Kubernetes ServiceAccount Tokens and CI/CD Authentication
A practical explanation of how Kubernetes ServiceAccount authentication works for CI/CD systems, what changed in Kubernetes 1.24, and why previously working ...
Posts by Tag
- kubernetes 13
- troubleshooting 8
- operations 7
- rails 4
- performance 4
- git 4
- cli 4
- kubectl 4
- networking 4
- linux 3
- ci-cd 3
- gitlab 3
- postgresql 3
- debugging 3
- configuration 3
- containers 3
- docker 3
- terminal 3
- infrastructure 3
- authentication 3
- security 3
- storage 3
- hypervisor 3
- sql 2
- vim 2
- version-control 2
- database 2
- ruby 2
- filesystems 2
- virtualization 2
- certificates 2
- openssl 2
- productivity 2
- workflows 2
- aws 2
- secrets 2
- automation 2
- configuration-management 2
- capacity-planning 2
- cpu 2
- memory 2
- observability 2
- helm 2
- persistent-volumes 2
- nfs 2
- storageclass 2
- stateful-workloads 2
- kubeconfig 2
- databases 2
- tar 1
- gzip 1
- zip 1
- compression 1
- archives 1
- activerecord 1
- optimization 1
- unicorn 1
- process-management 1
- zero-downtime 1
- sudo 1
- permissions 1
- systemd 1
- systemctl 1
- services 1
- branches 1
- cleanup 1
- pipelines 1
- github 1
- transaction-log 1
- maintenance 1
- libpq 1
- headers 1
- compilation 1
- native-extensions 1
- git-log 1
- api 1
- ls 1
- rvm 1
- version-management 1
- development 1
- vagrant 1
- images 1
- pfx 1
- pkcs12 1
- tls 1
- editor 1
- tmux 1
- ssh 1
- apt 1
- gpg 1
- repository-signing 1
- supply-chain 1
- pki 1
- upgrades 1
- terraform 1
- tagging 1
- data-sources 1
- twelve-factor 1
- fzf 1
- bash 1
- zsh 1
- developer-tools 1
- gitlab-runner 1
- rbac 1
- service-accounts 1
- merge-request 1
- developer-workflow 1
- cluster-configuration 1
- control-plane 1
- aws-cli 1
- iam 1
- cloud 1
- ansible 1
- idempotency 1
- tcp-ip 1
- dns 1
- latency 1
- packet-loss 1
- sysstat 1
- virtual-switching 1
- python 1
- design-patterns 1
- solid 1
- vcpu 1
- scheduling 1
- overcommitment 1
- vm 1
- kvm 1
- esxi 1
- ha 1
- osi 1
- layer2 1
- layer3 1
- vlan 1
- subnet 1
- package-management 1
- chef 1
- knife 1
- bootstrap 1
- aliases 1
- developer-productivity 1
- docker-create 1
- container-runtime 1
- namespaces 1
- finalizers 1
- day-2-operations 1
- bytes 1
- fundamentals 1
- systems 1
- access-control 1
- serviceaccounts 1
- cicd 1
- homebrew 1
- toolchains 1
- reproducibility 1
- multi-tenant 1
- rds 1
- platform-engineering 1
kubernetes
Creating and Understanding kubeconfig Files
A practical mental model for creating and understanding kubeconfig files, including clusters, users, contexts, and how kubectl actually authenticates.
Installing the NFS Subdir External Provisioner with Helm
How to install and reason about the NFS Subdir External Provisioner using Helm, enabling dynamic NFS-backed Persistent Volumes in Kubernetes.
Fixing Kubernetes Namespaces Stuck in Terminating
A practical explanation of why Kubernetes namespaces get stuck in Terminating and how to safely resolve the issue by understanding and managing finalizers.
Creating Kubernetes Secrets from the Command Line (and When Not To)
Practical notes on creating Kubernetes Secrets from the command line, including when kubectl create secret is appropriate—and when it becomes a liability.
How NFS-Backed Persistent Volumes Actually Work in Kubernetes
A practical mental model for understanding how NFS-backed Persistent Volumes, StorageClasses, and external provisioners work together in Kubernetes.
Helm CLI: Practical Command Notes
A practical collection of Helm CLI commands for inspecting releases, managing charts, and debugging deployments in Kubernetes clusters.
Network Concepts for Platform Engineers
A practical refresher on Layer 2 vs Layer 3 networking, VLANs vs subnets, and how these concepts actually show up in day-to-day platform engineering work.
Kubernetes Cluster Configuration: Decisions That Shape Everything
A practical guide to Kubernetes cluster configuration, focusing on the early decisions that determine security, reliability, and operational sanity.
Authenticating GitLab Runner to Kubernetes
How GitLab Runner authenticates to Kubernetes, the security implications of each method, and how to choose the right approach for production clusters.
Using Kubernetes Secrets for Rails Application Configuration
How to configure a Rails application using Kubernetes Secrets, why this pattern works well in containerized environments, and what pitfalls to avoid.
Kubernetes Manual Certificate Updates and Upgrade Bug Fixes
How to manually update Kubernetes certificates, why certificate issues often surface during upgrades, and how to safely recover clusters when automation fall...
Kubernetes Cheatsheet: Practical kubectl Commands
A practical Kubernetes cheatsheet focused on kubectl commands and patterns you actually use when operating clusters and debugging workloads.
troubleshooting
Useful Linux Commands for Platform Engineers
A small but high-leverage set of Linux commands platform engineers reach for when debugging performance, identity, and system state.
Virtualization – Network
An overview of how networking works in virtualized environments, what gets abstracted, and why troubleshooting virtual networks is often harder than physical...
Host Storage Management: Capacity, Performance, and Failure Modes
A practical guide to managing host-level storage, focusing on capacity, performance characteristics, and the failure modes engineers actually encounter in pr...
Kubernetes Manual Certificate Updates and Upgrade Bug Fixes
How to manually update Kubernetes certificates, why certificate issues often surface during upgrades, and how to safely recover clusters when automation fall...
