Blog | ferkakta.dev

ferkakta.dev

2026-03-03 From eight manual steps to one command
2026-03-03 Your onboarding flow is your architecture’s report card
2026-03-02 Per-Tenant CloudWatch Log Isolation on EKS, or: Why I Stopped Using aws-for-fluent-bit
2026-03-02 Why we removed aws-for-fluent-bit from EKS
2026-03-02 Zero-touch multi-tenant deploys: removing myself from the critical path
2026-02-27 An orderly EKS and Kubeflow upgrade path
2026-02-27 Drift is an availability bug
2026-02-27 Kubeflow is a version matrix, not a version
2026-02-27 Stop copying AWS managed policies — deny what you don’t want instead
2026-02-27 The IAM policy controls access — the document controls how people feel about it
2026-02-27 When a namespace owns your deployment
2026-02-26 IAM eventual consistency is 4 seconds — if your policy still doesn’t work, you have a bug
2026-02-26 IAM trust policies silently accept wildcards in principals — and silently deny everything
2026-02-26 The Over-Mighty Subject: why your site repos have too much power
2026-02-21 I replaced $489/mo in AWS Client VPN with a $3 t4g.nano running Headscale
2026-02-20 Making a Kopf operator idempotent: three-layer existence checks and the redisReady race
2026-02-20 Self-healing race conditions: when your CI/CD fails on purpose
2026-02-20 Cross-repo auto-deploy with GitHub Actions: the orchestrator pattern
2026-02-20 Your CI/CD dispatch token can rewrite your infrastructure code
2026-02-17 Your terraform apply is silently rolling back your container images
2026-02-16 Terraform module for multi-provider DNS: define once, deploy to Route53 + Cloudflare
2026-02-13 ElastiCache auth-token to RBAC migration has a Terraform provider bug
2026-02-12 Amazon WorkSpaces are invisible to SSM and CloudWatch (and how to fix it)
2026-02-12 SimpleAD is Samba 4 — you can create users with ldapadd instead of ClickOps
2026-02-11 What building infrastructure for a startup actually looks like
2026-02-10 90 AWS resources in 5 minutes — automating multi-tenant SaaS tenant lifecycle
2026-02-09 Your ACM certificate request is a beacon — scanners are watching Certificate Transparency logs

#acm #active-directory #automation #aws #ci-cd #cloudflare #cloudwatch #cmmc #debugging #devops #dns #ecr #eks #elasticache #finops #fluent-bit #github-actions #headscale #helm #iam #incident #kopf #kubeflow #kubernetes #logging #metacontroller #multi-tenant #platform-engineering #python #rbac #redis #reliability #route53 #saas #security #shell #ssm #team #terraform #versioning #vpn #wireguard #workspaces