DevOps Blog

Real-world experiences, lessons learned, and technical insights from building production infrastructure. Stories from the trenches of DevOps, Kubernetes, cloud platforms, and platform engineering.

All 1password ai airbyte argocd arm astro aws cert-manager cicd cloud cloudfront docker eks etl external-dns faker gateway-api gcp github github-actions gitops gke hackathon helm home-server java jenkins kubernetes migration mkdocs networking oci ollama postgres privacy python react redis route53 ruby s3 security self-hosted shell script slackbot sql ssl sso tailscale terraform traefik turborepo vpn
GKE - Part 4: ExternalDNS, cert-manager, and Real URLs for the GitOps Platform

GKE - Part 4: ExternalDNS, cert-manager, and Real URLs for the GitOps Platform

Adding the platform services that turn Gateway API from a manually wired entry point into a DNS and TLS managed edge for GKE.

gcpgkekubernetes
GKE - Part 3: From Local Terraform to CI: Structuring Shared and Nonprod Stacks for GKE

GKE - Part 3: From Local Terraform to CI: Structuring Shared and Nonprod Stacks for GKE

Moving a Terraform-first GKE setup from local execution to CI, and organizing shared and environment stacks to make the system repeatable and extensible.

gcpgketerraform
GKE — Part 2: Private Nodes, Gateway API, and a More Realistic Cluster Shape

GKE — Part 2: Private Nodes, Gateway API, and a More Realistic Cluster Shape

Evolving a Terraform-managed GKE cluster from a public proof of concept into a more structured setup with private nodes and a defined entry point.

gcpgketerraform
From Zero to GKE — A Terraform-First Build with Production in Mind

From Zero to GKE — A Terraform-First Build with Production in Mind

A Terraform-first journey into GCP and GKE—bootstrapping remote state, building a clean foundation, and getting a minimal cluster running with a clear path toward production.

gcpgketerraform
How to Build a Slack Bot Like Doraemon

How to Build a Slack Bot Like Doraemon

A practical walkthrough on building a Slack bot using Socket Mode and Python 3.11, based on a real-world project.

slackbotpythonhackathon
From x86 to ARM in production: the EKS migration story

From x86 to ARM in production: the EKS migration story

We migrated our EKS workloads from x86 to ARM in production with zero downtime. Here's how we simplified our architecture story end-to-end and saved cost without trading away reliability.

kuberneteseksarm
Building a New Portfolio Page: Migrating from MkDocs to Astro

Building a New Portfolio Page: Migrating from MkDocs to Astro

Journey of creating a new portfolio page by converting a MkDocs-based documentation site to Astro, focusing on creating dedicated sections for content series like DevOps Odyssey with custom layouts.

astromkdocs
Build Once. Promote Forward. Ship Daily.

Build Once. Promote Forward. Ship Daily.

How we eliminated rebuild-per-environment pipelines and went from shipping every two weeks to shipping daily. A real-world story of building once, validating once, and promoting the same artifact through environments.

cicddockerargocd
The "Hybrid" AI Stack: Enterprise Power at Work, Localhost Freedom at Home

The "Hybrid" AI Stack: Enterprise Power at Work, Localhost Freedom at Home

How I built a personal AI stack on my MacBook Pro M4 using Ollama, Open WebUI, and Draw Things—running entirely locally with zero privacy leaks and unlimited usage, while keeping enterprise cloud tools for work.

aiollamaself-hosted
Developing and Testing K3s Apps Locally

Developing and Testing K3s Apps Locally

When building Kubernetes-aware tools — whether a CLI, dashboard, or internal Python service — you often need your local environment to talk directly to the cluster API.

githubkubernetescicd
Migrating From dotenv.org to 1Password in Kubernetes Deployment

Migrating From dotenv.org to 1Password in Kubernetes Deployment

dotenv.org recently increased its pricing, and at the same time our organization was already consolidating secrets into **1Password** for engineering, operations, and automation workflows. Maintaining

ocikubernetes1password
Extending Our Tailscale Setup with a Terraform-Managed Bastion

Extending Our Tailscale Setup with a Terraform-Managed Bastion

In [my previous post](./2025/06/25/swapping-vpn-for-tailscale-a-five-day-internal-infra-upgrade/), I wrote about how we replaced a traditional VPN with Tailscale to connect engineers to Kubernetes ser

tailscalevpnkubernetes
Page 1 of 3 Next