Docker Cheatsheet: Practical Commands for Daily Use
A practical Docker cheatsheet focused on the commands and patterns you actually use when building, running, and debugging containers.
Kubernetes Cheatsheet: Practical kubectl Commands
A practical Kubernetes cheatsheet focused on kubectl commands and patterns you actually use when operating clusters and debugging workloads.
Order ls Command Output by Date
How to order ls output by date, what each time field represents, and which flags are most useful when investigating files and directories.
systemd Cheatnotes: Practical Service Management
Practical systemd commands and patterns for managing services, inspecting state, and troubleshooting issues on modern Linux systems.
operations
Operational Guardrails for Multi-Tenant PostgreSQL
Operational guardrails needed to safely run PostgreSQL in a multi-tenant configuration, including connection limits, timeouts, lock protection, shared resour...
Operational Realities of Running PostgreSQL
Practical lessons about running PostgreSQL as a system: memory, storage, I/O, and why defaults and containers don’t remove operational responsibility.
Understanding Docker Containers by Using docker create Explicitly
A practical mental model for understanding how Docker containers are configured by separating container definition from execution using docker create.
Helm CLI: Practical Command Notes
A practical collection of Helm CLI commands for inspecting releases, managing charts, and debugging deployments in Kubernetes clusters.
AWS CLI Notes: Inspecting IAM Accounts, Users, Groups, and Roles
Practical AWS CLI commands for inspecting IAM account state, users, groups, roles, and attached policies without relying on the AWS console.
Kubernetes Cluster Configuration: Decisions That Shape Everything
A practical guide to Kubernetes cluster configuration, focusing on the early decisions that determine security, reliability, and operational sanity.
Kubernetes Cheatsheet: Practical kubectl Commands
A practical Kubernetes cheatsheet focused on kubectl commands and patterns you actually use when operating clusters and debugging workloads.
rails
Using Kubernetes Secrets for Rails Application Configuration
How to configure a Rails application using Kubernetes Secrets, why this pattern works well in containerized environments, and what pitfalls to avoid.
Run a Rails App Without a Database
How to run a Rails application without a database, why you might want to, and what configuration changes are required to avoid unnecessary coupling.
Restarting Unicorn Without Dropping Requests
How to restart a Unicorn-based Rails application safely, what signals Unicorn responds to, and how to avoid dropping requests during restarts.
Active Record: Query Only the Columns You Want
How to query only specific columns with Active Record, why it matters for performance and memory usage, and how to avoid common pitfalls.
performance
Host Memory and CPU Troubleshooting: A Practical Playbook
A practical, host-level troubleshooting guide for diagnosing CPU and memory pressure using sysstat, procfs, and core Linux tools.
Host Storage Management: Capacity, Performance, and Failure Modes
A practical guide to managing host-level storage, focusing on capacity, performance characteristics, and the failure modes engineers actually encounter in pr...
Shrink a SQL Database Log File Safely
How to safely shrink a SQL database transaction log file, when it’s appropriate to do so, and why indiscriminate shrinking often causes more harm than good.
Active Record: Query Only the Columns You Want
How to query only specific columns with Active Record, why it matters for performance and memory usage, and how to avoid common pitfalls.
git
Create a New Git Merge Request from the Command Line
A practical guide to creating Git merge requests directly from the command line, streamlining review workflows without leaving the terminal.
See Git Log in Glorious Detail
How to view Git history in rich, readable detail using git log options that surface context, intent, and change impact.
Skip the Pipeline When Pushing to Git
How to intentionally skip CI/CD pipelines when pushing to Git, when it’s appropriate to do so, and how to avoid accidental misuse.
How to Delete a Local and Remote Git Branch
How to safely delete local and remote Git branches, what the commands actually do, and how to avoid common cleanup mistakes.
cli
Docker CLI Aliases for Day-to-Day Work
A curated set of Docker CLI aliases that reduce friction during day-to-day container work, with context on how and when to use them.
Useful Linux Commands for Platform Engineers
A small but high-leverage set of Linux commands platform engineers reach for when debugging performance, identity, and system state.
Create a New Git Merge Request from the Command Line
A practical guide to creating Git merge requests directly from the command line, streamlining review workflows without leaving the terminal.
Display Verbose Output During vagrant up
How to enable verbose output during vagrant up, why it’s useful for debugging provisioning issues, and when increased verbosity is worth the noise.
kubectl
Creating and Understanding kubeconfig Files
A practical mental model for creating and understanding kubeconfig files, including clusters, users, contexts, and how kubectl actually authenticates.
Fixing Kubernetes Namespaces Stuck in Terminating
A practical explanation of why Kubernetes namespaces get stuck in Terminating and how to safely resolve the issue by understanding and managing finalizers.
Creating Kubernetes Secrets from the Command Line (and When Not To)
Practical notes on creating Kubernetes Secrets from the command line, including when kubectl create secret is appropriate—and when it becomes a liability.
Kubernetes Cheatsheet: Practical kubectl Commands
A practical Kubernetes cheatsheet focused on kubectl commands and patterns you actually use when operating clusters and debugging workloads.
networking
Virtualization – Network
An overview of how networking works in virtualized environments, what gets abstracted, and why troubleshooting virtual networks is often harder than physical...
Network Troubleshooting: A Practical, Layered Approach
A step-by-step approach to diagnosing network problems, focusing on isolating failure domains and validating assumptions layer by layer.
Kubernetes Cluster Configuration: Decisions That Shape Everything
A practical guide to Kubernetes cluster configuration, focusing on the early decisions that determine security, reliability, and operational sanity.
Docker Cheatsheet: Practical Commands for Daily Use
A practical Docker cheatsheet focused on the commands and patterns you actually use when building, running, and debugging containers.
linux
Useful Linux Commands for Platform Engineers
A small but high-leverage set of Linux commands platform engineers reach for when debugging performance, identity, and system state.
Order ls Command Output by Date
How to order ls output by date, what each time field represents, and which flags are most useful when investigating files and directories.
