale, enough to start retiring our legacy VPN setup piece by piece.

The results?
✅ Smoother developer workflows
✅ Better access control
✅ Significant cost savings
✅ Self-serve onboarding
✅ Fewer support headaches

June 18, 2025
in devops, oci, terraform, ansible, docker
6 min read

The DevOps Odyssey: Fully Automating OCI App Deployment with Terraform, Ansible, and Docker

Introduction: The Engineer's Drive for Automation

As a DevOps engineer, I thrive on full‑stack automation—turning repetitive, error‑prone deployments into push‑button, ultra‑reliable workflows.
I recently challenged myself to get Job Winner, an opensource full‑stack app (Spring Boot + React), live on Oracle Cloud Infrastructure (OCI) in less than 15 minutes from a cold start.
But the real goal wasn't speed alone—it was idempotence: every run of the pipeline should converge the system to the exact same, secure, HTTPS‑enabled state without manual touch‑points.

June 12, 2025
in traefik, ssl, docker, devops
3 min read

Goodbye Nginx, Hello Traefik! Effortless HTTPS with Let's Encrypt and Docker

If you've struggled with Nginx reverse proxy configs, certbot timers, and nginx -s reload, it's time to meet Traefik — a modern reverse proxy built for dynamic containerized environments.

Why Traefik over Nginx?

Unlike Nginx, which requires manual configuration updates and reloads, Traefik auto-discovers services via Docker labels, keeping your proxy config in sync with running containers. It also:

Automatically obtains and renews Let’s Encrypt certificates
Handles HTTP/HTTPS routing, path-based rules, load balancing, and more
Supports metrics, tracing, and even canary deployments with Traefik Enterprise

For small setups or demos, it’s a powerful, drop-in Nginx replacement — with less boilerplate.

June 4, 2025
in terraform, cloudfront, aws, route53, ssl
4 min read

Building a Reusable Terraform Static Site Module with CloudFront, S3, and Route 53

Overview

A common need in modern cloud infrastructure is hosting static websites — whether it's marketing sites, documentation portals, or Single Page Applications (SPAs) built with React, Vue, or Svelte.

At first, the AWS building blocks for this are fairly simple:

S3 for object storage
CloudFront for CDN
ACM for HTTPS
Route 53 for DNS

But quickly, managing this setup by hand or duplicating configs across environments (prod, staging, QA) becomes painful:

Too many copy/paste Terraform files
Hard to apply consistent policies
Complicated to manage uploads (especially when some sites are CI/CD and some are manual content sites)

May 30, 2025
in networking, ssl, kubernetes, aws, eks
4 min read

Automated TLS and DNS in Kubernetes with ExternalDNS, Ingress, and Let's Encrypt

Managing DNS and TLS certificates for Kubernetes applications can be tedious and error-prone. Thankfully, tools like ExternalDNS, Ingress, and Cert-Manager automate the entire process — from setting DNS records to provisioning Let's Encrypt certificates.

In this guide, we'll walk through how to:

Use ExternalDNS to automatically create DNS records.
Annotate Ingress resources to request a Let's Encrypt TLS cert.
Get HTTPS with minimal manual intervention.
Understand how these components interact.

May 17, 2025
in shell script, sso, kubernetes, aws, devops
2 min read

Automatically Renew AWS SSO Session and Refresh Kubeconfig for EKS Access

Working with AWS EKS clusters via AWS SSO is secure but sometimes frustrating.
If your session expires, kubectl commands will fail until you manually renew the session and update your kubeconfig.

Let's automate that with a small Bash script.

May 17, 2025
in devops, turborepo, terraform, aws, github
4 min read

Setting Up Turborepo Remote Cache with S3 and GitHub Actions

Setting up a production-grade remote cache for Turborepo using self hosted remote cache with AWS S3 and Lambda helps improve monorepo performance, especially in CI/CD pipelines like GitHub Actions. Below is a modular and generic Terraform setup using variables for easy customization.

May 15, 2025
in aws, kubernetes, devops
2 min read

Bootstrapping My Linux Desktop and MacBook for Dev Work

After transitioning through two new jobs recently, I had the opportunity (and challenge) to set up fresh dev environments on both a Linux desktop and a MacBook. Here’s my comprehensive checklist and setup notes, including tooling, config files, and references I found useful.

February 26, 2025
in devops, shell script, ssl, docker, oci
3 min read

Setting Up Docker, SSL, and DuckDNS on Oracle Server

This guide will walk you through the process of setting up Docker, configuring SSL certificates, and setting up DuckDNS on an Oracle server (Oracle Linux 9).

November 30, 2024
in ssl, devops
3 min read

Let's Encrypt SSL Certificate with Certbot for GoDaddy

Securing your website with HTTPS is a critical step in establishing trust and improving SEO. This guide will show how to generate and install a free Let's Encrypt SSL certificate on a GoDaddy-hosted site using Certbot, and set up automatic certificate renewal.