IAM Roles and Least-Privilege Policies for CI/CD Pipelines on AWS
Long-lived AWS access keys in CI/CD pipelines are a liability — scoped IAM roles with temporary credentials are the correct architecture. This tutorial walks through trust policy design, OIDC federation, and the policy mistakes that cause real incidents.
boto3 EC2 inventory script with argparse profiles and structured logging
A Python CLI that lists running EC2 instances across regions using boto3 sessions, argparse, and paginators, with a fix for the NoRegionError that bit me mid-refactor.
Postgres Database Backups on Kubernetes Using a Scheduled CronJob
Manual Postgres backups don't belong in a production Kubernetes environment — pods are ephemeral, PVCs can disappear, and human schedules are unreliable. This tutorial walks through a CronJob-based backup strategy that runs pg_dump on a schedule, ships compressed dumps to S3, and handles retention automatically.
Terraform Root Config Wiring VPC, IAM, and S3 Modules Together
One root module connecting community VPC, S3, and a local IAM module with correct dependency ordering and remote state.
Kubernetes Deployment Service and Ingress wiring in one manifest
A working example of Deployment, Service, and Ingress resources wired together in a single file, with the 503 that breaks it when names don't match.
kubectl shell alias for listing pods across all namespaces sorted by creation time
A single shell alias replaces the full kubectl get pods command you type dozens of times a day. This tutorial walks through defining it, loading it correctly, and extending it into a function when you need dynamic namespace filtering.
Scoped kubectl Aliases for Repetitive Multi-Flag Commands
A single well-placed alias eliminates the daily friction of retyping long kubectl commands with fixed contexts and namespaces. This tutorial covers global alias setup, per-project scoping with direnv, and safe verification practices.
Integrating HashiCorp Vault Secrets into Terraform AWS Deployments
Storing database credentials and API keys in plaintext Terraform state is a real security liability. This tutorial walks through wiring HashiCorp Vault into your Terraform workflow so secrets are fetched dynamically at plan time — never hardcoded in configuration files.
Argo CD GitOps Sync and Rollback on Kubernetes
Deploy a sample application through Argo CD, configure automated sync policies that enforce Git as the single source of truth, and execute a tracked rollback when a bad revision reaches your cluster.
Centralizing Rust Dedicated Server Logs with Loki, Promtail, and Grafana
Running a Rust dedicated server without centralized logging means chasing a single flat file every time something goes wrong. This tutorial walks through wiring Promtail, Loki, and Grafana into a production-grade log pipeline on the same Linux host as your game server.
☕ Support us · 💳 Monobank