// insights

Cloud infrastructure,
demystified.

Deep-dives on AWS, Kubernetes, Terraform, and the craft of building systems that scale without breaking.

# eks-cluster.tf
 
resource "aws_eks_cluster" "prod" {
  name     = "prod-cluster"
  version  = "1.29"
  role_arn = module.iam.cluster_role
 
  vpc_config {
    subnet_ids = var.private_subnets
    endpoint_private_access = true
    endpoint_public_access  = false
  }
}
Kubernetes

The EKS production checklist we use for every client

After deploying dozens of production EKS clusters, we've distilled everything into a repeatable checklist — private endpoints, node group configs, IAM least-privilege, and the 12 things most teams skip.

Vishwaraja Pathi · March 28, 2026 · 8 min read
Read article
📦

How we structure Terraform modules for multi-environment deployments

A practical look at the module layout that keeps dev, staging, and prod in sync without copy-paste drift.

Terraform Mar 20 · 6 min
💸

We audited 10 AWS accounts. Here's where the money was wasted.

Idle NAT gateways, over-provisioned RDS, forgotten EBS volumes — the usual suspects, and how to find them fast.

Cost Mar 12 · 5 min
🔐

mTLS between microservices without a service mesh

Full mutual TLS across your Kubernetes workloads using cert-manager and a sidecar pattern — no Istio required.

Security Mar 5 · 9 min

Keyless AWS deployments with GitHub Actions OIDC

Stop storing long-lived AWS keys in GitHub Secrets. Here's how to use OIDC federation for short-lived credentials on every deploy.

DevOps Feb 25 · 7 min
📈

Karpenter vs Cluster Autoscaler: which one should you use?

We've run both in production. Here's an honest breakdown of cost savings, complexity, and when one is better than the other.

Kubernetes Feb 18 · 10 min
🌐

The AWS VPC design we use for every new client

Public, private, and intra subnets across three AZs, with NAT gateway placement and CIDR sizing decisions explained.

AWS Feb 10 · 6 min

Infrastructure insights, straight to your inbox.

One post a week. No noise. Unsubscribe anytime.