Infrastructure as Code¶

March 24, 2025
in Kubernetes, External Secrets, OpenID Connect, AWS, Azure
11 min read
Total views: 1253

Cloud-Native Secret Management: OIDC in K8s Explained

External Secrets is the de-facto choice for secrets management in Kubernetes clusters. It simplifies the task of the administrator(s) of the cluster, ensuring only the secrets that are explicitly defined are present and accessible.

It comes with many great features but most important than all is its integration with major cloud providers.

In this blog post you will learn how to deploy it without hard-coded credentials and using only the power of OpenID Connect for trust relationship between services.

March 17, 2025
in Grafana, Monitoring, Kubernetes, Observability, DevOps
14 min read
Total views: 922

Migration From Promtail to Alloy: The What, the Why, and the How

Promtail is (was) the lightweight log collector solution that sends the log over the HTTP to the remote backend. This remote backend is normally Loki but you can choose to send the logs to VictoriaLogs as well.

In this blog post, you will see the newer alternative to Promtail, Grafana Alloy. You will see what it is, why it's a good idea to migrate, and the how-to guide to make the jump with least friction.

March 10, 2025
in FluxCD, Kubernetes, GitOps, Go, Platform Engineering
16 min read
Total views: 709

How to Setup Preview Environments with FluxCD in Kubernetes

Preview environment is where you see a live state of your changes from your pull request before being merged into the default branch. It gives you a look'n feel of what it would be like if you merged your changes.

Kubernetes on the other hand, is what powers the production setups. But that's not all it can do for you. I have spun up preview environments in Kubernetes with different technologies in the past.

And in this blog post, I will show you how to achive this using FluxCD Operator.

February 17, 2025
in GCP, GitHub Actions, CDN, OpenID Connect, Infrastructure as Code
11 min read
Total views: 103

How to Deploy Static Site to GCP CDN with GitHub Actions

Building and deploying static sites is rarely an issue these days. Most of the PaaS providers already have full support for your live and your preview environments and a clean integration with your favorite Git provider.

However, some organizations may choose to stick with big players like GCP for various reasons.

In this blog post, you will learn how to build your frontend and deploy your static files to GCP bucket using GitHub Actions and serve it behind GCP CDN.

In this approach we will employ OpenID Connect to authenticate GitHub Actions runner to GCP API to avoid passing hard-coded credentials (Actually, GCP calls this Federated Workload Identity but it is unsurprisingly based on OIDC).

If this sounds interesting to you, let's not keep you waiting any longer.

February 10, 2025
in GitHub, OpenTofu, GitHub Pages, GitHub Actions, DevOps
9 min read
Total views: 93

How to Publish to GitHub Pages From Another Repository

In this blog post, you will learn how to leverage GitHub Actions to deploy static files to the GitHub Pages of another repository.

This can be useful if you keep your source code in a private repository, but also, you may find additional reasons to need this setup.

Stick around till the end to find out how to do this with OpenTofu.

February 3, 2025
in Kubernetes, GKE, Infrastructure as Code, OpenTofu, GCP
9 min read
Total views: 58

How to Provision a Production-Ready Autopilot GKE Cluster

In this blog post I share my opinioated version of provisioning a Kubernetes cluster in the Google Cloud Platform (GCP) using nothing but Opentofu.

The principles discussed here are the ones I have learned while dealing with production setups at the same scale.

If you enjoy Kubernetes or want to learn more about GCP, this is for you.

January 20, 2025
in Packer, NixOS, Hetzner, Linux, DevOps
9 min read
Total views: 92

Packer: How to Build NixOS 24 Snapshot on Hetzner Cloud

Packer is a powerful tool to create immutable images, with support for various cloud providers.

In this blog post, I share how I built a NixOS 24 snapshot using Packer on Hetzner Cloud.

If you're a fan of NixOS or want to learn more about Packer, this post is for you.

January 6, 2025
in Ansible, AWS, Configuration Management, Bastion Host, Automation
11 min read
Total views: 104

How to Create Your Ansible Dynamic Inventory for AWS Cloud

Most of the modern software deployment these days benefit from containerization and Kubernetes as the de-facto orchestration platform.

However, occasionally, I find myself in need of some Ansible provisioning and configuration management.

In this blog post, I will share how to create Ansible dynamic inventory in a way that avoids the need to write hard-coded IP addresses of the target hosts.

December 30, 2024
in Kratos, Oathkeeper, Ory, Authentication, OpenID Connect
30 min read
Total views: 120

How to Protect ANY Upstream Service with Operational Authentication

In this blog post, I will demonstrate how to use Ory Oathkeeper and Ory Kratos to protect upstream services behind authentication, especially the ones that do not have native authentication built-in, e.g., Prometheus, Hubble UI, Alertmanager, etc.

September 2, 2024
in AWS Lambda, JavaScript, OpenTofu, GitHub Actions, Serverless
22 min read
Total views: 743

How to Deploy NodeJS to AWS Lambda with OpenTofu & GitHub Actions

If you're a software engineer in any tier, there's a good chance that you're already familiar with the language and syntax of JavaScript. It has a very low barrier for entry and that is one of its strongest suits and what makes it so widely adopted and popular.

In this article, you'll learn how to deploy a JavaScript application to AWS Lambda using the principles of GitOps and with the help of OpenTofu as the Infrastructure as Code and GitHub Actions for the CI/CD pipeline.

Stick till the end to find out how.