Platform engineering, security, infrastructure, and the occasional philosophical tangent. Writing about Kubernetes, observability, GitOps, and building things that work.https://nikogura.com/https://nikogura.com/blog/web3-for-infra-engineers/https://nikogura.com/blog/web3-for-infra-engineers/Everything in Web3 is something you already know. Wallet signing is SSH authentication v2, smart contracts are RPC endpoints with public immutable code, and the trust model is the same "verify, don't trust" principle that drives every good infrastructure system.Wed, 25 Mar 2026 00:00:00 GMThttps://nikogura.com/blog/database-design/https://nikogura.com/blog/database-design/There is no such thing as a "highly resilient database" in the abstract. The right answer starts with understanding the problem — the data, the product, the failure modes, the regulatory environment — not a product name.Sat, 07 Mar 2026 00:00:00 GMThttps://nikogura.com/blog/security-is-infrastructure/https://nikogura.com/blog/security-is-infrastructure/Security and infrastructure are not two disciplines that happen to overlap. They are one discipline that companies have artificially separated because org charts demand clean boxes and job postings demand clean titles.Fri, 06 Mar 2026 00:00:00 GMThttps://nikogura.com/blog/metrics-logs-traces-events/https://nikogura.com/blog/metrics-logs-traces-events/Four observability signals that get thrown around interchangeably. Understanding what makes each one distinct and where they overlap determines whether your observability stack scales or collapses under its own weight.Thu, 05 Mar 2026 00:00:00 GMThttps://nikogura.com/blog/distributed-tracing/https://nikogura.com/blog/distributed-tracing/Distributed tracing captures the complete journey of a single request as it passes through multiple services, enabling latency analysis, error propagation tracking, and root cause analysis across complex architectures.Tue, 03 Mar 2026 00:00:00 GMThttps://nikogura.com/blog/prometheus-and-opentelemetry/https://nikogura.com/blog/prometheus-and-opentelemetry/OpenTelemetry does not replace Prometheus. They solve different problems, they are converging, and understanding the boundary between them will save you from expensive architectural mistakes.Tue, 03 Mar 2026 00:00:00 GMThttps://nikogura.com/blog/puppets-and-octopi/https://nikogura.com/blog/puppets-and-octopi/Centralized, imperative orchestration requires centralized coordination, and centralized coordination is a bottleneck that doesn't scale. Distributed, declarative convergence pushes intelligence to the edges.Tue, 03 Mar 2026 00:00:00 GMThttps://nikogura.com/blog/the-best-dog-trainer/https://nikogura.com/blog/the-best-dog-trainer/When something has been failing for a while despite competent people working on it, the problem is almost certainly not competence. Before you optimize, ask yourself whether you are training a dog or a cat.Tue, 03 Mar 2026 00:00:00 GMThttps://nikogura.com/blog/flux-vs-argo/https://nikogura.com/blog/flux-vs-argo/A deep comparison of the architectural differences between FluxCD and ArgoCD for experienced Kubernetes platform engineers, covering CRD design, state management, controller models, and where each tool wins.Sat, 28 Feb 2026 00:00:00 GMThttps://nikogura.com/blog/gitops/https://nikogura.com/blog/gitops/GitOps is not just keeping YAML in git. It is a specific operational model where a controller in the cluster continuously reconciles actual state against desired state declared in a git repository, providing audit trail, reproducibility, drift correction, and safe rollback.Sat, 28 Feb 2026 00:00:00 GMThttps://nikogura.com/blog/github-actions-reference/https://nikogura.com/blog/github-actions-reference/A reference implementation for GitHub Actions CI/CD pipelines covering automated testing, linting with golangci-lint and namedreturns, semantic versioning, automatic releases, and caching strategies.Tue, 13 Jan 2026 00:00:00 GMThttps://nikogura.com/blog/kubernetes-shell-functions/https://nikogura.com/blog/kubernetes-shell-functions/A collection of useful shell functions and aliases for Kubernetes debugging and daily operations, from context switching to JWT decoding to Prometheus config extraction.Mon, 29 Dec 2025 00:00:00 GMThttps://nikogura.com/blog/engineering-standards/https://nikogura.com/blog/engineering-standards/Security, reliability, and compliance are non-negotiable. A comprehensive guide to Golang coding standards, testing practices, infrastructure patterns, observability, and the philosophy of craftsmanship in software engineering.Fri, 05 Dec 2025 00:00:00 GMThttps://nikogura.com/blog/talos-aws-oidc/https://nikogura.com/blog/talos-aws-oidc/How