Save a File in Vim Without sudo
How to save a file in Vim when you forgot to open it with sudo, why the trick works, and when you should avoid using it.
ci-cd
Python Fundamentals: From Automation Scripts to Maintainable Systems
A practical guide to Python fundamentals, design patterns, and SOLID principles—framed for engineers who write Python for automation, pipelines, and systems ...
Create a New Git Merge Request from the Command Line
A practical guide to creating Git merge requests directly from the command line, streamlining review workflows without leaving the terminal.
Skip the Pipeline When Pushing to Git
How to intentionally skip CI/CD pipelines when pushing to Git, when it’s appropriate to do so, and how to avoid accidental misuse.
gitlab
Authenticating GitLab Runner to Kubernetes
How GitLab Runner authenticates to Kubernetes, the security implications of each method, and how to choose the right approach for production clusters.
Fetch the Latest GitLab Repository Signing Key
How to fetch and install the latest GitLab package repository signing key, why this matters for secure package installation, and how to avoid common APT key ...
Skip the Pipeline When Pushing to Git
How to intentionally skip CI/CD pipelines when pushing to Git, when it’s appropriate to do so, and how to avoid accidental misuse.
postgresql
Operational Guardrails for Multi-Tenant PostgreSQL
Operational guardrails needed to safely run PostgreSQL in a multi-tenant configuration, including connection limits, timeouts, lock protection, shared resour...
Operational Realities of Running PostgreSQL
Practical lessons about running PostgreSQL as a system: memory, storage, I/O, and why defaults and containers don’t remove operational responsibility.
Can’t Find the libpq-fe.h Header?
How to resolve errors related to missing libpq-fe.h headers when compiling PostgreSQL clients or native extensions, and why this issue occurs.
debugging
Recovering from Toolchain Drift on macOS
A real-world example of toolchain drift on macOS, why it happens, and how pinning or downgrading dependencies can be a pragmatic recovery strategy.
Display Verbose Output During vagrant up
How to enable verbose output during vagrant up, why it’s useful for debugging provisioning issues, and when increased verbosity is worth the noise.
See Git Log in Glorious Detail
How to view Git history in rich, readable detail using git log options that surface context, intent, and change impact.
configuration
Creating Kubernetes Secrets from the Command Line (and When Not To)
Practical notes on creating Kubernetes Secrets from the command line, including when kubectl create secret is appropriate—and when it becomes a liability.
Using Kubernetes Secrets for Rails Application Configuration
How to configure a Rails application using Kubernetes Secrets, why this pattern works well in containerized environments, and what pitfalls to avoid.
Run a Rails App Without a Database
How to run a Rails application without a database, why you might want to, and what configuration changes are required to avoid unnecessary coupling.
containers
Understanding Docker Containers by Using docker create Explicitly
A practical mental model for understanding how Docker containers are configured by separating container definition from execution using docker create.
Docker Cheatsheet: Practical Commands for Daily Use
A practical Docker cheatsheet focused on the commands and patterns you actually use when building, running, and debugging containers.
Kubernetes Cheatsheet: Practical kubectl Commands
A practical Kubernetes cheatsheet focused on kubectl commands and patterns you actually use when operating clusters and debugging workloads.
docker
Understanding Docker Containers by Using docker create Explicitly
A practical mental model for understanding how Docker containers are configured by separating container definition from execution using docker create.
Docker CLI Aliases for Day-to-Day Work
A curated set of Docker CLI aliases that reduce friction during day-to-day container work, with context on how and when to use them.
Docker Cheatsheet: Practical Commands for Daily Use
A practical Docker cheatsheet focused on the commands and patterns you actually use when building, running, and debugging containers.
terminal
Three Useful fzf Commands for Everyday Terminal Work
Three practical fzf patterns that turn common terminal tasks—finding files, commands, and processes—into fast, interactive workflows.
tmux Cheatsheet: Practical Commands for Daily Use
A practical tmux cheatsheet focused on the commands and patterns you actually use when living in terminals and remote systems.
Vim Cheatsheet: Practical Commands You Actually Use
A practical Vim cheatsheet focused on the commands and patterns most useful for everyday editing in terminal-based workflows.
infrastructure
Chef Knife Bootstrap: Practical Notes for Linux and Windows Nodes
Practical notes and command patterns for bootstrapping Linux and Windows nodes with Chef using knife bootstrap, including legacy systems and policy-based wor...
Ansible: Practical Automation Without a Control Plane
A practical look at Ansible as a lightweight automation and configuration tool, focused on how it’s used in real systems and platform environments.
AWS Tag Filtering Using Terraform Data Sources
How to use Terraform data sources to discover and filter AWS resources by tags, enabling dynamic and environment-aware infrastructure configurations.
authentication
Kubernetes ServiceAccount Tokens and CI/CD Authentication
A practical explanation of how Kubernetes ServiceAccount authentication works for CI/CD systems, what changed in Kubernetes 1.24, and why previously working ...
Creating and Understanding kubeconfig Files
A practical mental model for creating and understanding kubeconfig files, including clusters, users, contexts, and how kubectl actually authenticates.
Authenticating GitLab Runner to Kubernetes
How GitLab Runner authenticates to Kubernetes, the security implications of each method, and how to choose the right approach for production clusters.
security
Creating Kubernetes Secrets from the Command Line (and When Not To)
Practical notes on creating Kubernetes Secrets from the command line, including when kubectl create secret is appropriate—and when it becomes a liability.
AWS CLI Notes: Inspecting IAM Accounts, Users, Groups, and Roles
Practical AWS CLI commands for inspecting IAM account state, users, groups, roles, and attached policies without relying on the AWS console.
Kubernetes Cluster Configuration: Decisions That Shape Everything
A practical guide to Kubernetes cluster configuration, focusing on the early decisions that determine security, reliability, and operational sanity.
storage
Operational Realities of Running PostgreSQL
Practical lessons about running PostgreSQL as a system: memory, storage, I/O, and why defaults and containers don’t remove operational responsibility.
