[{"title":"Gardener on Cleura","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/gardener/","section":"public-notes","subsection":"kubernetes","tags":["gardener","kubernetes","cleura","openstack","networking","gateway-api","envoy","tcp"],"summary":"Gardener is a Kubernetes-as-a-Service framework that runs on Kubernetes and manages the lifecycle of other clusters declaratively. Rather than managing control …"},{"title":"Policy as Code — Overview","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/policy-as-code/overview/","section":"public-notes","subsection":"policy-as-code","tags":["policy-as-code","opa","rego","kyverno","conftest","platform-engineering"],"summary":"Encoding compliance, security, and operational rules as version-controlled, testable code — evaluated at the point where things are created or changed rather …"},{"title":"Backstage","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/backstage/","section":"public-notes","subsection":"frameworks-tools","tags":["backstage","developer-portal","idp","platform-engineering","cncf"],"summary":"Backstage is an open-source framework for building Internal Developer Portals (IDPs). Created by Spotify, donated to the CNCF in 2022. The core idea: instead of …"},{"title":"Conftest","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/policy-as-code/conftest/","section":"public-notes","subsection":"policy-as-code","tags":["conftest","opa","rego","policy-as-code","cicd"],"summary":"Conftest is a CLI tool that runs OPA policies against structured config files — Kubernetes manifests, Terraform plans, Helm output, Dockerfiles, GitHub Actions …"},{"title":"IaC Scanning","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/policy-as-code/iac-scanning/","section":"public-notes","subsection":"policy-as-code","tags":["checkov","trivy","tfsec","policy-as-code","security","infra-as-code"],"summary":"Static analysis for infrastructure code. Scan Terraform, Helm, Kubernetes manifests, Dockerfiles, and CloudFormation before they are applied. The goal is …"},{"title":"Kubernetes Policy","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/policy-as-code/kubernetes-policy/","section":"public-notes","subsection":"policy-as-code","tags":["kubernetes","policy-as-code","kyverno","gatekeeper","opa","cel","admission-control"],"summary":"Kubernetes has three distinct policy enforcement mechanisms. They sit at the same point in the request lifecycle — the admission controller — but differ in …"},{"title":"OPA \u0026 Rego","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/policy-as-code/opa/","section":"public-notes","subsection":"policy-as-code","tags":["opa","rego","policy-as-code","cncf"],"summary":"OPA (Open Policy Agent) is a general-purpose policy engine. It takes structured input (JSON), evaluates it against a policy written in Rego, and returns a …"},{"title":"Document Tools — Pandoc, LaTeX, Typst, AsciiDoc, Sphinx","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/docs-as-code/adjacent/","section":"public-notes","subsection":"docs-as-code","tags":["pandoc","latex","typst","asciidoc","sphinx","docs-as-code"],"summary":"Tools adjacent to the Markdown/Hugo docs-as-code workflow — format conversion, typesetting, heavier markup languages, and documentation generators.\nPandoc The …"},{"title":"Notes — Mindmap","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/mindmap/","section":"public-notes","subsection":"mindmap","tags":[],"summary":"Every note as a node, connected to others via shared tags and section. Click a node to highlight its connections. Drag to rearrange. Scroll to zoom.\nNotes Whole …"},{"title":"Notes — Word Cloud","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/wordcloud/","section":"public-notes","subsection":"wordcloud","tags":[],"summary":"Sections and tags sized by how many notes they cover. Coloured by section. Click a word to search for it.\nNotes Whole site Words sized by number of pages. Click …"},{"title":"Obsidian","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/dev-environment/obsidian/","section":"public-notes","subsection":"dev-environment","tags":["obsidian","markdown","pkm","notes","dev-environment"],"summary":"Obsidian is a local-first Markdown note-taking and knowledge management tool. Notes are plain .md files in a folder on disk — your vault. No proprietary format, …"},{"title":"Search Notes","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/search/","section":"public-notes","subsection":"search","tags":[],"summary":"Fuzzy search across all published notes. Results ranked by title, tags, and section.