to provision Kubernetes clusters on Talos Linux with OIDC-based AWS IRSA integration using Terraform, enabling cross-cloud workloads that authenticate to AWS services without static credentials.Thu, 30 May 2024 00:00:00 GMThttps://nikogura.com/blog/fitfo/https://nikogura.com/blog/fitfo/A reflection on how learning to program as a small business owner built the FITFO skill -- the ability to figure things out from scratch -- which became the foundation of a DevOps career.Tue, 19 Jul 2022 00:00:00 GMThttps://nikogura.com/blog/golang-design-tips/https://nikogura.com/blog/golang-design-tips/Many of Golang's unwritten rules can be summed up by the Go Proverbs. Here are practical extensions and recommendations for writing idiomatic, maintainable Go code.Wed, 17 Mar 2021 00:00:00 GMThttps://nikogura.com/blog/terraform-rolling-window/https://nikogura.com/blog/terraform-rolling-window/A Terraform pattern for automatically selecting the newest AMI that is at least two weeks old, enabling a rolling window approach to AMI updates that avoids deploying untested images to production.Mon, 08 Feb 2021 00:00:00 GMThttps://nikogura.com/blog/documentation/https://nikogura.com/blog/documentation/Documentation is like pizza -- when it is good, it is really good, and when it is bad, it is still pizza. A perfect documentation system makes it more likely that docs will be written and maintained than not.Tue, 22 Dec 2020 00:00:00 GMThttps://nikogura.com/blog/vault-operator/https://nikogura.com/blog/vault-operator/Operational notes on running the Vault Operator in Kubernetes, covering CRD configuration, secrets management, authentication testing, and Cert Manager integration.Wed, 21 Oct 2020 00:00:00 GMThttps://nikogura.com/blog/coding-standards/https://nikogura.com/blog/coding-standards/This is about design philosophy and how to approach your work. Every line of code should be to a standard you would be proud to publish under your own name, because git is forever.Fri, 17 Jul 2020 00:00:00 GMThttps://nikogura.com/blog/tdd/https://nikogura.com/blog/tdd/TDD is not just about writing tests before code -- it is about alternating between tests and code so that you write code in discrete, testable units and capture every insight as an automated check that lives in your codebase forever.Fri, 17 Jul 2020 00:00:00 GMThttps://nikogura.com/blog/managed-secrets/https://nikogura.com/blog/managed-secrets/Secrets management is an important job, but it sucks. A look at why UX is the key to a successful secrets system, and how Managed Secrets provides a YAML interface to your secret storage backend.Thu, 07 May 2020 00:00:00 GMThttps://nikogura.com/blog/circleci-maven/https://nikogura.com/blog/circleci-maven/A trick for using CircleCI 1.x build artifacts as a Maven repository by fetching dependency artifacts and installing them into the local Maven cache.Sat, 09 Dec 2017 00:00:00 GMThttps://nikogura.com/blog/dbt-dynamic-binary-toolkit/https://nikogura.com/blog/dbt-dynamic-binary-toolkit/A system for building self-updating command-line tools that automatically download, verify, and replace themselves with the latest version using checksums and GPG signatures.Sat, 09 Dec 2017 00:00:00 GMThttps://nikogura.com/blog/access-and-identity-made-easy/https://nikogura.com/blog/access-and-identity-made-easy/A hands-on guide to spinning up an n-way multi-master LDAP directory for centralized access and identity management, covering server setup, replication, ACLs, and schema configuration.Sat, 09 Dec 2017 00:00:00 GMThttps://nikogura.com/blog/local-env/https://nikogura.com/blog/local-env/A simple trick to link your IDE terminal with your project's virtual environment, so command-line tools automatically use the same Python and libraries as your IDE.Sat, 09 Dec 2017 00:00:00 GMThttps://nikogura.com/blog/openstack-liberty-installer/https://nikogura.com/blog/openstack-liberty-installer/A single script that creates a full OpenStack Liberty cloud from nothing, demonstrating an infrastructure-as-code approach to cloud deployment.Sat, 09 Dec 2017 00:00:00 GMThttps://nikogura.com/blog/python-tips/https://nikogura.com/blog/python-tips/Potentially timesaving tips and tricks for Python development on MacOS, covering virtual environments, Homebrew setup, and IDE configuration with JetBrains tools.Sat, 09 Dec 2017 00:00:00 GMThttps://nikogura.com/blog/iam-beyond-aws/https://nikogura.com/blog/iam-beyond-aws/How I built a system to impersonate the AWS metadata service on developer laptops, providing passwordless, expiring STS credentials linked to user identities via SSH key authentication.Mon, 20 Nov 2017 00:00:00 GMT