CloudOn Engineering Blog

CloudOn Engineering BlogPractical write-ups on Kubernetes, Terraform, FinOps, CI/CD security and cloud operations from the CloudOn team.https://cloudon-one.com/en-usI deleted every Kubernetes Secret in our clusters. Uptime went up.https://cloudon-one.com/blog/i-deleted-every-kubernetes-secret-in-our-clusters-uptime-went-up/https://cloudon-one.com/blog/i-deleted-every-kubernetes-secret-in-our-clusters-uptime-went-up/Why kind: Secret is security theater, and what to run instead: Secret Manager + CSI driver + pod identity. Full migration playbook, trade-offs, and the rotation pattern that stopped 2am pages.Tue, 12 May 2026 00:00:00 GMTKubernetesGKEEKSSecretsDevSecOpsCSIWorkload IdentityIRSAYaroslav NaumenkoI stopped using count in Terraform modules. Here's what I use instead.https://cloudon-one.com/blog/i-stopped-using-count-in-terraform-modules-here-s-what-i-use-instead/https://cloudon-one.com/blog/i-stopped-using-count-in-terraform-modules-here-s-what-i-use-instead/Why count is a production-grade footgun in Terraform, how for_each with stable string keys fixes it, and the rough heuristic I use to decide which one to reach for.Fri, 01 May 2026 00:00:00 GMTTerraformIaCPlatform EngineeringDevOpsCloud ArchitectureYaroslav NaumenkoTerraform Workspaces Are Not Environments (I Spent Two Years Thinking They Were)https://cloudon-one.com/blog/terraform-workspaces-are-not-environments-i-spent-two-years-thinking-they-were/https://cloudon-one.com/blog/terraform-workspaces-are-not-environments-i-spent-two-years-thinking-they-were/How we migrated 14 Terraform workspaces to isolated root modules — and why workspaces were never the right tool for environment separation.Tue, 14 Apr 2026 00:00:00 GMTTerraformIaCPlatform EngineeringCloud ArchitectureDevOpsYaroslav NaumenkoWhy I Stopped Writing Terraform Modules and What I Use Insteadhttps://cloudon-one.com/blog/terraform-modules-terragrunt-alternative/https://cloudon-one.com/blog/terraform-modules-terragrunt-alternative/How replacing 80 Terraform modules with opinionated root configs and Terragrunt cut our IaC maintenance burden and eliminated version coordination nightmares.Fri, 10 Apr 2026 00:00:00 GMTTerraformTerragruntIaCDevOpsPlatform EngineeringYaroslav NaumenkoHow I Mass-Deleted 200+ AWS IAM Users Without Breaking Productionhttps://cloudon-one.com/blog/aws-iam-mass-delete-identity-migration/https://cloudon-one.com/blog/aws-iam-mass-delete-identity-migration/A first-person account of discovering 206 IAM users on a production AWS account and migrating to federated access with Okta and Identity Center — ending with a zero-rollback mass deletion.Wed, 25 Mar 2026 00:00:00 GMTAWSIAMSecurityComplianceDevSecOpsYaroslav NaumenkoOpenClaw on GCP Cloud Run: Secure, Serverless, Multi-Tenanthttps://cloudon-one.com/blog/openclaw-gcp-cloud-run/https://cloudon-one.com/blog/openclaw-gcp-cloud-run/How to deploy OpenClaw AI agents on GCP Cloud Run with complete per-tenant isolation, serverless scaling, and production-ready security.Sun, 01 Mar 2026 00:00:00 GMTGCPCloud RunOpenClawAI AgentsServerlessYaroslav NaumenkoKubernetes Networking Unlocked: Why You Need Both a CNI and a Service Meshhttps://cloudon-one.com/blog/kubernetes-networking-cni-service-mesh/https://cloudon-one.com/blog/kubernetes-networking-cni-service-mesh/A guide demystifying the roles of CNI plugins and Service Mesh in Kubernetes, explaining how they work together for connectivity, security, and traffic management.Wed, 22 Jan 2025 00:00:00 GMTKubernetesNetworkingCNIService MeshIstioYaroslav NaumenkoCut GCP Costs on Autopilot: Meet the CloudOn GCP FinOps Guardianhttps://cloudon-one.com/blog/cut-gcp-costs-finops-guard/https://cloudon-one.com/blog/cut-gcp-costs-finops-guard/A serverless solution that harnesses Google Cloud's Recommender API to pinpoint cost savings and optimization opportunities across your entire GCP organization.Mon, 13 Jan 2025 00:00:00 GMTGCPFinOpsCost OptimizationCloud FunctionsTerraformYaroslav NaumenkoSlash Your AWS Costs with CloudOn AWS FinOps Guardian: The Ultimate Guidehttps://cloudon-one.com/blog/slash-aws-costs-finops-guardian/https://cloudon-one.com/blog/slash-aws-costs-finops-guardian/The ultimate guide to using CloudOn's AWS FinOps Guardian for automated resource cleanup, idle resource detection, and cloud cost optimization across AWS regions.Fri, 10 Jan 2025 00:00:00 GMTAWSFinOpsCost OptimizationLambdaTerraformYaroslav NaumenkoKubernetes Platform Terraform Modules: Supercharge Your DevOps Journeyhttps://cloudon-one.com/blog/kubernetes-platform-terraform-modules/https://cloudon-one.com/blog/kubernetes-platform-terraform-modules/Explore a suite of reusable Terraform modules that streamline Kubernetes cluster infrastructure, security, networking, and observability for production-ready platforms.Wed, 08 Jan 2025 00:00:00 GMTKubernetesTerraformDevOpsPlatform EngineeringYaroslav NaumenkoSimplify Your Kubernetes Platform with Terragrunt: A Comprehensive Walkthroughhttps://cloudon-one.com/blog/simplify-kubernetes-terragrunt/https://cloudon-one.com/blog/simplify-kubernetes-terragrunt/A comprehensive walkthrough of using Terragrunt to deploy and maintain complex Kubernetes ecosystems including service mesh, observability, and platform tools.Wed, 08 Jan 2025 00:00:00 GMTKubernetesTerragruntIaCPlatform EngineeringGitOpsYaroslav NaumenkoBuilding a Comprehensive Infra Validation Pipeline with GitHub Actionshttps://cloudon-one.com/blog/infra-validation-pipeline-github-actions/https://cloudon-one.com/blog/infra-validation-pipeline-github-actions/How to implement a robust infrastructure validation pipeline using GitHub Actions covering security scanning, cost management, and quality checks for Terraform and IaC code.Mon, 06 Jan 2025 00:00:00 GMTGitHub ActionsCI/CDSecurityTerraformDevSecOpsYaroslav NaumenkoLambda Fleet Monitoring with OpenSearch: Real-Time Insights at Scalehttps://cloudon-one.com/blog/lambda-fleet-monitoring-opensearch/https://cloudon-one.com/blog/lambda-fleet-monitoring-opensearch/How to build a real-time monitoring solution for AWS Lambda fleets using OpenSearch, providing insights into performance, errors, and cost at scale.Sun, 15 Dec 2024 00:00:00 GMTAWSLambdaOpenSearchMonitoringObservabilityYaroslav Naumenko