\nNotes Whole site "},{"title":"Site Navigation","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/docs-as-code/site-navigation/","section":"public-notes","subsection":"docs-as-code","tags":[],"summary":"Technical reference for the search, mindmap, and word cloud navigation on this site. The design approach is in Thinking: Site Navigation — Beyond the Menu. …"},{"title":"Build Systems — Ant, Maven, Gradle, Bazel","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cicd/build-systems/","section":"public-notes","subsection":"cicd","tags":["build-systems","maven","gradle","ant","bazel"],"summary":"The Java ecosystem has cycled through several generations of build tooling. Each generation solved real problems with the previous one and introduced new ones …"},{"title":"Configuration Management — Puppet, Chef, Salt","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/infra-as-code/config-management/","section":"public-notes","subsection":"infra-as-code","tags":["configuration-management","puppet","chef","salt","iac"],"summary":"Before Terraform, before Kubernetes, before immutable infrastructure — configuration management tools were how you kept servers in a known state. Puppet, Chef, …"},{"title":"Crossplane","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/infra-as-code/crossplane/","section":"public-notes","subsection":"infra-as-code","tags":["crossplane","kubernetes","iac","cloud-native","operator"],"summary":"Crossplane is Kubernetes-native infrastructure management. Where Terraform runs as a CLI tool that applies changes and exits, Crossplane runs as a controller …"},{"title":"Diagrams as Code — Mermaid and PlantUML","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/docs-as-code/diagrams/","section":"public-notes","subsection":"docs-as-code","tags":["mermaid","plantuml","diagrams","docs-as-code"],"summary":"Diagrams as code: describe a diagram in text, render it as an image. No drag-and-drop, no binary file that diffs as noise, no diagram that goes stale because …"},{"title":"Infrastructure Testing — Molecule, Test Kitchen, InSpec, Chainsaw","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/infra-as-code/infra-testing/","section":"public-notes","subsection":"infra-as-code","tags":["testing","ansible","molecule","inspec","iac"],"summary":"Infrastructure code needs testing like application code does. The tools here cover different layers: role testing, integration testing, compliance checking, and …"},{"title":"JVM Languages","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/languages/jvm/","section":"public-notes","subsection":"languages","tags":["jvm","java","kotlin","groovy","scala"],"summary":"JVM-hosted languages beyond Java. Each trades something to gain something, and each found a niche where the trade made sense.\nJava was enough. It still is. The …"},{"title":"Make — Task Runner Pattern","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cicd/make/","section":"public-notes","subsection":"cicd","tags":["make","build","automation","task-runner","cicd"],"summary":"Make predates most of the tooling in this notes collection by decades. Originally built to manage C compilation — track which source files changed, recompile …"},{"title":"Pulumi","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/infra-as-code/pulumi/","section":"public-notes","subsection":"infra-as-code","tags":["pulumi","iac","typescript","go","multi-cloud"],"summary":"Pulumi takes the same approach as AWS CDK — use a real programming language to define infrastructure — but without the CloudFormation layer underneath. Pulumi …"},{"title":"Rust","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/languages/rust/","section":"public-notes","subsection":"languages","tags":["rust","systems-programming","cli","wasm","performance"],"summary":"Systems language with memory safety guarantees without a garbage collector. The ownership and borrow checker model enforces at compile time what other languages …"},{"title":"SLSA — Supply-chain Levels for Software Artifacts","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cicd/slsa/","section":"public-notes","subsection":"cicd","tags":["slsa","supply-chain","security","provenance","cicd"],"summary":"SLSA (pronounced \u0026ldquo;salsa\u0026rdquo;) is a framework for securing the software supply chain. Developed by Google, now under the OpenSSF. The core question it …"},{"title":"Blender Python — Procedural Mesh for 3D Printing","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/blender-python/","section":"public-notes","subsection":"frameworks-tools","tags":["blender","python","3d-printing","parametric","stl"],"summary":"Write a Python script that builds geometry programmatically using Blender\u0026rsquo;s bpy API, then export as STL. No manual modelling — the script is the source of …"},{"title":"Dagger","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cicd/dagger/","section":"public-notes","subsection":"cicd","tags":["dagger","cicd","containers","go","pipelines"],"summary":"Your build script works on your laptop. It breaks in CI because a tool version differs. It breaks for a colleague because they\u0026rsquo;re on a different OS. …"},{"title":"Bastion / jump server","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/bastion/","section":"public-notes","subsection":"networking","tags":["ssh","bastion","jump-server","networking","security"],"summary":"A bastion host (jump server) is a single, hardened machine exposed to the outside that acts as the entry point into a private network. You SSH into the bastion, …"},{"title":"Dynamic DNS (DDNS)","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/ddns/","section":"public-notes","subsection":"networking","tags":["networking","ddns","dns","opnsense","homelab"],"summary":"Most home internet connections have a dynamic IP — the ISP can reassign it at any time. Dynamic DNS (DDNS) keeps a DNS hostname pointed at whatever IP you …"},{"title":"Firewall and router OS options","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/router-os/","section":"public-notes","subsection":"networking","tags":["networking","firewall","router","opnsense","pfsense","vyos","mikrotik"],"summary":"Options for running a software-defined firewall or router, from homelab appliances to full routing OS deployments.