Writings on software engineering

Most of a team’s week is single-loop — execute the process, close the ticket. The retrospective is the one ritual that questions the process itself, and what quietly breaks when a team skips it.

The mandatory, blocking PR gate is barely fifteen years old — and the research says review’s value diverges from its justification. What code review is actually for, and why most of its jobs are better served elsewhere.

A decision record for a workload that’s operationally stateless but has a fragile single-instance upgrade: StatefulSet vs Deployment, with live operational evidence and the case for Deployment plus a startup lock.

When Crossplane’s Go-template compositions outgrow you — no types, no tests, global scope — KCL offers a typed, testable alternative. The multi-step pipeline architecture, and the bugs only end-to-end validation catches.

Cloud SQL IAM database auth breaks cross-environment restores because table ownership encodes a per-environment service account. Make ownership environment-independent by owning every table as cloudsqlsuperuser.

When a platform bakes an environment-derived identity into its database on first boot, restoring across environments crash-loops on a mismatch. The fix is a product question: stabilize the identity, or rewrite it after restore?

Policy-as-code that’s never tested usually fails open — it waves violations through and no one notices. How to test guardrails so they both deny when they must and pass when they must.

If your IaC orchestrator is itself configured as code, you need an admin stack that provisions every stack — including itself. The elegant pattern, and the two bootstrap problems no amount of declarative code removes.

When a per-cluster Terraform module owns a project-global, shared resource, tearing down one cluster quietly breaks the others. Why resources with different lifecycles can’t share state — and the bootstrap-module fix.

A field guide to deleting a GKE or EKS deployment cleanly when the cluster, the in-cluster GitOps/Crossplane layer, and Terraform all disagree about who owns cleanup — orphans, deletion order, and the stuck cases.

GitHub Actions is a near-perfect stateless task runner — and a poor fit for applying Terraform, which is stateful, collaborative, and approval-gated. The practical case, from running it both ways.

How to retrofit machine-parseable JSON logging onto a legacy Java app on Kubernetes — both log4j2 and Tomcat’s JUL — without forking the vendor image, as an opt-in, fail-open, cleanly revertible layer.

Reach a private GKE cluster’s API server without a bastion or authorized-networks — using the GKE-native Connect Gateway, with GCP IAM outside the gateway and Kubernetes RBAC inside.

Everything’s green — Argo CD Synced, Crossplane Ready — but the change never took effect. The trap where Crossplane management policies without Update meet Kubernetes immutability.

You delete an env var from your Helm values, Argo CD reports Synced — and it’s still on the pod. Why strategic-merge-patch can’t remove list items, and the Server-Side Apply fix.

Argo CD needs three different things from GitHub — repo reads, webhook delivery, and human SSO. How a single GitHub App covers all three with short-lived installation tokens instead of a leak-prone PAT.

Turning a many-step platform install — APIs, IAM, Terraform, state, secrets — into a browser-only, guided, clone-and-go onboarding with GCP Cloud Shell tutorials and Infrastructure Manager.