Jenkins to AWS Authentication with OIDC: Replacing Static Keys with Federated Identity
Static AWS access keys in Jenkins are a persistent security liability — rotation is manual, secrets sprawl across credential stores, and a single leak can compromise entire environments. This post walks through configuring OIDC federation between Jenkins and AWS IAM so your pipelines authenticate with short-lived tokens and no stored secrets.
Jenkins Shared Library Structure for Reusable CI Pipelines
A Jenkins shared library centralizes pipeline logic in a single versioned repository, eliminating copy-paste Groovy across every team's Jenkinsfile. This post covers directory structure, step conventions, end-to-end consumption examples, and the serialization pitfalls that catch most engineers off guard.
Loki Retention and Index Tuning for High-Volume Log Pipelines
When log ingestion rates climb into the tens of gigabytes per day, default Loki settings quickly become a liability — bloated indexes, runaway storage costs, and silent retention failures are the most common consequences. This guide walks through a production-grade configuration covering retention policies, TSDB index tuning, and compactor validation for Loki deployments under sustained load.
Reducing Alert Fatigue with Prometheus Alertmanager Routing
Alert fatigue silently degrades incident response — engineers start ignoring notifications, and real incidents get buried in noise. This post walks through Alertmanager routing configuration with inhibition rules, grouping strategies, and tiered receivers to restore signal quality in production monitoring.
Argo CD Progressive Delivery: Canary Releases with Automated Health Gates
Progressive delivery with Argo CD and Argo Rollouts gives platform teams fine-grained control over canary promotions, replacing manual intervention with metric-driven health gates. This tutorial walks through defining a Rollout resource, wiring AnalysisTemplates to Prometheus, and operating a full canary cycle from image push to stable promotion.
Helm Release Rollback Strategy with Safe Values Promotion Across Environments
A structured walkthrough of building a Helm rollback workflow that validates values files before promoting across environments, preventing broken releases from ever reaching production. Covers schema validation, helm-diff previews, atomic upgrades, and CI/CD-integrated health-gated rollback.
Kubernetes HPA and VPA Rightsizing for Production Autoscaling
Horizontal and vertical autoscaling in Kubernetes serve different purposes, and running them together without a clear ownership model leads to resource contention and unpredictable pod behavior. This walkthrough establishes a production-grade HPA and VPA configuration where each controller owns a distinct resource dimension.
Terraform Remote State on AWS: S3 Backend with DynamoDB Locking
Local Terraform state files are a liability the moment a second engineer joins the project. This tutorial walks through provisioning an S3 backend with DynamoDB state locking — the standard pattern for safe, concurrent infrastructure management on AWS.
Apache2 with php-fpm8.3 configuration for WordPress(WooCommerce) site
Production-oriented Apache + PHP-FPM 8.3 configuration for WordPress/WooCommerce with explicit site.conf, prefork, and php-fpm pool values.
Bash script: Sync local files with S3 bucket
A guarded Bash sync workflow for WordPress-to-S3 backups with service checks, content validation, and structured logging.
☕ Support us · 💳 Monobank