\nThe main split: appliance vs routing OS Most …"},{"title":"IPMI","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/hardware/out-of-band/ipmi/","section":"public-notes","subsection":"hardware","tags":["ipmi","bmc","out-of-band","bare-metal","homelab","hardware"],"summary":"IPMI (Intelligent Platform Management Interface) is a hardware-level management standard built into most server-class hardware. It runs on a dedicated processor …"},{"title":"Redfish","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/hardware/out-of-band/redfish/","section":"public-notes","subsection":"hardware","tags":["redfish","bmc","out-of-band","api","bare-metal","hardware"],"summary":"Redfish is a DMTF standard that defines a RESTful API for out-of-band server management. It replaces IPMI\u0026rsquo;s aging binary protocol with JSON over HTTPS — …"},{"title":"Tunneled reverse proxy platforms","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/tunneled-reverse-proxy/","section":"public-notes","subsection":"networking","tags":["networking","pangolin","ngrok","frp","reverse-proxy","tunneling"],"summary":"A step beyond raw tunnels. These platforms expose services running on a private network as public HTTPS URLs — no open ports, no public IP required. The key …"},{"title":"Tunnels — remote network access","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/tunnels/","section":"public-notes","subsection":"networking","tags":["networking","tailscale","wireguard","cloudflare","vpn","tunneling"],"summary":"Approaches for accessing a private network (home lab, office) from outside, when you don\u0026rsquo;t have a static public IP and may be behind NAT or CGNAT.\nFirst: …"},{"title":"AI Chat Tools","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/ai/ai-chat/","section":"public-notes","subsection":"ai","tags":["ai","llm","chatgpt","gemini","claude","perplexity"],"summary":"Browser-based chat interfaces to large language models. None of these require setup — open a tab and start typing. The differences are in what each is good at, …"},{"title":"AI Coding Assistants","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/ai/ai-coding/","section":"public-notes","subsection":"ai","tags":["ai","llm","claude-code","aider","pi","coding"],"summary":"CLI tools and agents that integrate into your development workflow rather than just answering questions in a browser tab. The difference from chat tools is that …"},{"title":"BGP","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/bgp/","section":"public-notes","subsection":"networking","tags":["bgp","networking","routing","metallb","kubernetes"],"summary":"BGP (Border Gateway Protocol) is the routing protocol that holds the internet together. Every major network operator uses it to advertise which IP prefixes they …"},{"title":"Ceph","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cloud-infrastructure/ceph/","section":"public-notes","subsection":"cloud-infrastructure","tags":["ceph","storage","distributed","kubernetes","block-storage","object-storage"],"summary":"Ceph is an open-source distributed storage platform providing object, block, and file storage in a single unified system. It runs across multiple nodes and has …"},{"title":"Ollama","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/ai/ollama/","section":"public-notes","subsection":"ai","tags":["ollama","llm","inference","local","serving"],"summary":"Ollama is a local LLM runner. Single binary, model library, REST API. The fastest path from zero to a running model on your own hardware.\nhttps://ollama.com/ …"},{"title":"OpenStack","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cloud-infrastructure/openstack/","section":"public-notes","subsection":"cloud-infrastructure","tags":["openstack","iaas","cloud","bare-metal","virtualization"],"summary":"OpenStack is an open-source IaaS platform — it turns a pool of bare-metal servers into a self-service cloud: virtual machines, block storage, networking, and …"},{"title":"OPNsense","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/opnsense/","section":"public-notes","subsection":"networking","tags":["opnsense","firewall","router","networking","freebsd"],"summary":"OPNsense is an open-source firewall and routing platform based on FreeBSD. It is a fork of pfSense, with a stronger emphasis on community ownership, a cleaner …"},{"title":"Proxmox VE","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cloud-infrastructure/proxmox/","section":"public-notes","subsection":"cloud-infrastructure","tags":["proxmox","virtualization","kvm","lxc","bare-metal","hypervisor","clustering"],"summary":"Proxmox VE (Virtual Environment) is an open-source