-
Sentinel: Building a Production-Grade AWS CloudTrail Monitoring System
Security visibility in AWS is not optional. Every API call — a user logging in, an IAM policy changing, an S3 bucket going public — generates a CloudTrail event. The problem is that CloudTrail produces enormous volumes of raw JSON that are nearly impossible to act on without tooling. I...
-
Linkerd: A Practical Guide to the Lightest Service Mesh in Production
Running microservices on Kubernetes solves the deployment problem. It does not solve the networking problem. How does service A know which pod of service B to send a request to? How do you encrypt traffic between services without changing application code? How do you know when service C is slow...
-
Terraform, Terragrunt & Atlantis: A Production-Grade IaC Workflow
Infrastructure as Code at scale comes with a familiar set of problems: duplicated module calls across environments, state file collisions, no PR-based review for infra changes, and sprawling root modules that nobody dares touch. This post walks through how I structure Terraform modules, layer Terragrunt on top to eliminate repetition,...
-
Building Kubernetes Admission Webhooks (Part 2 of 2)
SN Stack Technology 1 Language Golang 2 Orchestrator Kubernetes(KinD) This is 2 part series so you ight want to visit part-1 here If you have used Kubernetes for a while it is not hard to notice that most services use admission webhooks profusely. For instance, if you use nginx-ingress-controller you...
-
Building Kubernetes Admission Webhooks (Part 1 of 2)
SN Stack Technology 1 Language Golang 2 Orchestrator Kubernetes(KinD) This article has also been published in medium As you spend you more and more on the devops tools it wont take you long to realize that Golang is pretty powerful programming language given sheer volume of the tools build with...