Skip to content

networking

Extending Our Tailscale Setup with a Terraform-Managed Bastion

originally posted at LinkedIn at Sept 06, 2025

In my previous post, I wrote about how we replaced a traditional VPN with Tailscale to connect engineers to Kubernetes services. That solved a big piece of the puzzle: cluster access was now simple, secure, and reliable.

But as always, not everything lives in Kubernetes. We still had private databases, legacy services, and tools running in our VPC that engineers needed to reach. That’s where a bastion came in.

Flying with Super Speed in the New Bastion Tunnel

Replatforming Airbyte: From Developer Laptop to EKS

originally posted at LinkedIn at July 25, 2025

In early-stage engineering teams, it's natural for tools to start out simple — often running on a single developer machine, just to get things moving. That’s how our Airbyte setup began: quick to spin up, good enough for testing connectors, and easy to iterate on.

But as our team grew and data pipelines became more embedded in how we operated, we knew it was time to treat Airbyte like real infrastructure. That meant moving beyond local environments and into a scalable, secure, and repeatable deployment.

We migrated Airbyte OSS to Amazon EKS, using Helm and AWS-native services like S3 and IAM Roles for Service Accounts (IRSA). Our goal wasn’t to fix something broken, but to build on what was working and make it production-ready—without sacrificing developer velocity.

This post shares how we did it, what we learned, and what you might want to consider if you’re operationalizing Airbyte (or any similar open-source tool) in a small but growing cloud-native team.

DevOps Clown sending laptop application to the Cloud

Swapping VPN for Tailscale: A Five-Day Internal Infra Upgrade

originally posted at LinkedIn at June 25, 2025

We recently started migrating away from our traditional VPN setup—and toward something simpler, faster, and cheaper: Tailscale.

This wasn’t a full rip-and-replace. In just five days, we moved a core set of internal Kubernetes services behind Tailscale, enough to start retiring our legacy VPN setup piece by piece.

The results?
✅ Smoother developer workflows
✅ Better access control
✅ Significant cost savings
✅ Self-serve onboarding
✅ Fewer support headaches

Enjoy Super Speeding in Private Network Tunnel

Automated TLS and DNS in Kubernetes with ExternalDNS, Ingress, and Let's Encrypt

Managing DNS and TLS certificates for Kubernetes applications can be tedious and error-prone. Thankfully, tools like ExternalDNS, Ingress, and Cert-Manager automate the entire process — from setting DNS records to provisioning Let's Encrypt certificates.

In this guide, we'll walk through how to:

  • Use ExternalDNS to automatically create DNS records.
  • Annotate Ingress resources to request a Let's Encrypt TLS cert.
  • Get HTTPS with minimal manual intervention.
  • Understand how these components interact.

Auto TLS and DNS with ExternalDNS, Ingress, and Let's Encrypt