Type 1 hypervisor built on Debian. It runs KVM for full virtual machines and LXC for lightweight containers, …"},{"title":"PXE Booting with OPNSense + iPXE","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/hardware/hardware-provisioning/ipxe-opnsense/","section":"public-notes","subsection":"hardware","tags":["pxe","ipxe","opnsense","tftp","talos","bare-metal"],"summary":"How to configure OPNSense as a PXE boot server using its built-in DHCP and TFTP services, and how to write an iPXE boot menu that can chainload Talos Linux (or …"},{"title":"Rook","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/rook/","section":"public-notes","subsection":"kubernetes","tags":["rook","ceph","storage","kubernetes","operator","csi","storage-class"],"summary":"Rook is a Kubernetes operator that deploys and manages storage systems — primarily Ceph — as native Kubernetes resources. The distinction: Ceph is the storage …"},{"title":"Slurm","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cloud-infrastructure/slurm/","section":"public-notes","subsection":"cloud-infrastructure","tags":["slurm","hpc","scheduler","bare-metal","ml","training"],"summary":"Slurm (Simple Linux Utility for Resource Management) is a workload manager and job scheduler. It originated in HPC but is now the standard scheduler for ML …"},{"title":"Talos Linux + Omni","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/talos/","section":"public-notes","subsection":"kubernetes","tags":["talos","omni","kubernetes","immutable","bare-metal"],"summary":"Talos Linux is an immutable, minimal operating system designed specifically for running Kubernetes. There is no shell, no SSH, no package manager. The entire OS …"},{"title":"vLLM","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/ai/vllm/","section":"public-notes","subsection":"ai","tags":["vllm","llm","inference","gpu","serving"],"summary":"vLLM is a high-throughput inference engine for large language models. It implements PagedAttention — a memory management technique that dramatically improves …"},{"title":"VyOS","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/networking/vyos/","section":"public-notes","subsection":"networking","tags":["vyos","networking","bgp","router","vm"],"summary":"VyOS is an open-source network operating system built on Debian Linux. It runs on bare metal or as a VM, and is configured via a CLI with a commit/rollback …"},{"title":"Terminal Multiplexers","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/dev-environment/terminal-multiplexers/","section":"public-notes","subsection":"dev-environment","tags":["terminal","multiplexer","cli","tools","tmux","zellij"],"summary":"This note explores the choice between Zellij and tmux for terminal multiplexing.\nWhy use a terminal multiplexer? Terminal multiplexers allow you to run multiple …"},{"title":"Terminal Setup Notes (macOS): Kitty → Ghostty Exploration","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/dev-environment/terminal/","section":"public-notes","subsection":"dev-environment","tags":["terminal","macos","cli","tools"],"summary":"I\u0026rsquo;ve been using kitty as my main terminal for a while. It\u0026rsquo;s fast, stable, and very capable — but I\u0026rsquo;ve realized I don\u0026rsquo;t actually enjoy …"},{"title":"Ansible","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/infra-as-code/ansible/","section":"public-notes","subsection":"infra-as-code","tags":["ansible","configuration-management","automation","iac","agentless"],"summary":"Ansible is an open-source automation tool for configuration management, application deployment, and orchestration. The key selling point: it\u0026rsquo;s agentless — …"},{"title":"Argo","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cicd/argo-project/","section":"public-notes","subsection":"cicd","tags":["argo","argocd","argo-workflows","argo-rollouts","argo-events","kargo","kubernetes","gitops"],"summary":"The Argo project is a suite of Kubernetes-native tools for running and managing workloads and deployments. Each tool solves a distinct problem and they compose …"},{"title":"ArgoCD","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cicd/argo-cd/","section":"public-notes","subsection":"cicd","tags":["argocd","gitops","kubernetes","cicd","deployment"],"summary":"\nYou deploy with kubectl apply from your laptop. It works. Then a colleague edits a deployment directly on the cluster to fix something urgent. Now what is …"},{"title":"AWS CDK","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/infra-as-code/cdk/","section":"public-notes","subsection":"infra-as-code","tags":["aws","cdk","iac","cloudformation","java"],"summary":"AWS CDK (Cloud Development Kit) lets you define infrastructure using real programming languages — Java, TypeScript, Python — rather than a DSL. You write code, …"},{"title":"Bash","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/languages/bash/","section":"public-notes","subsection":"languages","tags":["bash","shell","scripting","automation","cli"],"summary":"Bash is unavoidable in DevOps work — CI/CD pipelines, container entrypoints, system init scripts, and quick automation all end up as shell scripts