Understanding Byte Size Units (Without Overthinking Them)
A practical explanation of byte size units—KB vs KiB, MB vs MiB—and why the distinction matters in real systems.
Host Storage Management: Capacity, Performance, and Failure Modes
A practical guide to managing host-level storage, focusing on capacity, performance characteristics, and the failure modes engineers actually encounter in pr...
hypervisor
Server Virtualization for Platform Engineers
A platform-engineer-focused overview of server virtualization, covering hypervisors, overcommitment, availability, and how these concepts still matter in a c...
Virtualization and CPU: vCPU, Scheduling, and Overcommitment
A platform engineer’s guide to how CPUs are virtualized, how vCPUs are scheduled, and why CPU overcommitment usually works—until it doesn’t.
Virtualization – Network
An overview of how networking works in virtualized environments, what gets abstracted, and why troubleshooting virtual networks is often harder than physical...
sql
Shrink a SQL Database Log File Safely
How to safely shrink a SQL database transaction log file, when it’s appropriate to do so, and why indiscriminate shrinking often causes more harm than good.
Active Record: Query Only the Columns You Want
How to query only specific columns with Active Record, why it matters for performance and memory usage, and how to avoid common pitfalls.
vim
Vim Cheatsheet: Practical Commands You Actually Use
A practical Vim cheatsheet focused on the commands and patterns most useful for everyday editing in terminal-based workflows.
Save a File in Vim Without sudo
How to save a file in Vim when you forgot to open it with sudo, why the trick works, and when you should avoid using it.
version-control
See Git Log in Glorious Detail
How to view Git history in rich, readable detail using git log options that surface context, intent, and change impact.
How to Delete a Local and Remote Git Branch
How to safely delete local and remote Git branches, what the commands actually do, and how to avoid common cleanup mistakes.
database
Run a Rails App Without a Database
How to run a Rails application without a database, why you might want to, and what configuration changes are required to avoid unnecessary coupling.
Shrink a SQL Database Log File Safely
How to safely shrink a SQL database transaction log file, when it’s appropriate to do so, and why indiscriminate shrinking often causes more harm than good.
ruby
RVM Cheatsheet: Practical Ruby Version Management
A practical RVM cheatsheet covering the commands you actually use to install, switch, and manage Ruby versions and gemsets.
Run a Rails App Without a Database
How to run a Rails application without a database, why you might want to, and what configuration changes are required to avoid unnecessary coupling.
filesystems
Host Storage Management: Capacity, Performance, and Failure Modes
A practical guide to managing host-level storage, focusing on capacity, performance characteristics, and the failure modes engineers actually encounter in pr...
Order ls Command Output by Date
How to order ls output by date, what each time field represents, and which flags are most useful when investigating files and directories.
virtualization
Virtualization – Network
An overview of how networking works in virtualized environments, what gets abstracted, and why troubleshooting virtual networks is often harder than physical...
Display Verbose Output During vagrant up
How to enable verbose output during vagrant up, why it’s useful for debugging provisioning issues, and when increased verbosity is worth the noise.
certificates
Kubernetes Manual Certificate Updates and Upgrade Bug Fixes
How to manually update Kubernetes certificates, why certificate issues often surface during upgrades, and how to safely recover clusters when automation fall...
Key and Certificate Extraction from a PFX File
How to extract private keys and certificates from a PFX (PKCS#12) file using OpenSSL, with an explanation of what’s inside the file and how to handle the out...
openssl
Recovering from Toolchain Drift on macOS
A real-world example of toolchain drift on macOS, why it happens, and how pinning or downgrading dependencies can be a pragmatic recovery strategy.
Key and Certificate Extraction from a PFX File
How to extract private keys and certificates from a PFX (PKCS#12) file using OpenSSL, with an explanation of what’s inside the file and how to handle the out...
productivity
tmux Cheatsheet: Practical Commands for Daily Use
A practical tmux cheatsheet focused on the commands and patterns you actually use when living in terminals and remote systems.
Vim Cheatsheet: Practical Commands You Actually Use
A practical Vim cheatsheet focused on the commands and patterns most useful for everyday editing in terminal-based workflows.
workflows
tmux Cheatsheet: Practical Commands for Daily Use
A practical tmux cheatsheet focused on the commands and patterns you actually use when living in terminals and remote systems.
Vim Cheatsheet: Practical Commands You Actually Use
A practical Vim cheatsheet focused on the commands and patterns most useful for everyday editing in terminal-based workflows.
aws
Network Concepts for Platform Engineers
A practical refresher on Layer 2 vs Layer 3 networking, VLANs vs subnets, and how these concepts actually show up in day-to-day platform engineering work.
AWS Tag Filtering Using Terraform Data Sources
How to use Terraform data sources to discover and filter AWS resources by tags, enabling dynamic and environment-aware infrastructure configurations.
secrets
Creating Kubernetes Secrets from the Command Line (and When Not To)
Practical notes on creating Kubernetes Secrets from the command line, including when kubectl create secret is appropriate—and when it becomes a liability.
Using Kubernetes Secrets for Rails Application Configuration
How to configure a Rails application using Kubernetes Secrets, why this pattern works well in containerized environments, and what pitfalls to avoid.
automation
Python Fundamentals: From Automation Scripts to Maintainable Systems
A practical guide to Python fundamentals, design patterns, and SOLID principles—framed for engineers who write Python for automation, pipelines, and systems ...
Ansible: Practical Automation Without a Control Plane
A practical look at Ansible as a lightweight automation and configuration tool, focused on how it’s used in real systems and platform environments.
configuration-management
Chef Knife Bootstrap: Practical Notes for Linux and Windows Nodes
Practical notes and command patterns for bootstrapping Linux and Windows nodes with Chef using knife bootstrap, including legacy systems and policy-based wor...
