#Infrastructure
300 posts
Docker in Practice #2: Django + PostgreSQL compose — Two Containers as One
Bundling a Django app and PostgreSQL into one docker compose file. Migration entrypoint, depends_on relying on healthcheck, data volumes, .env separation, and collectstatic — a production-shaped compose setup.
K8s Intermediate #5: Health Checks — liveness / readiness / startup probes
If [#4](/en/posts/k8s-intermediate-4) covered the Pod's resource model, this post covers the model of how K8s judges whether a container is "alive" and "ready to take traffic." Three kinds of probes — liveness, readiness, startup — each play a different role, and misconfiguring them leads directly to operational incidents like infinite restart loops, traffic misses, and startup failure. This post walks through `httpGet` / `tcpSocket` / `exec` check methods, common parameters like `initialDelaySeconds` / `periodSeconds` / `failureThreshold`, the cascading failure that happens when external dependencies are put into liveness, and the graceful shutdown drawn by `terminationGracePeriodSeconds` and the PreStop hook — all in one cycle.
RHEL Advanced #1: Boot Process — GRUB2, dracut, Recovery Mode
Step-by-step organization of the entire flow from a RHEL machine being powered on to the login prompt appearing. UEFI/BIOS, GRUB2 configuration with grub2-mkconfig, initramfs and dracut regeneration, systemd targets and default.target, rescue/emergency mode, and the procedure to recover the root password by editing GRUB — all covered in one cycle.
AWS Advanced #1: ECS and Fargate — Container Deployment
ECS and where it fits (vs EKS), the four pieces (Cluster / Service / Task / Task Definition), EC2 launch type vs Fargate, hooking up ALB / VPC, and your first container deployment — how to put a container on AWS, end to end.
Docker in Practice #1: Containerizing FastAPI — uv, Multi-stage, non-root
First post of the practice series. Containerizing the most common scenario — a FastAPI app. Slim base on uv, multi-stage to separate build from runtime deps, a non-root user, and HEALTHCHECK — in a shape that goes straight to production.
K8s Intermediate #4: resources.requests / limits — Pod Resource Requests and Limits
[#3](/en/posts/k8s-intermediate-3) covered the path of external traffic into the cluster. This post moves the viewpoint back inside the Pod — the model of how a container requests and is limited on CPU and memory. `resources.requests` is what the scheduler sees when picking a node; `resources.limits` is the runtime cap kubelet enforces. This post walks through the separation of the two, QoS classes (Guaranteed / Burstable / BestEffort), the difference between CPU throttling and OOMKilled, JVM/Go runtime cgroup awareness, and the pattern of setting namespace defaults via `LimitRange` — all in one cycle.
RHEL Intermediate #7: Intro to Containers — Podman/Buildah/Skopeo
RHEL 9's container standard is Podman. This post looks at how it uses nearly the same commands as Docker while running without a daemon, defaulting to rootless mode, and integrating naturally with systemd — all from an operational perspective. Also covered: building images with Buildah and moving them between registries with Skopeo.
AWS Intermediate #7: CloudFront for static site delivery
AWS's global CDN, CloudFront. The Origin / Behavior / Cache Policy flow, the S3 + CloudFront static-hosting pattern, how OAC fronts S3 safely, and the operational side of invalidations.
Docker Advanced #6: Production Operations — graceful shutdown, healthcheck, restart
PID 1 signal handling, the precise SIGTERM graceful shutdown flow, where init and dumb-init fit, restart policies in depth, liveness vs. readiness — the small details that keep one container running steadily in production. The wrap-up of Docker Advanced.
K8s Intermediate #3: Ingress and Ingress Controller — The External Entry Point
[K8s Basics #5](/en/posts/k8s-basics-5) covered LoadBalancer as the standard external entry point, but when dozens of Services need external exposure, spinning up one cloud LoadBalancer per Service quickly inflates cost and management overhead. Routing by domain or path also can't be solved with a single LoadBalancer. This post follows the object that gathers that burden in one place — `Ingress` — and the Ingress Controller (nginx / Traefik / GKE Ingress / AWS ALB Controller) that turns those manifests into actual traffic, walking through the two-layer model, host/path-based routing, `pathType`, TLS termination, and `IngressClass` in one cycle.
AWS Intermediate #6: ALB / NLB and ACM (HTTPS)
AWS's managed load balancers — the differences between ALB, NLB, and GWLB; the Listener / Target Group / Health Check flow; and the operational pattern of issuing a cert with ACM and turning on HTTPS in one go.
Docker Advanced #5: Resource Limits and cgroups
Container memory and CPU limits, diagnosing OOMKilled, how runtimes like the JVM and Node perceive container limits, and other isolation knobs like ulimit / pids. The exact behavior of limits running on cgroups v2.