eventually. …"},{"title":"CI/CD Platforms","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cicd/platforms/","section":"public-notes","subsection":"cicd","tags":["cicd","tekton","jenkins","harness","bitbucket","github-actions","argo","pipelines"],"summary":"There are many CI/CD platforms and the choice between them matters less than it appears. All of them are thin orchestration wrappers — trigger on a git event, …"},{"title":"Code Quality \u0026 Architecture Analysis","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/code-quality/","section":"public-notes","subsection":"frameworks-tools","tags":["sonarqube","structure101","code-quality","static-analysis","architecture","java"],"summary":"Static analysis catches bugs and code smells before they reach production. Architecture analysis catches structural decay before the codebase becomes …"},{"title":"Docker \u0026 OCI","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/docker/","section":"public-notes","subsection":"frameworks-tools","tags":["docker","containers","oci","kubernetes","devops"],"summary":"Docker packages applications and their dependencies into portable, reproducible units called containers. Unlike virtual machines, containers share the host …"},{"title":"Elasticsearch \u0026 Kibana","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/elk/","section":"public-notes","subsection":"frameworks-tools","tags":["elasticsearch","kibana","elk","search","observability","logging"],"summary":"Elasticsearch is a distributed search and analytics engine built on Apache Lucene. Kibana is its web UI for querying, visualising, and exploring the data stored …"},{"title":"etcd","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/etcd/","section":"public-notes","subsection":"kubernetes","tags":["etcd","kubernetes","distributed-systems","key-value","raft"],"summary":"etcd is the distributed key-value store that backs Kubernetes. Every Kubernetes object — pods, services, deployments, configmaps, secrets — is stored in etcd. …"},{"title":"Git","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cicd/git/","section":"public-notes","subsection":"cicd","tags":["git","version-control","workflow","branching"],"summary":"Git is the distributed version control system behind virtually all modern software development. Every clone is a full copy of the history — fast, local, and …"},{"title":"Gitea / Forgejo","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cicd/gitea/","section":"public-notes","subsection":"cicd","tags":["gitea","forgejo","git","self-hosted","version-control"],"summary":"Gogs came first — a self-hosted Git service, lightweight, single binary, runs anywhere. Think GitHub but on your own infrastructure. Simple to deploy, easy to …"},{"title":"GitHub Actions","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cicd/github/","section":"public-notes","subsection":"cicd","tags":["github-actions","cicd","pipelines","containers"],"summary":"For a small project or proof of concept, the cost of building a CI environment often exceeds the cost of the project itself. Spinning up a Tekton cluster, …"},{"title":"Go","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/languages/golang/","section":"public-notes","subsection":"languages","tags":["go","golang","backend","cli","concurrency"],"summary":"Go is my go-to language for backend services, CLI tools, and DevOps tooling. The standard library covers most of what you need, the compiler is fast, and the …"},{"title":"Grafana","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/observability/grafana/","section":"public-notes","subsection":"observability","tags":["grafana","observability","dashboards","metrics","prometheus"],"summary":"Prometheus shows you the spike. It tells you memory climbed at 14:32, error rate crossed 5% at 14:35, and latency hit 2 seconds at 14:37. But raw PromQL results …"},{"title":"Hugo","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/docs-as-code/hugo/","section":"public-notes","subsection":"docs-as-code","tags":["hugo","static-site","go","docs-as-code"],"summary":"Hugo is a static site generator written in Go. Content is Markdown, templates are Go HTML templates, and the output is plain HTML/CSS/JS — no server-side …"},{"title":"IntelliJ IDEA","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/idea/","section":"public-notes","subsection":"frameworks-tools","tags":["idea","intellij","jetbrains","ide","java","kotlin"],"summary":"IntelliJ IDEA is JetBrains\u0026rsquo; Java and Kotlin IDE. It has the deepest language understanding of any Java IDE — code completion that reasons about types …"},{"title":"Istio","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/istio/","section":"public-notes","subsection":"kubernetes","tags":["istio","service-mesh","kubernetes","envoy","mtls","observability"],"summary":"Istio is a service mesh for Kubernetes. It injects a sidecar proxy (Envoy) into every pod, and all traffic between pods flows through these proxies rather than …"},{"title":"Jaeger","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/observability/jaeger/","section":"public-notes","subsection":"observability","tags":["jaeger","tracing","observability","opentelemetry","distributed-tracing"],"summary":"Metrics