Ansible: Practical Automation Without a Control Plane
A practical look at Ansible as a lightweight automation and configuration tool, focused on how it’s used in real systems and platform environments.
capacity-planning
Server Virtualization for Platform Engineers
A platform-engineer-focused overview of server virtualization, covering hypervisors, overcommitment, availability, and how these concepts still matter in a c...
Host Storage Management: Capacity, Performance, and Failure Modes
A practical guide to managing host-level storage, focusing on capacity, performance characteristics, and the failure modes engineers actually encounter in pr...
cpu
Virtualization and CPU: vCPU, Scheduling, and Overcommitment
A platform engineer’s guide to how CPUs are virtualized, how vCPUs are scheduled, and why CPU overcommitment usually works—until it doesn’t.
Host Memory and CPU Troubleshooting: A Practical Playbook
A practical, host-level troubleshooting guide for diagnosing CPU and memory pressure using sysstat, procfs, and core Linux tools.
memory
Understanding Byte Size Units (Without Overthinking Them)
A practical explanation of byte size units—KB vs KiB, MB vs MiB—and why the distinction matters in real systems.
Host Memory and CPU Troubleshooting: A Practical Playbook
A practical, host-level troubleshooting guide for diagnosing CPU and memory pressure using sysstat, procfs, and core Linux tools.
observability
Useful Linux Commands for Platform Engineers
A small but high-leverage set of Linux commands platform engineers reach for when debugging performance, identity, and system state.
Host Memory and CPU Troubleshooting: A Practical Playbook
A practical, host-level troubleshooting guide for diagnosing CPU and memory pressure using sysstat, procfs, and core Linux tools.
helm
Installing the NFS Subdir External Provisioner with Helm
How to install and reason about the NFS Subdir External Provisioner using Helm, enabling dynamic NFS-backed Persistent Volumes in Kubernetes.
Helm CLI: Practical Command Notes
A practical collection of Helm CLI commands for inspecting releases, managing charts, and debugging deployments in Kubernetes clusters.
persistent-volumes
Installing the NFS Subdir External Provisioner with Helm
How to install and reason about the NFS Subdir External Provisioner using Helm, enabling dynamic NFS-backed Persistent Volumes in Kubernetes.
How NFS-Backed Persistent Volumes Actually Work in Kubernetes
A practical mental model for understanding how NFS-backed Persistent Volumes, StorageClasses, and external provisioners work together in Kubernetes.
nfs
Installing the NFS Subdir External Provisioner with Helm
How to install and reason about the NFS Subdir External Provisioner using Helm, enabling dynamic NFS-backed Persistent Volumes in Kubernetes.
How NFS-Backed Persistent Volumes Actually Work in Kubernetes
A practical mental model for understanding how NFS-backed Persistent Volumes, StorageClasses, and external provisioners work together in Kubernetes.
storageclass
Installing the NFS Subdir External Provisioner with Helm
How to install and reason about the NFS Subdir External Provisioner using Helm, enabling dynamic NFS-backed Persistent Volumes in Kubernetes.
How NFS-Backed Persistent Volumes Actually Work in Kubernetes
A practical mental model for understanding how NFS-backed Persistent Volumes, StorageClasses, and external provisioners work together in Kubernetes.
stateful-workloads
Operational Realities of Running PostgreSQL
Practical lessons about running PostgreSQL as a system: memory, storage, I/O, and why defaults and containers don’t remove operational responsibility.
How NFS-Backed Persistent Volumes Actually Work in Kubernetes
A practical mental model for understanding how NFS-backed Persistent Volumes, StorageClasses, and external provisioners work together in Kubernetes.
kubeconfig
Kubernetes ServiceAccount Tokens and CI/CD Authentication
A practical explanation of how Kubernetes ServiceAccount authentication works for CI/CD systems, what changed in Kubernetes 1.24, and why previously working ...
Creating and Understanding kubeconfig Files
A practical mental model for creating and understanding kubeconfig files, including clusters, users, contexts, and how kubectl actually authenticates.
databases
Operational Guardrails for Multi-Tenant PostgreSQL
Operational guardrails needed to safely run PostgreSQL in a multi-tenant configuration, including connection limits, timeouts, lock protection, shared resour...
Operational Realities of Running PostgreSQL
Practical lessons about running PostgreSQL as a system: memory, storage, I/O, and why defaults and containers don’t remove operational responsibility.
tar
File Archiving and Compression Cheatsheet
A practical cheatsheet for creating, extracting, and inspecting compressed archives using common Unix tools.
gzip
File Archiving and Compression Cheatsheet
A practical cheatsheet for creating, extracting, and inspecting compressed archives using common Unix tools.
zip
File Archiving and Compression Cheatsheet
A practical cheatsheet for creating, extracting, and inspecting compressed archives using common Unix tools.
compression
File Archiving and Compression Cheatsheet
A practical cheatsheet for creating, extracting, and inspecting compressed archives using common Unix tools.
archives
File Archiving and Compression Cheatsheet
A practical cheatsheet for creating, extracting, and inspecting compressed archives using common Unix tools.
activerecord
Active Record: Query Only the Columns You Want
How to query only specific columns with Active Record, why it matters for performance and memory usage, and how to avoid common pitfalls.
optimization
Active Record: Query Only the Columns You Want
How to query only specific columns with Active Record, why it matters for performance and memory usage, and how to avoid common pitfalls.
unicorn
Restarting Unicorn Without Dropping Requests
How to restart a Unicorn-based Rails application safely, what signals Unicorn responds to, and how to avoid dropping requests during restarts.
process-management
Restarting Unicorn Without Dropping Requests
How to restart a Unicorn-based Rails application safely, what signals Unicorn responds to, and how to avoid dropping requests during restarts.
zero-downtime
Restarting Unicorn Without Dropping Requests
How to restart a Unicorn-based Rails application safely, what signals Unicorn responds to, and how to avoid dropping requests during restarts.
sudo
Save a File in Vim Without sudo
How to save a file in Vim when you forgot to open it with sudo, why the trick works, and when you should avoid using it.
