-
The LGTM Stack: Building a Complete Observability Platform with OpenTelemetry, Tempo, Loki, and Grafana on Kubernetes
Metrics alone don’t tell you why your service failed at 2 AM. Logs alone don’t tell you which downstream call made your API slow. Traces alone don’t show you what was written to the database when a request failed. You need all three — and they need to talk to...
-
Sentinel: Building a Production-Grade AWS CloudTrail Monitoring System
Security visibility in AWS is not optional. Every API call — a user logging in, an IAM policy changing, an S3 bucket going public — generates a CloudTrail event. The problem is that CloudTrail produces enormous volumes of raw JSON that are nearly impossible to act on without tooling. I...
-
Linkerd: A Practical Guide to the Lightest Service Mesh in Production
Running microservices on Kubernetes solves the deployment problem. It does not solve the networking problem. How does service A know which pod of service B to send a request to? How do you encrypt traffic between services without changing application code? How do you know when service C is slow...
-
Terraform, Terragrunt & Atlantis: A Production-Grade IaC Workflow
Infrastructure as Code at scale comes with a familiar set of problems: duplicated module calls across environments, state file collisions, no PR-based review for infra changes, and sprawling root modules that nobody dares touch. This post walks through how I structure Terraform modules, layer Terragrunt on top to eliminate repetition,...
-
Building Kubernetes Admission Webhooks in Go
Kubernetes is extensible by design. One of the most powerful extension points it offers is the admission webhook — a mechanism that lets you intercept any resource before it lands in etcd and either reject it or silently mutate it. Nginx Ingress uses it to configure Nginx from annotations. Linkerd...
