"Oh, and while you're at it — give it access to CloudSQL."
You made it work, great! Now let's make it work reliably and cost-efficiently.
Yushkov Blog
IT infrastructure · DevOps · Cloud
This is Mr. Cody
Mr. Cody from Interstate 60 kept a notebook for liars. 'Everyone says' on LinkedIn is the same lie — no data, just hype.
Prometheus is free. Until you actually count.
Real production cluster: monitoring alone takes 20+ pods and 9.5 GB RAM. What 'free' Prometheus actually costs in resources, time, and attention.
How to break your HA monitoring with a single dashboard
When HA monitoring isn't enough: how a botnet, cardinality explosion, and one Grafana dashboard took down a Thanos cluster replica by replica.
S3 is cheap. Until you want to leave.
Migrating off S3 may never pay off.
"Prod is down" is not a task. It's the beginning of a conversation.
When "prod is down" lands in your chat — the first question isn't what to check. It's which prod. And why assuming AWS is the wrong move.
You Don't Have Prod. You Have an MVP.
If your customer told you prod was down before your team did — you don't have production. You have an MVP.
DB is read-only, nothing works.
How a hardcoded Helm value triggered an infinite exception loop that filled the disk and took down a managed OVH database. There was a backup. Lucky.
They need Kubernetes. That's not my opinion - I checked.
They need Kubernetes. That's not my opinion - I checked.
DataDog + CloudWatch: $7,000/Month Out of Habit
A company paid $7,000/month for two monitoring tools on AWS-only infrastructure. The reason: nobody had asked why in five years.
Bitnami Charts: 500 Lines Is Not a Bug
I criticized Bitnami Helm charts for being too complex — then wrote my own. Ten iterations later I hit 220 lines. Universality has a price.
I spent two hours doing it right. I was wrong.
2 hours building CodeBuild, Terraform, and VPC endpoints to fix a CircleCI timeout in AWS China. Then I ran the numbers. The simple fix was already there.
Kubernetes Upgrade: Two Weeks, One Person, the Whole Team's Rhythm
Kubernetes cluster node upgrades aren't a button. Drain, upgrade, uncordon — one node at a time. And all of it in one person's head.
System update available - familiar popup?
Updating infrastructure isn't a button.
Why DevOps Engineers Hate Updates
From MS Authenticator's giant font to Ubuntu dropping /usr/bin/python — updates break things. This isn't laziness. It's learned pain.
The Cheap DevOps Timer
When you agree to a low hourly rate, price determines attitude — in both directions. Here's the system I built to stay sane.
The Gluu Affair
The service went down. Monitoring was silent. The client messaged first. Found a ghost, twelve backup layers, and two bugs that had been cancelling each other out.
FinOps: do you actually need one?
When does a dedicated FinOps engineer actually pay off? The math, the authority trap, and what works when your cloud bill is under $500K/year.
Harmful Advice: Why You Don't Need Documentation
A Grigoriy Oster-style guide on how to make your colleagues' lives miserable - and ensure your own job security forever.
$2,000/Year Grafana Tax: A Real Story About Observability Costs on AWS
How a PM's preference for Grafana cost a startup $2,000/year - and why it still wasn't a failure.
ECS vs EKS: Why the "Industry Standard" Costs 30% of Your Team's Time
ECS vs EKS real cost breakdown: $73/month fixed EKS control plane plus 20-30% engineer time on maintenance vs. ECS that just works out of the box.
AWS App Runner's 120-Second Limit That Breaks Video Streaming
How App Runner's hard 120-second connection timeout broke our video streaming feature - and what to use instead: ECS Fargate or Cloud Run.
Your VPN is running. The certificate expired 3 months ago. You don't know.
A CA certificate on VPN servers expired quietly - no monitoring, no alerts. Here's how to check yours and set up expiration alerts before the incident.
Team of 8 people. 12 nearly identical files. Every change copied manually.
Copy-pasting Kubernetes configs caused a prod outage. Real comparison of Helm, Kustomize, and hybrid approach - deployment errors dropped 80%.
Ever had your entire app go down because you ran out of... connections?
Two real incidents where database connection limits silently killed production - and what connection pooling and monitoring would have prevented.
Built CI/CD. Docker right, builds fast. Prod broke 2 days later.
A :dev library version in production caused an outage 2 days after a perfect CI/CD setup. The case for automatic guardrails over correct configuration.
Ran the same API on AWS and GCP.
Same API, 15M requests/month: AWS Lambda $33 vs GCP Cloud Functions $16. Real cost breakdown and why architecture saves more than provider choice.
A colleague accidentally saw the LDAP admin password.
LDAP admin password committed to a git repo under a variable named PASSWORD. Why credentials end up in code and what actually breaks the cycle.
$17K/year Cloud Waste. They Wanted the Audit for Free.
Client had $17K/year in cloud waste — outdated pricing, idle nodes, zero autoscaling. They wanted fixes without an audit. Here's why that's a gamble.
Bitnami Moved MongoDB Images and Broke Thousands of Deployments
How Bitnami silently moved MongoDB images to bitnamilegacy overnight, causing mass ImagePullBackOff across Kubernetes clusters. Fix: mirror critical images to your own registry.
When Google Shut Down goo.gl: The Free Service Dependency Trap
Google shut down goo.gl in 2018 with no recovery path. 15 years in infra led to one rule: free for experiments, critical under your control.
I Found $50,000 in Cloud Waste Across Three Audits. Here's What Most Companies Miss.
Three real audits uncovered $50k in cloud waste through snapshot graveyards, zombie EC2, and IAM sprawl. Includes ROI framework to estimate your savings.
Every Day I Find Something New. Or a Variation of an Old Fuckup
How using :latest tag in Kubernetes cost us hours of dev downtime — twice. Two real incidents and why explicit versions matter in production manifests.
Your CI/CD pipeline is lying to you.
Push-based CI/CD says green while production drifts. Why ArgoCD's pull model catches what Jenkins misses — and who really controls your production.
Still paying $367/month for shared ALB in GCP?
Nginx-Ingress + Cert-Manager in GKE vs managed ALB: cost breakdown, trade-offs, and when to choose each. From $367/month to $40-55 for 20 services.
Paying for 20 Load Balancers in GCP for GKE? There's another way.
20 microservices in GKE, each with its own Load Balancer: $500-600/month. One Application LB with host-based routing cut the bill to $367 — a 40% saving.