Allen Ziegenfus

Retrospectives: an opportunity for double-loop learning

Wed, 03 Jun 2026 00:00:00 +0000

Most of a team’s week is single-loop — execute the process, close the ticket. The retrospective is the one ritual that questions the process itself, and what quietly breaks when a team skips it.

What is code review actually for?

Wed, 03 Jun 2026 00:00:00 +0000

The mandatory, blocking PR gate is barely fifteen years old — and the research says review’s value diverges from its justification. What code review is actually for, and why most of its jobs are better served elsewhere.

StatefulSet vs Deployment for stateless-with-fragile-upgrade workloads

Thu, 28 May 2026 00:00:00 +0000

A decision record for a workload that’s operationally stateless but has a fragile single-instance upgrade: StatefulSet vs Deployment, with live operational evidence and the case for Deployment plus a startup lock.

When Go templates outgrow you: a typed-language alternative for Crossplane compositions

Sat, 23 May 2026 00:00:00 +0000

When Crossplane’s Go-template compositions outgrow you — no types, no tests, global scope — KCL offers a typed, testable alternative. The multi-step pipeline architecture, and the bugs only end-to-end validation catches.

Environment-stable table ownership: surviving cross-environment restore with IAM database auth

Sat, 16 May 2026 00:00:00 +0000

Cloud SQL IAM database auth breaks cross-environment restores because table ownership encodes a per-environment service account. Make ownership environment-independent by owning every table as cloudsqlsuperuser.

Stable vs. rewritten identity: cross-environment database restore in a stateful platform

Fri, 15 May 2026 00:00:00 +0000

When a platform bakes an environment-derived identity into its database on first boot, restoring across environments crash-loops on a mismatch. The fix is a product question: stabilize the identity, or rewrite it after restore?

Test your guardrails: policy-as-code that you actually verify

Mon, 11 May 2026 00:00:00 +0000

Policy-as-code that’s never tested usually fails open — it waves violations through and no one notices. How to test guardrails so they both deny when they must and pass when they must.

The admin stack that manages itself: bootstrapping a self-hosted IaC control plane

Tue, 05 May 2026 00:00:00 +0000

If your IaC orchestrator is itself configured as code, you need an admin stack that provisions every stack — including itself. The elegant pattern, and the two bootstrap problems no amount of declarative code removes.

When Terraform owns a shared resource as if it were dedicated

Mon, 04 May 2026 00:00:00 +0000

When a per-cluster Terraform module owns a project-global, shared resource, tearing down one cluster quietly breaks the others. Why resources with different lifecycles can’t share state — and the bootstrap-module fix.

Tearing down a managed-Kubernetes deployment without leaving a tail

Tue, 28 Apr 2026 00:00:00 +0000

A field guide to deleting a GKE or EKS deployment cleanly when the cluster, the in-cluster GitOps/Crossplane layer, and Terraform all disagree about who owns cleanup — orphans, deletion order, and the stuck cases.

Applying Terraform from CI is a stateful problem wearing a stateless tool

Sat, 25 Apr 2026 00:00:00 +0000

GitHub Actions is a near-perfect stateless task runner — and a poor fit for applying Terraform, which is stateful, collaborative, and approval-gated. The practical case, from running it both ways.

Structured JSON logging for a legacy Java app on Kubernetes — without forking the image

Wed, 22 Apr 2026 00:00:00 +0000

How to retrofit machine-parseable JSON logging onto a legacy Java app on Kubernetes — both log4j2 and Tomcat’s JUL — without forking the vendor image, as an opt-in, fail-open, cleanly revertible layer.

Use GKE Connect Gateway to protect your private control plane

Tue, 21 Apr 2026 00:00:00 +0000

Reach a private GKE cluster’s API server without a bastion or authorized-networks — using the GKE-native Connect Gateway, with GCP IAM outside the gateway and Kubernetes RBAC inside.

The Crossplane Object that synced green and changed nothing

Wed, 15 Apr 2026 00:00:00 +0000

Everything’s green — Argo CD Synced, Crossplane Ready — but the change never took effect. The trap where Crossplane management policies without Update meet Kubernetes immutability.

Why deleting an env var from your GitOps values doesn't remove it from the pod

Thu, 09 Apr 2026 00:00:00 +0000

You delete an env var from your Helm values, Argo CD reports Synced — and it’s still on the pod. Why strategic-merge-patch can’t remove list items, and the Server-Side Apply fix.

One GitHub App, two auth models: repo credentials, webhooks, and SSO for Argo CD

Fri, 20 Mar 2026 00:00:00 +0000

Argo CD needs three different things from GitHub — repo reads, webhook delivery, and human SSO. How a single GitHub App covers all three with short-lived installation tokens instead of a leak-prone PAT.

A clone-and-go installer: GCP Cloud Shell tutorials + Infrastructure Manager

Thu, 19 Mar 2026 00:00:00 +0000

Turning a many-step platform install — APIs, IAM, Terraform, state, secrets — into a browser-only, guided, clone-and-go onboarding with GCP Cloud Shell tutorials and Infrastructure Manager.

About

Mon, 01 Jan 0001 00:00:00 +0000

A software engineer whose career spans application development and, in recent years, cloud-native platform engineering. I build and operate Kubernetes platforms on GCP — Terraform, Argo CD, Helm, GitOps — and bring a long software-engineering background to the infrastructure underneath them. I work system-first and for low entropy: designing for the whole system’s behavior over time, and keeping it predictable, reversible, and self-evident to operate.

Selected experience

Senior Software Engineer · Liferay · 2025–present