tell you something is wrong. Logs tell you what happened on one service. Distributed tracing tells you what happened across all the services involved in …"},{"title":"Java","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/languages/java/","section":"public-notes","subsection":"languages","tags":["java","jvm","backend","spring-boot","microservices"],"summary":"Java is my primary language for backend services. Mature ecosystem, strong tooling, and frameworks like Spring Boot and Quarkus make it productive for building …"},{"title":"K9s \u0026 Lens","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/k9s/","section":"public-notes","subsection":"frameworks-tools","tags":["k9s","kubernetes","cli","terminal","devops"],"summary":"You run everything with kubectl. Get pods, describe, logs, exec, delete, apply — fifty times a day across five namespaces. It works, but every command is a …"},{"title":"Kubernetes","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/kubernetes/","section":"public-notes","subsection":"kubernetes","tags":["kubernetes","containers","orchestration","cloud-native","devops"],"summary":"Kubernetes (K8s) is the de facto standard for container orchestration and the second largest open source project after the Linux kernel. It has well and truly …"},{"title":"Kubernetes Autoscaling","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/k8s-autoscaling/","section":"public-notes","subsection":"kubernetes","tags":["kubernetes","karpenter","keda","autoscaling","scaling"],"summary":"Kubernetes has built-in autoscaling at two levels: the Horizontal Pod Autoscaler scales the number of pod replicas based on CPU or memory, and the Cluster …"},{"title":"KubeVirt","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/kubevirt/","section":"public-notes","subsection":"kubernetes","tags":["kubevirt","kubernetes","virtualization","kvm"],"summary":"See Virtualization — KVM and KubeVirt for full coverage of both KVM and KubeVirt.\n"},{"title":"Kyverno","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/kyverno/","section":"public-notes","subsection":"kubernetes","tags":["kyverno","kubernetes","policy","security","admission-control"],"summary":"Kyverno is a policy engine for Kubernetes. It runs as an admission controller and intercepts every resource creation or update, applying rules that validate, …"},{"title":"Linux Identity Management — FreeIPA and SSSD","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/security/linux-identity/","section":"public-notes","subsection":"security","tags":["freeipa","sssd","ldap","kerberos","identity","linux","security"],"summary":"Managing user accounts across many Linux machines by hand — creating the same user on every host, syncing passwords, maintaining sudo rules — breaks down fast. …"},{"title":"Local Kubernetes","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/local-kubernetes/","section":"public-notes","subsection":"kubernetes","tags":["kubernetes","k3s","k3d","kind","minikube","microk8s","local-dev"],"summary":"Running Kubernetes locally is useful for development, testing, and CI — a real cluster without the cloud bill. The options differ mainly in weight, startup …"},{"title":"Loki","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/observability/loki/","section":"public-notes","subsection":"observability","tags":["loki","logging","observability","kubernetes","grafana"],"summary":"Prometheus tells you that something is wrong and when it started. Loki tells you what happened — it is the log aggregation layer of the observability stack. …"},{"title":"LUKS — Linux Disk Encryption","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/security/luks/","section":"public-notes","subsection":"security","tags":["luks","encryption","linux","security","disk"],"summary":"LUKS (Linux Unified Key Setup) is the standard for full-disk encryption on Linux. It uses dm-crypt in the kernel to encrypt block devices transparently — the …"},{"title":"LVM — Logical Volume Manager","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/cloud-infrastructure/lvm/","section":"public-notes","subsection":"cloud-infrastructure","tags":["lvm","storage","linux","block-storage"],"summary":"LVM adds a virtualisation layer between physical disks and filesystems. Instead of formatting a disk partition directly, you assemble physical volumes into a …"},{"title":"Managing Secrets in Kubernetes","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/k8s-secrets/","section":"public-notes","subsection":"kubernetes","tags":["kubernetes","secrets","security","vault","external-secrets","csi"],"summary":"Kubernetes has a built-in Secret resource, but it is not a secrets management solution — it is base64-encoded storage with no encryption at rest by default and …"},{"title":"Markdown","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/docs-as-code/markdown/","section":"public-notes","subsection":"docs-as-code","tags":["markdown","docs-as-code","writing"],"summary":"Markdown is a lightweight markup language that converts to HTML. The syntax is designed to be readable as plain text — a # Heading looks