Developer Friendly Blog

Ente: Self Host the Google Photos Alternative and Own Your Privacy

Meysam Azad — Mon, 29 Dec 2025 04:31:55 +0000

Ente: Self Host the Google Photos Alternative and Own Your Privacy

In the recent few years, I keep seeing people being more aware of their privacy and taking it into their own hands.

More and more solutions are emerging through the community that address the critical part of our society and personal life; privacy!

In this blog post, I will introduce you to Ente, the Google Photos alternative.

You will see the codes required to deploy the server into a Kubernetes setup and host the frontend using GitHub Pages.

Stick around till the end if that's your cup of tea.

Migration From Promtail to Alloy: The What, the Why, and the How

Meysam Azad — Wed, 17 Dec 2025 04:08:35 +0000

Migration From Promtail to Alloy: The What, the Why, and the How

Promtail is (was) the lightweight log collector solution that sends the log over the HTTP to the remote backend. This remote backend is normally Loki but you can choose to send the logs to VictoriaLogs as well.

In this blog post, you will see the newer alternative to Promtail, Grafana Alloy. You will see what it is, why it's a good idea to migrate, and the how-to guide to make the jump with least friction.

Deploy Consul as OpenTofu Backend with Azure & Ansible

Meysam Azad — Mon, 14 Apr 2025 02:45:16 +0000

Deploy Consul as OpenTofu Backend with Azure & Ansible

In this blog post, we provide the necessary steps to setup a single-node standalone Consul server to be used as TF state backend.

In doing so, we aim to provide idempotent and reproducible codes using Tofu and Ansible, for the sake of disaster recovery as well as enabling team collaboration within version control system.

Deploy Static Sites to Azure CDN with GitHub Actions OIDC

Meysam Azad — Mon, 31 Mar 2025 04:18:06 +0000

Deploy Static Sites to Azure CDN with GitHub Actions OIDC

In this blog post you will learn how to authenticate and deploy your frontend code to Azure CDN, backed by Azure Blob Storage to deliver low-latency static website to your users.

The objective is to avoid hard-coded credentials and only employ OpenID Connect to establish trust relationship between the Identity Provider (GitHub) and the Service Provider (Azure).

Cloud-Native Secret Management: OIDC in K8s Explained

Meysam Azad — Sun, 23 Mar 2025 12:30:32 +0000

Cloud-Native Secret Management: OIDC in K8s Explained

External Secrets is the de-facto choice for secrets management in Kubernetes clusters. It simplifies the task of the administrator(s) of the cluster, ensuring only the secrets that are explicitly defined are present and accessible.

It comes with many great features but most important than all is its integration with major cloud providers.

In this blog post you will learn how to deploy it without hard-coded credentials and using only the power of OpenID Connect for trust relationship between services.

How to Set Up Preview Environments for Pull Requests

Meysam Azad — Mon, 17 Mar 2025 03:24:28 +0000

How to Set Up Preview Environments for Pull Requests

Have you ever been frustrated at long merge queues? Did you ever wish there was a better and faster way to get feedback on your code changes and approval from your team members?

You may have also been on the other side of the table, reviewing pull requests and wishing there was a better way to actually test the revisions before approving it; giving you a sense of what it would feel and look like if it were to merge.

Netlify and other frontend hosting services have spoiled us with the ability to spin up a live instance of the application for each pull request for static files. But what about backend applications? How can we achieve the same and deploy our backend for every new proposed change in pull requests?

In this blog post, we will explore how to set up preview environments for each pull request using GitHub Actions and Kubernetes. This guide includes spinning up the application as a live instance with an internet accessible URL to preview and verify the changes before they find their way into the main trunk.

How to Setup Preview Environments with FluxCD in Kubernetes

Meysam Azad — Mon, 10 Mar 2025 03:15:54 +0000

How to Setup Preview Environments with FluxCD in Kubernetes

Preview environment is where you see a live state of your changes from your pull request before being merged into the default branch. It gives you a look'n feel of what it would be like if you merged your changes.

Kubernetes on the other hand, is what powers the production setups. But that's not all it can do for you. I have spun up preview environments in Kubernetes with different technologies in the past.

And in this blog post, I will show you how to achive this using FluxCD Operator.

GitHub Actions Dynamic Matrix

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

GitHub Actions Dynamic Matrix

GitHub Actions is a powerful CI/CD tool that allows you to automate your software development workflow. It provides a wide range of features and capabilities.

One of the features that I found very useful is the ability to define a matrix strategy for your jobs. This allows you to run the same job with different parameters, such as different versions of a programming language.

However, there are times when you need to define the matrix dynamically based on the output of a previous job. For example, you may want to run a job for each directory if and only if the directory contains a specific file or has changed since the last commit.

In this post, I will show you how to define a dynamic strategy matrix in GitHub Actions using a real-world example.

GitOps Demystified: Introduction to FluxCD for Kubernetes

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

GitOps Demystified: Introduction to FluxCD for Kubernetes

Learn how to leverage your Git repository, the GitOps style, to manage your Kubernetes cluster with FluxCD. Enhance your delivery and reduce deployment frictions with GitOps.

Grant Kubernetes Pods Access to AWS Services Using OpenID Connect

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

Grant Kubernetes Pods Access to AWS Services Using OpenID Connect

Learn how to establish a trust relationship between a Kubernetes cluster and AWS IAM to grant cluster generated Service Account tokens access to AWS services using OIDC & without storing long-lived credentials.

