Infrastructure

AWS in Practice #4: IaC — Terraform Fundamentals
10 min read

AWS in Practice #4: IaC — Terraform Fundamentals

Why IaC, Terraform shape of provider / resource / state, team collaboration with S3 + DynamoDB backend, environment separation through modules, and the flow of code-ifying the #1–#3 infrastructure line by line.

K8s Practice #1: EKS Cluster Setup — Terraform / eksctl / IRSA / Addons
12 min read

K8s Practice #1: EKS Cluster Setup — Terraform / eksctl / IRSA / Addons

The first post in the K8s Practice series. We follow the path of building a real operational cluster rather than a toy abstraction. Defining the VPC and EKS cluster with Terraform, setting up node groups and IRSA, laying on the essential addons (VPC CNI, CoreDNS, kube-proxy, EBS CSI), and comparing eksctl as a faster setup option along the way. The starting point for the imaginary service myshop-api used throughout the 6-post series.

RHEL in Practice #3: Container Workloads — Podman, systemd (quadlet)
9 min read

RHEL in Practice #3: Container Workloads — Podman, systemd (quadlet)

The third post in the RHEL in Practice track. Putting the web and DB we stood up by hand in #1 and #2 back up as containers, we organize the operational flow of Podman, RHEL's standard container engine. Image pull and run, volumes and port mapping, rootless containers, and integrating containers as systemd services with quadlet for automatic startup at boot — all in one cycle.

AWS Certified Cloud Practitioner (CLF-C02) #4 Domain 2-1 Security — Shared Responsibility Model and IAM Basics
9 min read

AWS Certified Cloud Practitioner (CLF-C02) #4 Domain 2-1 Security — Shared Responsibility Model and IAM Basics

The first half of Domain 2 (30%), the largest-weighted domain of the CLF-C02 exam. Where the responsibility line falls between AWS and the customer (and how that shifts with the service model), the four IAM essentials — users, groups, roles, and policies — and how they differ, operating principles for MFA and access keys, and a root user guide that often appears as an exam trap. The next post #5 continues with compliance certifications, AWS Artifact, and encryption.

AWS in Practice #3: CI/CD — GitHub Actions + ECR + ECS
10 min read

AWS in Practice #3: CI/CD — GitHub Actions + ECR + ECS

GitHub Actions without access keys via OIDC, ECR push, automatic Task Definition updates, ECS Service rolling deployments, deployment circuit breakers and auto-rollback, and a touch of CodeDeploy blue/green — a deployment flow that ends with a single git push.

K8s Advanced #6: GitOps — ArgoCD / Flux
11 min read

K8s Advanced #6: GitOps — ArgoCD / Flux

The last post in the K8s Advanced series. GitOps — the operational model where the source of truth for manifests lives in git and a controller inside the cluster watches git to sync automatically. Covers the difference between push and pull models, ArgoCD's Application CRD and sync wave, Flux's Source / Kustomization / HelmRelease, directory structure patterns, and how to safely store secrets in git via Sealed Secrets / External Secrets. Also includes a 6-post K8s Advanced retrospective and a preview of the next track, K8s Practice.

RHEL in Practice #2: Database Operations — PostgreSQL on RHEL
9 min read

RHEL in Practice #2: Database Operations — PostgreSQL on RHEL

The second post in the RHEL in Practice track. Having stood up the web tier, we move to the data tier behind it: installing and initializing PostgreSQL via RHEL's AppStream modules. We cover the data directory and SELinux context, postgresql.conf / pg_hba.conf settings and the firewalld opening for remote access, and everything from creating users and databases to backup, recovery, and diagnosis when you get stuck — all from a real operations perspective.

AWS Certified Cloud Practitioner (CLF-C02) #3 Domain 1-2 Cloud Design — The Six Well-Architected Pillars
9 min read

AWS Certified Cloud Practitioner (CLF-C02) #3 Domain 1-2 Cloud Design — The Six Well-Architected Pillars

The second half of CLF-C02 Domain 1. We unpack the six pillars of the AWS Well-Architected Framework — Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability — and organize the design principles and exam-scenario mappings for each. We also fix the common mistake of memorizing only five pillars and forgetting Sustainability, which was added in December 2021. From #4 onward we head into Domain 2 Security, the 30% giant.

AWS in Practice #2: RDS Integration and Migration Operations
10 min read

AWS in Practice #2: RDS Integration and Migration Operations

RDS Postgres Multi-AZ inside the VPC, Security Group design, password injection through Secrets Manager, the operational side of Alembic / Django migrations, and blue/green-compatible migration patterns.

K8s Advanced #5: Observability — Prometheus / Grafana / Loki / OpenTelemetry
10 min read

K8s Advanced #5: Observability — Prometheus / Grafana / Loki / OpenTelemetry

Operational cluster observability is composed of three axes — metrics, logs, and traces. The K8s standard stack for each axis is nearly settled. Metrics with Prometheus + kube-state-metrics + node-exporter, logs with Loki (or EFK), traces with OpenTelemetry, visualization with Grafana, alerting with Alertmanager. This post organizes the three-axis model, the standard components for each axis, and operational principles like cardinality, retention period, and alert design — all in one cycle.

RHEL in Practice #1: Running a Web Server — nginx, systemd, SELinux Policy
5 min read

RHEL in Practice #1: Running a Web Server — nginx, systemd, SELinux Policy

The first post in the RHEL in Practice track. It brings together the systemd, SELinux, and firewalld knowledge from the basics, intermediate, and advanced series, and walks one full cycle of standing up an nginx web server properly on RHEL. Package install and service registration, SELinux context and port labels, opening firewalld, plus the spots where non-standard ports and document roots most often trip people up — all covered from a real operations angle.

AWS Certified Cloud Practitioner (CLF-C02) #2 Domain 1-1 Cloud Concepts — Value, Economics, and the Cloud Adoption Framework
9 min read

AWS Certified Cloud Practitioner (CLF-C02) #2 Domain 1-1 Cloud Concepts — Value, Economics, and the Cloud Adoption Framework

The first half of CLF-C02 Domain 1. The six value propositions of the cloud that show up in the exam, the cost-structure shift from CapEx to OpEx, the six perspectives of the AWS Cloud Adoption Framework, and how the global infrastructure (regions, AZs, edge) gets reshaped into exam questions. Series #3 continues with the second half of the same domain — the six Well-Architected pillars.