kubernetes

June 25, 2025
in tailscale, vpn, kubernetes, networking, devops
3 min read

Swapping VPN for Tailscale: A Five-Day Internal Infra Upgrade

originally posted at LinkedIn at June 25, 2025

We recently started migrating away from our traditional VPN setup—and toward something simpler, faster, and cheaper: Tailscale.

This wasn’t a full rip-and-replace. In just five days, we moved a core set of internal Kubernetes services behind Tailscale, enough to start retiring our legacy VPN setup piece by piece.

The results?
✅ Smoother developer workflows
✅ Better access control
✅ Significant cost savings
✅ Self-serve onboarding
✅ Fewer support headaches

May 30, 2025
in networking, ssl, kubernetes, aws, eks
4 min read

Automated TLS and DNS in Kubernetes with ExternalDNS, Ingress, and Let's Encrypt

Managing DNS and TLS certificates for Kubernetes applications can be tedious and error-prone. Thankfully, tools like ExternalDNS, Ingress, and Cert-Manager automate the entire process — from setting DNS records to provisioning Let's Encrypt certificates.

In this guide, we'll walk through how to:

Use ExternalDNS to automatically create DNS records.
Annotate Ingress resources to request a Let's Encrypt TLS cert.
Get HTTPS with minimal manual intervention.
Understand how these components interact.

May 17, 2025
in shell script, sso, kubernetes, aws, devops
2 min read

Automatically Renew AWS SSO Session and Refresh Kubeconfig for EKS Access

Working with AWS EKS clusters via AWS SSO is secure but sometimes frustrating.
If your session expires, kubectl commands will fail until you manually renew the session and update your kubeconfig.

Let's automate that with a small Bash script.

May 15, 2025
in aws, kubernetes, devops
2 min read

Bootstrapping My Linux Desktop and MacBook for Dev Work

After transitioning through two new jobs recently, I had the opportunity (and challenge) to set up fresh dev environments on both a Linux desktop and a MacBook. Here’s my comprehensive checklist and setup notes, including tooling, config files, and references I found useful.

May 8, 2024
in devops, aws, shell script, kubernetes
2 min read

Amazon ECR Public allows users to store and access public container images. While ECR Public repositories are open to the public, access to pull or download images from these repositories may still require authentication.

While there are multiple reasons such as access control and security concern, the main benefit of getting an authentication token or login is to deal with rate limiting in my use case.

April 18, 2023
in helm, devops, kubernetes
2 min read

Helm Template Tips

Helm templates provide a powerful way to configure Kubernetes manifests dynamically. In this post, we’ll cover some useful tricks, including:

Handling optional maps
Setting default values
Using ternary expressions
Other useful Helm template functions