permissions
Save a File in Vim Without sudo
How to save a file in Vim when you forgot to open it with sudo, why the trick works, and when you should avoid using it.
systemd
systemd Cheatnotes: Practical Service Management
Practical systemd commands and patterns for managing services, inspecting state, and troubleshooting issues on modern Linux systems.
systemctl
systemd Cheatnotes: Practical Service Management
Practical systemd commands and patterns for managing services, inspecting state, and troubleshooting issues on modern Linux systems.
services
systemd Cheatnotes: Practical Service Management
Practical systemd commands and patterns for managing services, inspecting state, and troubleshooting issues on modern Linux systems.
branches
How to Delete a Local and Remote Git Branch
How to safely delete local and remote Git branches, what the commands actually do, and how to avoid common cleanup mistakes.
cleanup
How to Delete a Local and Remote Git Branch
How to safely delete local and remote Git branches, what the commands actually do, and how to avoid common cleanup mistakes.
pipelines
Skip the Pipeline When Pushing to Git
How to intentionally skip CI/CD pipelines when pushing to Git, when it’s appropriate to do so, and how to avoid accidental misuse.
github
Skip the Pipeline When Pushing to Git
How to intentionally skip CI/CD pipelines when pushing to Git, when it’s appropriate to do so, and how to avoid accidental misuse.
transaction-log
Shrink a SQL Database Log File Safely
How to safely shrink a SQL database transaction log file, when it’s appropriate to do so, and why indiscriminate shrinking often causes more harm than good.
maintenance
Shrink a SQL Database Log File Safely
How to safely shrink a SQL database transaction log file, when it’s appropriate to do so, and why indiscriminate shrinking often causes more harm than good.
libpq
Can’t Find the libpq-fe.h Header?
How to resolve errors related to missing libpq-fe.h headers when compiling PostgreSQL clients or native extensions, and why this issue occurs.
headers
Can’t Find the libpq-fe.h Header?
How to resolve errors related to missing libpq-fe.h headers when compiling PostgreSQL clients or native extensions, and why this issue occurs.
compilation
Can’t Find the libpq-fe.h Header?
How to resolve errors related to missing libpq-fe.h headers when compiling PostgreSQL clients or native extensions, and why this issue occurs.
native-extensions
Can’t Find the libpq-fe.h Header?
How to resolve errors related to missing libpq-fe.h headers when compiling PostgreSQL clients or native extensions, and why this issue occurs.
git-log
See Git Log in Glorious Detail
How to view Git history in rich, readable detail using git log options that surface context, intent, and change impact.
api
Run a Rails App Without a Database
How to run a Rails application without a database, why you might want to, and what configuration changes are required to avoid unnecessary coupling.
ls
Order ls Command Output by Date
How to order ls output by date, what each time field represents, and which flags are most useful when investigating files and directories.
rvm
RVM Cheatsheet: Practical Ruby Version Management
A practical RVM cheatsheet covering the commands you actually use to install, switch, and manage Ruby versions and gemsets.
version-management
RVM Cheatsheet: Practical Ruby Version Management
A practical RVM cheatsheet covering the commands you actually use to install, switch, and manage Ruby versions and gemsets.
development
RVM Cheatsheet: Practical Ruby Version Management
A practical RVM cheatsheet covering the commands you actually use to install, switch, and manage Ruby versions and gemsets.
vagrant
Display Verbose Output During vagrant up
How to enable verbose output during vagrant up, why it’s useful for debugging provisioning issues, and when increased verbosity is worth the noise.
images
Docker Cheatsheet: Practical Commands for Daily Use
A practical Docker cheatsheet focused on the commands and patterns you actually use when building, running, and debugging containers.
pfx
Key and Certificate Extraction from a PFX File
How to extract private keys and certificates from a PFX (PKCS#12) file using OpenSSL, with an explanation of what’s inside the file and how to handle the out...
pkcs12
Key and Certificate Extraction from a PFX File
How to extract private keys and certificates from a PFX (PKCS#12) file using OpenSSL, with an explanation of what’s inside the file and how to handle the out...
tls
Key and Certificate Extraction from a PFX File
How to extract private keys and certificates from a PFX (PKCS#12) file using OpenSSL, with an explanation of what’s inside the file and how to handle the out...
editor
Vim Cheatsheet: Practical Commands You Actually Use
A practical Vim cheatsheet focused on the commands and patterns most useful for everyday editing in terminal-based workflows.
tmux
tmux Cheatsheet: Practical Commands for Daily Use
A practical tmux cheatsheet focused on the commands and patterns you actually use when living in terminals and remote systems.
ssh
tmux Cheatsheet: Practical Commands for Daily Use
A practical tmux cheatsheet focused on the commands and patterns you actually use when living in terminals and remote systems.
apt
Fetch the Latest GitLab Repository Signing Key
How to fetch and install the latest GitLab package repository signing key, why this matters for secure package installation, and how to avoid common APT key ...
gpg
Fetch the Latest GitLab Repository Signing Key
How to fetch and install the latest GitLab package repository signing key, why this matters for secure package installation, and how to avoid common APT key ...
repository-signing
Fetch the Latest GitLab Repository Signing Key
How to fetch and install the latest GitLab package repository signing key, why this matters for secure package installation, and how to avoid common APT key ...
supply-chain
Fetch the Latest GitLab Repository Signing Key
How to fetch and install the latest GitLab package repository signing key, why this matters for secure package installation, and how to avoid common APT key ...
pki
Kubernetes Manual Certificate Updates and Upgrade Bug Fixes
How to manually update Kubernetes certificates, why certificate issues often surface during upgrades, and how to safely recover clusters when automation fall...
upgrades
Kubernetes Manual Certificate Updates and Upgrade Bug Fixes
How to manually update Kubernetes certificates, why certificate issues often surface during upgrades, and how to safely recover clusters when automation fall...
terraform
AWS Tag Filtering Using Terraform Data Sources
How to use Terraform data sources to discover and filter AWS resources by tags, enabling dynamic and environment-aware infrastructure configurations.
