Herein you’ll find (hopefully) interesting tidbits that might be of use to you, and it’s a good place for me to store my various rantings.

You’ll also find my resume- in both an online long form and the more traditional condensed version.

Why is my resume posted online? Well, I got sick of traditonal CV’s and such where you make this blah blah blah list of hot keywords that you hope will help you make it past the filters.

I though, you know what? I explain these various experiences so often to various people, wouldn’t it be great if I could just link to it? Better yet, what about having my fascinating journey through technology in a format where I didn’t have to try to squash it down to n pages?

Joel Spolsky of Joel On Software fame wrote that documentation that nobody reads is useless, and therefore you had to make it easy on your readers. This is advice I’ve taken to heart, and I always try to follow it. To quote the late, great George Carlin, “My job is to entertain and inform.”

So here it is. I’m not giving away any sort of private information. Everyone within earshot of me when a particular point was brought up has probably heard the stories enough to repeat them by heart.

Sorry about that. I can’t resist a good story, even if the cashier at Chevron really doesn’t want to hear about asymmetric encryption right now…

---

Contents

Resume

• Fun Online Resume A fun version of my career. Less likely to put you to sleep.

Observability

How monitoring, logging, and tracing actually work in production Kubernetes environments.

• Metrics, Logs, Traces, and Events What makes each observability signal different, where they overlap, the cardinality problem, and how cross-signal correlation ties them together. Covers Prometheus, Loki, Tempo, and OpenTelemetry.

• Prometheus and OpenTelemetry How Prometheus and OpenTelemetry fit together — what each one does, where they overlap, where they don’t, and the practical migration path from Prometheus-only to a unified OTel pipeline.

• Distributed Tracing What distributed tracing is, how spans get produced and collected, the sampling problem, and how tracing fits alongside metrics, logs, and events. Covers OpenTelemetry, Jaeger, Grafana Tempo, and service mesh integration.

GitOps & Kubernetes

Declarative infrastructure, continuous delivery, and the operational patterns that make Kubernetes manageable at scale.

• GitOps kubectl apply and helm install are not GitOps. Why the distinction matters, what GitOps actually is, and why imperative cluster management is just SSH-ing into production with extra steps.

• FluxCD vs ArgoCD: Architectural Comparison Deep architectural comparison of FluxCD and ArgoCD for Kubernetes platform engineers. Covers CRD models, state propagation, Argo’s eight points of state divergence, controller deadlocks, and why Flux’s distributed architecture avoids these failure modes.

• Talos Linux OIDC for AWS with Terraform Connect your Talos Kubernetes clusters to AWS via OIDC.

• Kubernetes Shell Functions Kubernetes commands can get painful to type. These make it a lot easier to interact with a cluster.

• GitHub Actions Reference Reference implementation for GitHub Actions CI/CD pipelines with automated testing, linting, semantic versioning, and release management.

• Terraform Auto AMI Rolling Window Auto updating AMI’s with a configurable rolling window so we can stay up to date, but not necessarily bleeding edge.

Engineering Philosophy

Opinions on how to write software, run teams, and think about problems. Some of these are about code. Some are about cats.

• Puppets and Octopi Why top-down orchestration hits a wall. The fundamental difference between imperative orchestration and declarative convergence, and why no amount of doing the former “right” fixes the scaling limit.

• The Best Dog Trainer in the World You can be the best dog trainer in the world. Your cat doesn’t care. Why “try harder” and “get better” don’t help when you’re solving the wrong problem.

• Engineering Standards My philosophy on code standards - especially in Golang, and by inference on the rest of life.

• TDD Test Driven Development Manifesto

• Documentation My documentation manifesto. How I do docs, and why you might want to consider doing something similar.

• The Three Virtues of a Programmer I didn’t invent them. I didn’t put them online, but Perl was my first programming language, and I feverently believe that these are virtues we should all embrace.

Tools & Projects

Open source tools I’ve built and maintain.

• kubectl-ssh-oidc Kubernetes CLI plugin for passwordless, SSH-key-based cluster authentication via OIDC. Users authenticate with their SSH keys instead of passwords or browser-based OAuth flows. Works with a companion Dex SSH connector.

• Dex (SSH Connector Fork) Fork of the Dex OpenID Connect identity provider adding a custom SSH connector. Enables SSH-key-based authentication to Kubernetes clusters via JWT token exchange or challenge/response — no certificates, no passwords, no browser redirects.

• RBAC Expiry Operator Kubernetes operator for time-limited RBAC grants with automatic expiration, drift correction, and Prometheus metrics. Includes a kubectl plugin for grant management. Solves a compliance gap Kubernetes doesn’t address natively.

• Hasura Operator Kubernetes Operator for declarative Hasura GraphQL deployment and management. Makes Hasura GitOps-ready.

• K8s Cluster Manager Kubernetes cluster lifecycle management tool for provisioning and managing multiple clusters.

• Diagnostic Slackbot AI-powered Slack bot for automated infrastructure diagnostics. Analyzes WAF logs, Kubernetes events, and system metrics. Allows users to interact with it via slack, and leverage a curated list of prompts that can be tuned for your specific infrastructure.

• Resume Tailor AI-powered tool for generating tailored resumes and cover letters from structured achievements using Claude API.

• Named Returns Linter enforcing the use of named returns in Go functions. Named returns improve code readability and make function signatures more self-documenting.

• DBT: Dynamic Binary Toolkit A framework for distributing self-updating signed binaries. Users always run the latest version without manual upgrades — the tool checks for updates, verifies signatures, and replaces itself transparently.

• Gomason CI/CD in your pocket. Build, sign, and publish Go binaries locally.

• Managed Secrets A YAML interface on Hashicorp Vault.

Reference & Legacy

Older pieces that are still useful in the right context.

• IAM Beyond AWS Something I did recently that’s both nasty and beautiful, but most of all useful!

• Python Python Development Tips

• LocalEnv Trick for syncing a CLI environment with your IDE

• LDAP for people with better things to do than master LDAP LDAP can be painful, but everything already knows how to connect to it. Why not connect all the things?

• One Script OpenStack Installer The hardest parts of OpenStack are 1: setting it up and 2: upgrading it. Here’s a way I solved problem #1 and paved the way to handle #2.

• Using CircleCI as if it was a Maven Repo Using CircleCI? Don’t have a private Maven repo? Check this out.

• Distributing Java Binaries via Homebrew A Maven plugin for writing homebrew formulae from templates. Useful if you want to install executable jars via Homebrew and have them just work like any other Homebrew-installed tool.