#Infrastructure

300 posts

AWS in Practice #1: Deploying FastAPI/Django to ECS Fargate
10 min read

AWS in Practice #1: Deploying FastAPI/Django to ECS Fargate

Push a container image to ECR, write a Task Definition, and stand it up as an ECS Fargate Service behind an ALB — the full flow of putting a small blog API into production, in a single post.

K8s Advanced #4: CRD and the Operator Pattern — controller-runtime
10 min read

K8s Advanced #4: CRD and the Operator Pattern — controller-runtime

One reason K8s is powerful is that you can extend its API itself. Defining new object kinds with CustomResourceDefinition and writing a reconcile loop for those objects with controller-runtime makes domain objects live as standard resources on top of K8s. Objects with names like PostgresCluster, RedisFailover, KafkaBroker are the result. This post organizes the CRD model, an Operator skeleton based on controller-runtime, and ownerReference / finalizer / status subresource — all in one cycle.

RHEL Advanced #7: Cockpit for GUI Management and Web Console — Series Wrap
9 min read

RHEL Advanced #7: Cockpit for GUI Management and Web Console — Series Wrap

The RHEL Advanced series so far has been all CLI, but Cockpit is the standard tool that adds a lightweight web GUI on top. The web console covers systemd, services, users, networking, storage, Podman, kdump, and SELinux on one screen, lets you manage multiple machines from a dashboard, integrates sosreport and diagnostic tools, and handles the kinds of work better done in Cockpit than by SSHing in to edit with vi — as we wrap the series.

AWS Advanced #7: Step Functions
9 min read

AWS Advanced #7: Step Functions

Where state machines fit, the four states (Task / Choice / Parallel / Map), Standard vs Express, Lambda / ECS / SDK integrations, error handling with retry / catch, common patterns — the AWS workflow service.

AWS Certified Cloud Practitioner (CLF-C02) #1: Exam Introduction — Structure and Study Strategy
10 min read

AWS Certified Cloud Practitioner (CLF-C02) #1: Exam Introduction — Structure and Study Strategy

The opening post of the AWS Certified Cloud Practitioner (CLF-C02) series. The shape of 65 questions, 90 minutes, and a 700 passing score; the weight and meaning of the four domains; registration and the testing environment; and the study strategy that turns the hands-on feel from the [AWS track](/en/posts/aws-basics-1) into exam answers. This 10-part series targets a CLF-C02 pass, wrapping up with a full-scale mock exam in #10.

K8s Advanced #3: Admission Controller — OPA Gatekeeper / Kyverno
10 min read

K8s Advanced #3: Admission Controller — OPA Gatekeeper / Kyverno

The K8s API server has a stage that can inspect and mutate manifests right before they're stored in etcd. This stage, called Admission Controller, is the entry point for the operational cluster's policy engine. Policies like "reject containers without limits," "force specific labels," "restrict image origins" are blocked at the manifest level without changing a line of code. This post organizes the position of the admission stage, built-in controllers, ValidatingWebhook and MutatingWebhook, and the models of two policy engines OPA Gatekeeper and Kyverno — all in one cycle.

RHEL Advanced #6: Subscription, Satellite, Insights — Operations Infrastructure
9 min read

RHEL Advanced #6: Subscription, Satellite, Insights — Operations Infrastructure

Three Red Hat operations tools you meet not when running one machine, but when running tens or hundreds. subscription-manager ties a machine to a Red Hat subscription, Satellite is the on-prem unified ops platform for lifecycle, content views, and patch automation, and Insights is the SaaS analytics service for vulnerability, stability, and performance recommendations — all in one cycle.

AWS Advanced #6: Secrets Manager / Parameter Store
9 min read

AWS Advanced #6: Secrets Manager / Parameter Store

How Secrets Manager and SSM Parameter Store differ, automatic rotation, fetching from code (boto3 / caching / Powertools), ECS and Lambda integration, IaC wiring, cost comparison — AWS secret / configuration management.

Docker in Practice #6 Cloud Deployment — Fly.io / Railway / ECS — Wrapping the Track
10 min read

Docker in Practice #6 Cloud Deployment — Fly.io / Railway / ECS — Wrapping the Track

The final step — taking the images you built and pushed and putting them on real production. Three options (Fly.io , Railway , ECS Fargate), the fork between them, deployment flows, secret management, healthchecks and zero-downtime, and a recap of all 24 posts in the track.

K8s Advanced #2: RBAC / ServiceAccount in Depth — Aggregated ClusterRole / Impersonation / IRSA / Workload Identity
11 min read

K8s Advanced #2: RBAC / ServiceAccount in Depth — Aggregated ClusterRole / Impersonation / IRSA / Workload Identity

[Intermediate #7](/en/posts/k8s-intermediate-7) covered the four RBAC objects and the ServiceAccount model. On top of that, there's more depth encountered in operational clusters. Aggregated ClusterRole that makes ClusterRoles extensible by composing them via labels, Impersonation that temporarily acts as another user's permission, the flow where ServiceAccount tokens shifted from legacy secrets to projected tokens, and EKS's IRSA and GKE's Workload Identity that tie K8s ServiceAccounts to cloud IAM — one more layer of the permission model in depth.

RHEL Advanced #5: Security Hardening — auditd, OpenSCAP, FIPS
10 min read

RHEL Advanced #5: Security Hardening — auditd, OpenSCAP, FIPS

The three pillars of operational security stacked on top of SELinux. auditd for recording every change to the system with ausearch/aureport, OpenSCAP for automated checking and remediation against CIS, STIG, PCI-DSS, and FIPS mode required by government and financial certifications — all in one cycle.

AWS Advanced #5: EventBridge / SQS / SNS
10 min read

AWS Advanced #5: EventBridge / SQS / SNS

The three side by side, SNS topic / SQS queue / EventBridge bus,rule, fan-out patterns, FIFO vs Standard, DLQ and idempotency, how it all wires up to Lambda / ECS — AWS messaging infrastructure.