tagging
AWS Tag Filtering Using Terraform Data Sources
How to use Terraform data sources to discover and filter AWS resources by tags, enabling dynamic and environment-aware infrastructure configurations.
data-sources
AWS Tag Filtering Using Terraform Data Sources
How to use Terraform data sources to discover and filter AWS resources by tags, enabling dynamic and environment-aware infrastructure configurations.
twelve-factor
Using Kubernetes Secrets for Rails Application Configuration
How to configure a Rails application using Kubernetes Secrets, why this pattern works well in containerized environments, and what pitfalls to avoid.
fzf
Three Useful fzf Commands for Everyday Terminal Work
Three practical fzf patterns that turn common terminal tasks—finding files, commands, and processes—into fast, interactive workflows.
bash
Three Useful fzf Commands for Everyday Terminal Work
Three practical fzf patterns that turn common terminal tasks—finding files, commands, and processes—into fast, interactive workflows.
zsh
Three Useful fzf Commands for Everyday Terminal Work
Three practical fzf patterns that turn common terminal tasks—finding files, commands, and processes—into fast, interactive workflows.
developer-tools
Three Useful fzf Commands for Everyday Terminal Work
Three practical fzf patterns that turn common terminal tasks—finding files, commands, and processes—into fast, interactive workflows.
gitlab-runner
Authenticating GitLab Runner to Kubernetes
How GitLab Runner authenticates to Kubernetes, the security implications of each method, and how to choose the right approach for production clusters.
rbac
Authenticating GitLab Runner to Kubernetes
How GitLab Runner authenticates to Kubernetes, the security implications of each method, and how to choose the right approach for production clusters.
service-accounts
Authenticating GitLab Runner to Kubernetes
How GitLab Runner authenticates to Kubernetes, the security implications of each method, and how to choose the right approach for production clusters.
merge-request
Create a New Git Merge Request from the Command Line
A practical guide to creating Git merge requests directly from the command line, streamlining review workflows without leaving the terminal.
developer-workflow
Create a New Git Merge Request from the Command Line
A practical guide to creating Git merge requests directly from the command line, streamlining review workflows without leaving the terminal.
cluster-configuration
Kubernetes Cluster Configuration: Decisions That Shape Everything
A practical guide to Kubernetes cluster configuration, focusing on the early decisions that determine security, reliability, and operational sanity.
control-plane
Kubernetes Cluster Configuration: Decisions That Shape Everything
A practical guide to Kubernetes cluster configuration, focusing on the early decisions that determine security, reliability, and operational sanity.
aws-cli
AWS CLI Notes: Inspecting IAM Accounts, Users, Groups, and Roles
Practical AWS CLI commands for inspecting IAM account state, users, groups, roles, and attached policies without relying on the AWS console.
iam
AWS CLI Notes: Inspecting IAM Accounts, Users, Groups, and Roles
Practical AWS CLI commands for inspecting IAM account state, users, groups, roles, and attached policies without relying on the AWS console.
cloud
AWS CLI Notes: Inspecting IAM Accounts, Users, Groups, and Roles
Practical AWS CLI commands for inspecting IAM account state, users, groups, roles, and attached policies without relying on the AWS console.
ansible
Ansible: Practical Automation Without a Control Plane
A practical look at Ansible as a lightweight automation and configuration tool, focused on how it’s used in real systems and platform environments.
idempotency
Ansible: Practical Automation Without a Control Plane
A practical look at Ansible as a lightweight automation and configuration tool, focused on how it’s used in real systems and platform environments.
tcp-ip
Network Troubleshooting: A Practical, Layered Approach
A step-by-step approach to diagnosing network problems, focusing on isolating failure domains and validating assumptions layer by layer.
dns
Network Troubleshooting: A Practical, Layered Approach
A step-by-step approach to diagnosing network problems, focusing on isolating failure domains and validating assumptions layer by layer.
latency
Network Troubleshooting: A Practical, Layered Approach
A step-by-step approach to diagnosing network problems, focusing on isolating failure domains and validating assumptions layer by layer.
packet-loss
Network Troubleshooting: A Practical, Layered Approach
A step-by-step approach to diagnosing network problems, focusing on isolating failure domains and validating assumptions layer by layer.
sysstat
Host Memory and CPU Troubleshooting: A Practical Playbook
A practical, host-level troubleshooting guide for diagnosing CPU and memory pressure using sysstat, procfs, and core Linux tools.
virtual-switching
Virtualization – Network
An overview of how networking works in virtualized environments, what gets abstracted, and why troubleshooting virtual networks is often harder than physical...
python
Python Fundamentals: From Automation Scripts to Maintainable Systems
A practical guide to Python fundamentals, design patterns, and SOLID principles—framed for engineers who write Python for automation, pipelines, and systems ...
design-patterns
Python Fundamentals: From Automation Scripts to Maintainable Systems
A practical guide to Python fundamentals, design patterns, and SOLID principles—framed for engineers who write Python for automation, pipelines, and systems ...
solid
Python Fundamentals: From Automation Scripts to Maintainable Systems
A practical guide to Python fundamentals, design patterns, and SOLID principles—framed for engineers who write Python for automation, pipelines, and systems ...
vcpu
Virtualization and CPU: vCPU, Scheduling, and Overcommitment
A platform engineer’s guide to how CPUs are virtualized, how vCPUs are scheduled, and why CPU overcommitment usually works—until it doesn’t.
scheduling
Virtualization and CPU: vCPU, Scheduling, and Overcommitment
A platform engineer’s guide to how CPUs are virtualized, how vCPUs are scheduled, and why CPU overcommitment usually works—until it doesn’t.
overcommitment
Virtualization and CPU: vCPU, Scheduling, and Overcommitment
A platform engineer’s guide to how CPUs are virtualized, how vCPUs are scheduled, and why CPU overcommitment usually works—until it doesn’t.
vm
Server Virtualization for Platform Engineers
A platform-engineer-focused overview of server virtualization, covering hypervisors, overcommitment, availability, and how these concepts still matter in a c...
