terraform

September 6, 2025
in tailscale, vpn, kubernetes, networking, devops
3 min read

Extending Our Tailscale Setup with a Terraform-Managed Bastion

originally posted at LinkedIn at Sept 06, 2025

In my previous post, I wrote about how we replaced a traditional VPN with Tailscale to connect engineers to Kubernetes services. That solved a big piece of the puzzle: cluster access was now simple, secure, and reliable.

But as always, not everything lives in Kubernetes. We still had private databases, legacy services, and tools running in our VPC that engineers needed to reach. That’s where a bastion came in.

August 31, 2025
in devops, oci, terraform, argocd, cicd
5 min read

The DevOps Odyssey, Part 4: Secrets, GitHub Auth, and Scaling Out

originally posted at LinkedIn at Aug 31, 2025

In Part 1, I bootstrapped a zero-click deployment pipeline on OCI with Terraform, Ansible, and Docker Compose — complete with HTTPS, DNS, and CI/CD.

Part 2 evolved that into a Kubernetes-native architecture, replacing Docker with K3s for a declarative control plane.

Part 3 brought in GitOps with Argo CD, letting the cluster manage itself from a single commit.

Now, in Part 4, I pushed the setup toward something that looks and feels much closer to production. Three key steps made that happen:

Sealing secrets so I could finally commit them to Git safely.
Adding GitHub authentication with Dex, making the Argo CD UI open (read-only) to anyone with a GitHub account.
Expanding the cluster with a proper worker node — and replacing my ill-fated “master as NAT” shortcut with OCI’s managed NAT Gateway.

July 31, 2025
in devops, oci, terraform, argocd, ansible
5 min read

The DevOps Odyssey, Part 3: GitOps on K3s with Argo CD — Self-Managing Infrastructure from a Single Commit

originally posted at LinkedIn at July 31, 2025

In Part 1, we bootstrapped a zero-click deployment pipeline on OCI using Terraform, Ansible, and Docker Compose — complete with HTTPS, DNS, and CI/CD.

Part 2 evolved that foundation into a Kubernetes-native architecture, replacing Docker with K3s. That gave us a declarative control plane and a better foundation for future growth — without sacrificing simplicity or resource constraints.

Now, in Part 3, we finally bring in GitOps: managing the entire cluster from a Git repository using Argo CD. This marks the transition from automation to self-reconciliation — and sets the stage for horizontal scaling and federated identity in the next phase.

June 29, 2025
in devops, oci, terraform, ansible, docker
3 min read

The DevOps Odyssey Continues: Evolving from Docker to K3s with Ansible

originally posted at LinkedIn at July 25, 2025

In Part 1, I turned an OCI Free Tier VM into a fully automated, HTTPS-secured Docker host using Terraform, Ansible, Traefik, and GitHub Actions. That stack was great for monoliths or simple containers.

But containers want orchestration. And I want GitOps.

So this phase of the odyssey shifts gears: replacing Docker Compose with K3s — a lightweight Kubernetes distribution that fits beautifully in constrained environments like OCI free tier.

The goal? A production-grade Kubernetes control plane, fully bootstrapped with Ansible, ready for GitOps.

June 18, 2025
in devops, oci, terraform, ansible, docker
6 min read

The DevOps Odyssey: Fully Automating OCI App Deployment with Terraform, Ansible, and Docker

Introduction: The Engineer's Drive for Automation

As a DevOps engineer, I thrive on full‑stack automation—turning repetitive, error‑prone deployments into push‑button, ultra‑reliable workflows.
I recently challenged myself to get Job Winner, an opensource full‑stack app (Spring Boot + React), live on Oracle Cloud Infrastructure (OCI) in less than 15 minutes from a cold start.
But the real goal wasn't speed alone—it was idempotence: every run of the pipeline should converge the system to the exact same, secure, HTTPS‑enabled state without manual touch‑points.

June 4, 2025
in terraform, cloudfront, aws, route53, ssl
4 min read

Building a Reusable Terraform Static Site Module with CloudFront, S3, and Route 53

Overview

A common need in modern cloud infrastructure is hosting static websites — whether it's marketing sites, documentation portals, or Single Page Applications (SPAs) built with React, Vue, or Svelte.

At first, the AWS building blocks for this are fairly simple:

S3 for object storage
CloudFront for CDN
ACM for HTTPS
Route 53 for DNS

But quickly, managing this setup by hand or duplicating configs across environments (prod, staging, QA) becomes painful:

Too many copy/paste Terraform files
Hard to apply consistent policies
Complicated to manage uploads (especially when some sites are CI/CD and some are manual content sites)

May 17, 2025
in devops, turborepo, terraform, aws, github
4 min read

Setting Up Turborepo Remote Cache with S3 and GitHub Actions

Setting up a production-grade remote cache for Turborepo using self hosted remote cache with AWS S3 and Lambda helps improve monorepo performance, especially in CI/CD pipelines like GitHub Actions. Below is a modular and generic Terraform setup using variables for easy customization.