Blog

Deep dives on Cloud, DevOps, AI, and everything in between.

ACME AI AWS CNCF CSR Career Certificate Authority Certificate Errors Certificate Types Chain of Trust Cipher Suites Client Certificates Cloud Engineering CloudNative Cryptography DevOps Encryption Engineering EnvoyGateway Forward Secrecy GatewayAPI HAProxy HSTS HTTPS Handshake Hashing IncidentResponse Ingress Intermediate CA K8s Kibana Kubernetes Let's Encrypt Lets Encrypt Migration Networking OCSP OpenSSL PEM PKCS12 PKI Prometheus Redis RootCauseAnalysis SAN SNI SRE SSL SSL Offloading Security Self-signed TLS TLS 1.3 TLS Termination Terraform Traefik Troubleshooting cert-manager ingress-nginx mTLS nginx x509

Featured

TLS Troubleshooting Certificate Errors Kubernetes cert-manager Ingress

TLS Mastery — Part 8: Common Certificate Errors & How to Fix Them

The final part: a practical troubleshooting reference for the certificate errors you actually hit — untrusted CA, hostname/SAN mismatch, expired certs, broken chains, the 502/503 backend re-encryption trap, and cert-manager issues.

June 25, 2026 14 min read

Featured

TLS Kubernetes Ingress SSL Offloading TLS Termination Traefik mTLS Client Certificates cert-manager Let's Encrypt

TLS Mastery — Part 7: Kubernetes Ingress TLS (SSL Offloading) | mTLS, Client Certs & cert-manager

Secure traffic into a Kubernetes cluster — Ingress routing, TLS termination at the controller, mutual TLS with client certificates, and automating cert issuance with cert-manager.

June 20, 2026 18 min read

Featured

TLS PEM PKCS12 OCSP Lets Encrypt ACME HSTS

TLS Mastery — Part 6: Formats, Revocation, Let's Encrypt & HSTS

The real-world TLS topics tutorials skip: certificate file formats, revocation (CRL/OCSP/stapling), free automated certificates with Let's Encrypt and ACME, and HSTS.

June 18, 2026 10 min read

Featured

TLS OpenSSL Certificate Authority Intermediate CA CSR SAN x509

TLS Mastery — Part 5: Build Your Own CA — Root → Intermediate → Leaf, CSR & SAN

Build a real corporate certificate chain with OpenSSL — root → intermediate → leaf — generate a CSR, handle Subject Alternative Names (and the extension-stripping gotcha), and trust your CA in the browser.

June 13, 2026 12 min read

Featured

TLS OpenSSL nginx CSR Self-signed Certificate Types

TLS Mastery — Part 4: Hands-On OpenSSL — Self-Signed Cert + nginx

Certificate types, what a CSR is, the standard certificate workflow, and a hands-on: create a self-signed certificate with OpenSSL and enable TLS on nginx.

June 10, 2026 10 min read

Featured

TLS Handshake TLS 1.3 Forward Secrecy Cipher Suites SNI Security Networking

TLS Mastery — Part 3: The TLS Handshake (Classic vs Modern), Versions & SNI

How the TLS handshake works — the classic RSA model and the modern TLS 1.2/1.3 reality with forward secrecy — plus TLS versions, cipher suites, and SNI.

June 6, 2026 12 min read

Featured

TLS HTTPS Certificate Authority PKI Chain of Trust Certificate Types Security Networking

TLS Mastery — Part 2: HTTPS, Certificates, CAs, PKI & the 3 Certificate Types

What HTTPS is, what a certificate contains, how CAs create trust through signing, the root/intermediate chain, PKI, and the three certificate types (public, corporate, self-signed) compared.

June 4, 2026 10 min read

Featured

TLS SSL Cryptography Encryption Hashing Security HTTPS Networking

TLS Mastery — Part 1: Why TLS Exists & The Cryptography Behind It

Why plain HTTP is unsafe, and the cryptography foundations behind TLS: cryptography vs encryption, hashing, and symmetric vs asymmetric keys.

May 30, 2026 8 min read

Featured

AI DevOps Career SRE Engineering Terraform Kubernetes

Driver or Passenger? The DevOps Engineer's AI Paradox

The engineers using AI the most aren't always getting better — the ones using it passively are getting duller. Here's the honest self-audit every DevOps engineer should run.

May 27, 2026 9 min read

Featured

Kubernetes ingress-nginx GatewayAPI DevOps SRE CNCF Traefik HAProxy EnvoyGateway CloudNative Migration K8s

RIP ingress-nginx: A Practical Migration Guide for the Other 44%

CNCF broke the news. This post answers the question everyone's actually asking: what do I do now?

May 22, 2026 9 min read

Featured

DevOps Kubernetes Redis IncidentResponse SRE AI RootCauseAnalysis Kibana Prometheus

It Took a Midnight Oncall to Prove AI Isn't Replacing DevOps — Yet

A Saturday-night oncall. A cascading Redis failure. A bottom-up investigation. And the moment I realised that no amount of LLM magic replaces an engineer who truly understands the system.

May 17, 2026 8 min read

Featured

AWS DevOps AI Cloud Engineering SRE

Is DevOps Dead? AWS's New AI Agent Changes Everything

AWS just shipped a DevOps agent that investigates incidents, fixes production bugs, and writes root-cause analysis — while you sleep. Here's what it means for your career.

May 14, 2026 8 min read