like a heading even in …"},{"title":"Nexus Repository","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/nexus/","section":"public-notes","subsection":"frameworks-tools","tags":["nexus","artifacts","registry","maven","docker","npm"],"summary":"Sonatype Nexus Repository Manager is a universal artifact repository. It stores and serves build artifacts — Maven JARs, npm packages, Docker images, Helm …"},{"title":"NGINX","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/nginx/","section":"public-notes","subsection":"frameworks-tools","tags":["nginx","reverse-proxy","web-server","load-balancer","networking"],"summary":"\nNGINX is a high-performance web server and reverse proxy built around an event-driven, non-blocking architecture. Where Apache spawns a thread per connection, …"},{"title":"OpenShift Data Foundation","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/odf/","section":"public-notes","subsection":"kubernetes","tags":["odf","openshift","ceph","kubernetes","storage","rook"],"summary":"OpenShift Data Foundation (ODF) is Red Hat\u0026rsquo;s enterprise Kubernetes storage platform, built on Ceph orchestrated by Rook. Where Rook-Ceph is the open …"},{"title":"Prometheus","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/observability/prometheus/","section":"public-notes","subsection":"observability","tags":["prometheus","metrics","monitoring","alerting","observability"],"summary":"Something is wrong. Pods are restarting, latency is climbing, and a request that usually takes 50ms is now taking 2 seconds. You know something happened — users …"},{"title":"Python","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/languages/python/","section":"public-notes","subsection":"languages","tags":["python","scripting","automation","cli"],"summary":"Python is my scripting and automation language of choice. I reach for it when Bash starts getting unwieldy — data processing, API interactions, infrastructure …"},{"title":"Reloader","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/reloader/","section":"public-notes","subsection":"frameworks-tools","tags":["reloader","kubernetes","configmap","secrets","stakater"],"summary":"Reloader is a Kubernetes controller from Stakater that watches ConfigMaps and Secrets and automatically triggers rolling restarts of Deployments, StatefulSets, …"},{"title":"Reveal.js","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/docs-as-code/reveal/","section":"public-notes","subsection":"docs-as-code","tags":["reveal","hugo","presentations","docs-as-code","reveal.js","decktape"],"summary":"Reveal.js is a browser-based presentation framework. Slides are HTML rendered in a browser — transitions, speaker notes, code highlighting, nested slides, and a …"},{"title":"Security Scanning \u0026 Monitoring","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/security/security-scanning/","section":"public-notes","subsection":"security","tags":["security","clair","osquery","snort","scanning","ids","monitoring"],"summary":"Security tooling broadly splits into three concerns: what vulnerabilities exist in your software before it runs (image scanning), what is actually happening on …"},{"title":"SSH","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/security/ssh/","section":"public-notes","subsection":"security","tags":["ssh","security","remote-access","tunneling","authentication"],"summary":"SSH (Secure Shell) is the standard protocol for encrypted remote access to Linux and Unix systems. It replaced telnet and rsh by wrapping the session in a …"},{"title":"Terraform","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/infra-as-code/terraform/","section":"public-notes","subsection":"infra-as-code","tags":["terraform","iac","hcl","aws","state-management"],"summary":"Terraform is HashiCorp\u0026rsquo;s infrastructure-as-code tool: you declare what infrastructure you want in HCL (HashiCorp Configuration Language), and Terraform …"},{"title":"TLS Certificates — Let's Encrypt, Certbot, cert-manager","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/security/tls-certificates/","section":"public-notes","subsection":"security","tags":["tls","certificates","letsencrypt","certbot","cert-manager","security"],"summary":"TLS certificates prove that a server is who it claims to be and encrypt traffic in transit. Getting and renewing them used to mean manual requests to a CA, …"},{"title":"Velero","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/velero/","section":"public-notes","subsection":"kubernetes","tags":["velero","kubernetes","backup","disaster-recovery","migration"],"summary":"Velero backs up and restores Kubernetes clusters. It captures both Kubernetes resource definitions (deployments, services, configmaps, secrets, CRDs) and …"},{"title":"Virtualization — KVM and KubeVirt","url":"https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/virtualization/","section":"public-notes","subsection":"frameworks-tools","tags":["kvm","kubevirt","virtualization","linux","kubernetes","qemu"],"summary":"KVM is the Linux kernel\u0026rsquo;s native hypervisor. KubeVirt extends Kubernetes to run virtual machines using KVM under the hood. They are the same …"}]