Engineering Blog
Practical write-ups on Kubernetes, Terraform, FinOps, CI/CD security and cloud operations — from the team behind the tools.
All Articles
I deleted every Kubernetes Secret in our clusters. Uptime went up.
Why kind: Secret is security theater, and what to run instead: Secret Manager + CSI driver + pod identity. Full migration playbook, trade-offs, and the rotation pattern that stopped 2am pages.
I stopped using count in Terraform modules. Here's what I use instead.
Why count is a production-grade footgun in Terraform, how for_each with stable string keys fixes it, and the rough heuristic I use to decide which one to reach for.
Terraform Workspaces Are Not Environments (I Spent Two Years Thinking They Were)
How we migrated 14 Terraform workspaces to isolated root modules — and why workspaces were never the right tool for environment separation.
Why I Stopped Writing Terraform Modules and What I Use Instead
How replacing 80 Terraform modules with opinionated root configs and Terragrunt cut our IaC maintenance burden and eliminated version coordination nightmares.
How I Mass-Deleted 200+ AWS IAM Users Without Breaking Production
A first-person account of discovering 206 IAM users on a production AWS account and migrating to federated access with Okta and Identity Center — ending with a zero-rollback mass deletion.
OpenClaw on GCP Cloud Run: Secure, Serverless, Multi-Tenant
How to deploy OpenClaw AI agents on GCP Cloud Run with complete per-tenant isolation, serverless scaling, and production-ready security.
Kubernetes Networking Unlocked: Why You Need Both a CNI and a Service Mesh
A guide demystifying the roles of CNI plugins and Service Mesh in Kubernetes, explaining how they work together for connectivity, security, and traffic management.
Cut GCP Costs on Autopilot: Meet the CloudOn GCP FinOps Guardian
A serverless solution that harnesses Google Cloud's Recommender API to pinpoint cost savings and optimization opportunities across your entire GCP organization.
Slash Your AWS Costs with CloudOn AWS FinOps Guardian: The Ultimate Guide
The ultimate guide to using CloudOn's AWS FinOps Guardian for automated resource cleanup, idle resource detection, and cloud cost optimization across AWS regions.
Kubernetes Platform Terraform Modules: Supercharge Your DevOps Journey
Explore a suite of reusable Terraform modules that streamline Kubernetes cluster infrastructure, security, networking, and observability for production-ready platforms.
Simplify Your Kubernetes Platform with Terragrunt: A Comprehensive Walkthrough
A comprehensive walkthrough of using Terragrunt to deploy and maintain complex Kubernetes ecosystems including service mesh, observability, and platform tools.
Building a Comprehensive Infra Validation Pipeline with GitHub Actions
How to implement a robust infrastructure validation pipeline using GitHub Actions covering security scanning, cost management, and quality checks for Terraform and IaC code.
Lambda Fleet Monitoring with OpenSearch: Real-Time Insights at Scale
How to build a real-time monitoring solution for AWS Lambda fleets using OpenSearch, providing insights into performance, errors, and cost at scale.