https://sofianedjerbi.com/en/blog Technical articles about Cloud, Kubernetes, FinOps and DevOps by Sofiane Djerbi en Sun, 23 Nov 2025 02:58:28 GMT Custom RSS Generator https://sofianedjerbi.com/og-image.png https://sofianedjerbi.com/en/blog https://sofianedjerbi.com/en/blog/process-compose-no-containers https://sofianedjerbi.com/en/blog/process-compose-no-containers Databases in Podman, your code as processes. Best of both worlds, orchestrated cleanly. Sat, 22 Nov 2025 00:00:00 GMT DevOps contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/terragrunt-hierarchical-config https://sofianedjerbi.com/en/blog/terragrunt-hierarchical-config Root configs, account configs, environment configs. One value, defined once, available everywhere. No copy-paste. Fri, 21 Nov 2025 00:00:00 GMT IaC contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/talos-makes-kubernetes-boring https://sofianedjerbi.com/en/blog/talos-makes-kubernetes-boring SSH into Kubernetes nodes is an anti-pattern that causes security issues. Talos removes the temptation by eliminating SSH entirely. Thu, 20 Nov 2025 00:00:00 GMT DevOps contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/kubernetes-helm-complexity-myth https://sofianedjerbi.com/en/blog/kubernetes-helm-complexity-myth YAML is painful, but Helm charts deploy entire stacks in minutes. The alternative is worse. Wed, 19 Nov 2025 00:00:00 GMT DevOps contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/cloudflare-down-downdetector-irony https://sofianedjerbi.com/en/blog/cloudflare-down-downdetector-irony Cloudflare went down this morning. So did Downdetector. The site that tells you things are broken was broken because things were broken. Tue, 18 Nov 2025 00:00:00 GMT DevOps contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/homograph-attacks-fake-urls https://sofianedjerbi.com/en/blog/homograph-attacks-fake-urls Phishing sites have valid certificates and that's how it should be. Here's why universal HTTPS matters more than identity verification. Tue, 18 Nov 2025 00:00:00 GMT Security contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/programming-books-dont-teach https://sofianedjerbi.com/en/blog/programming-books-dont-teach Reading books about Kubernetes doesn't make you a Kubernetes engineer. Stop reading, open a terminal, and break things until you learn. Mon, 17 Nov 2025 00:00:00 GMT DevEx contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/devbox-dev-environments https://sofianedjerbi.com/en/blog/devbox-dev-environments Dev containers are slow, fragile, and lock you in a VM. Devbox gives you isolated environments that just work. Sun, 16 Nov 2025 00:00:00 GMT DevEx contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/how-i-train-for-certifications https://sofianedjerbi.com/en/blog/how-i-train-for-certifications Practice tests until the exam feels easy - that's my entire strategy. No courses, no bootcamps, just focused repetition that works. Wed, 12 Nov 2025 00:00:00 GMT Projects contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/infracost-terraform-cost-estimates https://sofianedjerbi.com/en/blog/infracost-terraform-cost-estimates Know what your Terraform changes cost before you apply them. No more surprise $10k bills. Mon, 03 Nov 2025 00:00:00 GMT FinOps contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/wild-infrastructure-kills-teams https://sofianedjerbi.com/en/blog/wild-infrastructure-kills-teams Resources created outside IaC, managed by hand, documented nowhere. It's faster until it isn't. Mon, 27 Oct 2025 00:00:00 GMT DevOps contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/cafe-cloud-community https://sofianedjerbi.com/en/blog/cafe-cloud-community DevOps engineers build the infrastructure that powers every app, but get zero credit. Café Cloud exists to change that and spotlight our work. Fri, 10 Oct 2025 00:00:00 GMT Projects contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/trivy-scan-docker-cves https://sofianedjerbi.com/en/blog/trivy-scan-docker-cves Trivy finds critical vulnerabilities in your Docker images, but almost nobody runs it in CI/CD. Here's how to integrate it properly. Wed, 01 Oct 2025 00:00:00 GMT DevEx contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/postgres-is-enough https://sofianedjerbi.com/en/blog/postgres-is-enough Postgres does queues, locks, and document storage. You don't need six services for 50 users. Mon, 15 Sep 2025 00:00:00 GMT DevEx contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/pulumi-vs-terraform https://sofianedjerbi.com/en/blog/pulumi-vs-terraform Years of Terraform HCL taught me that real programming languages beat DSLs. Pulumi proves it with TypeScript, Python, and Go support. Mon, 25 Aug 2025 00:00:00 GMT IaC contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/taskfile-project-automation https://sofianedjerbi.com/en/blog/taskfile-project-automation Task runner with built-in docs, descriptions, and YAML syntax. Simpler than Make, more powerful than shell scripts. Works everywhere. Wed, 20 Aug 2025 00:00:00 GMT DevEx contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/hetzner-ips-blocked-registry-k8s https://sofianedjerbi.com/en/blog/hetzner-ips-blocked-registry-k8s Google Cloud Armor blocks random Hetzner IPs from pulling Kubernetes images. Your cluster breaks and the error message won't help you. Sun, 30 Mar 2025 00:00:00 GMT DevOps contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/gcr-shutdown-artifact-registry https://sofianedjerbi.com/en/blog/gcr-shutdown-artifact-registry GCR shuts down March 18, 2025. Google forces everyone to Artifact Registry. Another product, another forced migration to the graveyard. Tue, 18 Mar 2025 00:00:00 GMT DevOps contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/terragrunt-terraform-modules https://sofianedjerbi.com/en/blog/terragrunt-terraform-modules Separate state files, no copy-paste, no re-running everything. Terragrunt fixes what Terraform doesn't want to. Wed, 15 Jan 2025 00:00:00 GMT IaC contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/sops-secrets-in-git https://sofianedjerbi.com/en/blog/sops-secrets-in-git Encrypted secrets in version control that actually work. Share API keys across your team without Vault or secret managers. Thu, 20 Jun 2024 00:00:00 GMT Security contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/helmfile-kubernetes-deployments https://sofianedjerbi.com/en/blog/helmfile-kubernetes-deployments Managing multiple Helm releases is messy. Helmfile fixes it with declarative configuration and real environments. Wed, 15 May 2024 00:00:00 GMT IaC contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/terraform-infrastructure-as-code https://sofianedjerbi.com/en/blog/terraform-infrastructure-as-code Stop clicking in the AWS console and copying resources manually. Write your infrastructure as code with Terraform and deploy it everywhere. Thu, 20 Apr 2023 00:00:00 GMT DevOps contact@sofianedjerbi.com (Sofiane Djerbi) https://sofianedjerbi.com/en/blog/docker-containers-explained https://sofianedjerbi.com/en/blog/docker-containers-explained Containers aren't VMs. Here's what they actually are, with analogies that make sense. Wed, 15 Jun 2022 00:00:00 GMT DevOps contact@sofianedjerbi.com (Sofiane Djerbi)