kvm
Server Virtualization for Platform Engineers
A platform-engineer-focused overview of server virtualization, covering hypervisors, overcommitment, availability, and how these concepts still matter in a c...
esxi
Server Virtualization for Platform Engineers
A platform-engineer-focused overview of server virtualization, covering hypervisors, overcommitment, availability, and how these concepts still matter in a c...
ha
Server Virtualization for Platform Engineers
A platform-engineer-focused overview of server virtualization, covering hypervisors, overcommitment, availability, and how these concepts still matter in a c...
osi
Network Concepts for Platform Engineers
A practical refresher on Layer 2 vs Layer 3 networking, VLANs vs subnets, and how these concepts actually show up in day-to-day platform engineering work.
layer2
Network Concepts for Platform Engineers
A practical refresher on Layer 2 vs Layer 3 networking, VLANs vs subnets, and how these concepts actually show up in day-to-day platform engineering work.
layer3
Network Concepts for Platform Engineers
A practical refresher on Layer 2 vs Layer 3 networking, VLANs vs subnets, and how these concepts actually show up in day-to-day platform engineering work.
vlan
Network Concepts for Platform Engineers
A practical refresher on Layer 2 vs Layer 3 networking, VLANs vs subnets, and how these concepts actually show up in day-to-day platform engineering work.
subnet
Network Concepts for Platform Engineers
A practical refresher on Layer 2 vs Layer 3 networking, VLANs vs subnets, and how these concepts actually show up in day-to-day platform engineering work.
package-management
Helm CLI: Practical Command Notes
A practical collection of Helm CLI commands for inspecting releases, managing charts, and debugging deployments in Kubernetes clusters.
chef
Chef Knife Bootstrap: Practical Notes for Linux and Windows Nodes
Practical notes and command patterns for bootstrapping Linux and Windows nodes with Chef using knife bootstrap, including legacy systems and policy-based wor...
knife
Chef Knife Bootstrap: Practical Notes for Linux and Windows Nodes
Practical notes and command patterns for bootstrapping Linux and Windows nodes with Chef using knife bootstrap, including legacy systems and policy-based wor...
bootstrap
Chef Knife Bootstrap: Practical Notes for Linux and Windows Nodes
Practical notes and command patterns for bootstrapping Linux and Windows nodes with Chef using knife bootstrap, including legacy systems and policy-based wor...
aliases
Docker CLI Aliases for Day-to-Day Work
A curated set of Docker CLI aliases that reduce friction during day-to-day container work, with context on how and when to use them.
developer-productivity
Docker CLI Aliases for Day-to-Day Work
A curated set of Docker CLI aliases that reduce friction during day-to-day container work, with context on how and when to use them.
docker-create
Understanding Docker Containers by Using docker create Explicitly
A practical mental model for understanding how Docker containers are configured by separating container definition from execution using docker create.
container-runtime
Understanding Docker Containers by Using docker create Explicitly
A practical mental model for understanding how Docker containers are configured by separating container definition from execution using docker create.
namespaces
Fixing Kubernetes Namespaces Stuck in Terminating
A practical explanation of why Kubernetes namespaces get stuck in Terminating and how to safely resolve the issue by understanding and managing finalizers.
finalizers
Fixing Kubernetes Namespaces Stuck in Terminating
A practical explanation of why Kubernetes namespaces get stuck in Terminating and how to safely resolve the issue by understanding and managing finalizers.
day-2-operations
Fixing Kubernetes Namespaces Stuck in Terminating
A practical explanation of why Kubernetes namespaces get stuck in Terminating and how to safely resolve the issue by understanding and managing finalizers.
bytes
Understanding Byte Size Units (Without Overthinking Them)
A practical explanation of byte size units—KB vs KiB, MB vs MiB—and why the distinction matters in real systems.
fundamentals
Understanding Byte Size Units (Without Overthinking Them)
A practical explanation of byte size units—KB vs KiB, MB vs MiB—and why the distinction matters in real systems.
systems
Understanding Byte Size Units (Without Overthinking Them)
A practical explanation of byte size units—KB vs KiB, MB vs MiB—and why the distinction matters in real systems.
access-control
Creating and Understanding kubeconfig Files
A practical mental model for creating and understanding kubeconfig files, including clusters, users, contexts, and how kubectl actually authenticates.
serviceaccounts
Kubernetes ServiceAccount Tokens and CI/CD Authentication
A practical explanation of how Kubernetes ServiceAccount authentication works for CI/CD systems, what changed in Kubernetes 1.24, and why previously working ...
cicd
Kubernetes ServiceAccount Tokens and CI/CD Authentication
A practical explanation of how Kubernetes ServiceAccount authentication works for CI/CD systems, what changed in Kubernetes 1.24, and why previously working ...
homebrew
Recovering from Toolchain Drift on macOS
A real-world example of toolchain drift on macOS, why it happens, and how pinning or downgrading dependencies can be a pragmatic recovery strategy.
toolchains
Recovering from Toolchain Drift on macOS
A real-world example of toolchain drift on macOS, why it happens, and how pinning or downgrading dependencies can be a pragmatic recovery strategy.
reproducibility
Recovering from Toolchain Drift on macOS
A real-world example of toolchain drift on macOS, why it happens, and how pinning or downgrading dependencies can be a pragmatic recovery strategy.
multi-tenant
Operational Guardrails for Multi-Tenant PostgreSQL
Operational guardrails needed to safely run PostgreSQL in a multi-tenant configuration, including connection limits, timeouts, lock protection, shared resour...
rds
Operational Guardrails for Multi-Tenant PostgreSQL
Operational guardrails needed to safely run PostgreSQL in a multi-tenant configuration, including connection limits, timeouts, lock protection, shared resour...
platform-engineering
Operational Guardrails for Multi-Tenant PostgreSQL
Operational guardrails needed to safely run PostgreSQL in a multi-tenant configuration, including connection limits, timeouts, lock protection, shared resour...