External Secrets Operator: Fetching AWS SSM Parameters into Azure AKS

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

External Secrets Operator: Fetching AWS SSM Parameters into Azure AKS

How to pass your secrets to the Kubernetes cluster without hard-coding them into your source code or manually creating the Kubernetes Secret resource.

cert-manager: All-in-One Kubernetes TLS Certificate Manager

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

cert-manager: All-in-One Kubernetes TLS Certificate Manager

Kubernetes is a great orchestration tool for managing your applications and all its dependencies. However, it comes with an extensible architecture and with an unopinionated approach to many of the day-to-day operational tasks.

One of these tasks is the management of TLS certificates. This includes issuing as well as renewing certificates from a trusted Certificate Authority. This CA may be a public internet-facing application or an internal service that needs encrypted communication between parties.

In this post, we will introduce the industry de-facto tool of choice for managing certificates in Kubernetes: cert-manager. We will walk you through the installation of the operator, configuring the issuer(s), and receiving a TLS certificate as a Kubernetes Secret for the Ingress or Gateway of your application.

Finally, we will create the Gateway CRD and expose an application securely over HTTPS to the internet.

If that gets you excited, hop on and let's get started!

GitOps Continuous Deployment: FluxCD Advanced CRDs

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

GitOps Continuous Deployment: FluxCD Advanced CRDs

FluxCD is a powerful ecosystem of GitOps operators that can be enabled on-demand as per the requirement of your environment. It enables you to opt-in for the features you need and to disable the ones you don't.

As the complexity and requirement of your environment grows, so does the need for extra tooling to cover the implementation of the features you need.

FluxCD comes with more than just the support for Kustomization and HelmRelease. With FluxCD, you can also manage your Docker images as new versions get built. You can also get notified of the events that happen on your behalf by the FluxCD operators.

Stick till the end to see how you can take your Kubernetes cluster to the next level using advanced FluxCD CRDs.

Ory Kratos: Headless Authentication, Identity and User Management

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

Ory Kratos: Headless Authentication, Identity and User Management

Authentication flows are quite common in the modern day software development. What we want from one authentication has a lot of overlapping funcionality with what our other applications need. Even across different industries, you can still see the same patterns apply when it comes to Identity and User Management.

Ory Kratos solves all that user management under one umbrella of identity server, providing a clean headless API that you can ship your own UI with. It empowers you to customize the frontend, while preserving the ever-common backend that is backed by the robust SQL database.

In this blog post, we will cover the introduction and basics of Ory Kratos, as well as the steps and guides to write your integration client.

If you've always wanted to stop reinventing the wheel, reduce code duplication and to follow security best practices, then Ory Kratos and this blog post is for you!

Ory Oathkeeper: Identity and Access Proxy Server

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

Ory Oathkeeper: Identity and Access Proxy Server

Ory has a great ecosystem of products when it comes to authentication and authorization. Ory Oathkeeper is an stateless Identity and Access Proxy server.

It is capable of acting as a reverse-proxy as well as a decision maker and policy enforcer for other proxy servers.

In today's application development world, if you're operating on HTTP layer, Ory Oathkeeper has a lot to offer to you.

Stick around to find out how.

Unlocking the Power of VictoriaMetrics: A Prometheus Alternative

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

Unlocking the Power of VictoriaMetrics: A Prometheus Alternative

One of the main tasks of an operations team in any organization is to provide a solid and robust monitoring solution for the platform, the application, and the entire infrastructure.

Monitoring enables business owners to understand how their applications behave in a production setup, how to optimize it, and how to proactively fine-tune & forecast the future growth of the platform.

In this blog post, we will explore what Victoria Metrics has to offer, how to set it up and configure it to work as a drop-in replacement for Prometheus and a datastore for Grafana.

Ory Keto: Authorization and Access Control as a Service

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

Ory Keto: Authorization and Access Control as a Service

Internet has come a long way since its inception. The first few years might have been a new adventure for those building web applications, but in the modern day software development and in 2024, you rarely stop to question most of the common practices around the industry.

One of the most frequent requirement for any application is to have some sort of access control policy. The most used approach in today's world is the use of RBAC. It makes a lot of sense to treat a group of one or multiple identities of a system the same way and grant or deny them a specific set of permissions.

Ory Keto comes with all the batteries included. It provides a fearless authorization platform, friendly API for developers, and scalable stateless application.

If you're creating an application over HTTP these days, chances are, Ory Keto has a lot to offer you. Stick around till the end to find out how.

Supercharge Monorepo CI/CD: Unlock Selective Builds

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

Supercharge Monorepo CI/CD: Unlock Selective Builds

Monorepo is the practice of storing all your code in a single repository, which can be beneficial for code sharing, dependency management, and version control.

However, there is no free lunch! As your codebase grows, managing builds become unavoidably complex and time-consuming. This build time is billed on your organization and it can get quite costly.

In this blog post, we'll explore the challenges of building only changed applications in a monorepo and discuss strategies to optimize your workflow with selective builds.

If this gets you excited, let's dive in!

Azure Bastion Host: Secure Cloud Access Made Simple

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

Azure Bastion Host: Secure Cloud Access Made Simple

Discover how Azure Bastion can revolutionize your cloud security strategy. This comprehensive guide explains what a Bastion host is, why it's crucial for secure access to your Azure resources, and provides a step-by-step walkthrough for implementation.

You'll learn how to enhance your network security, simplify remote access, and automate Bastion deployment using tools like OpenTofu and Azure CLI. Dive in to unlock the full potential of secure, scalable cloud access for your organization.

How to Deploy NodeJS to AWS Lambda with OpenTofu & GitHub Actions

Meysam Azad — Mon, 03 Mar 2025 04:24:20 +0000

How to Deploy NodeJS to AWS Lambda with OpenTofu & GitHub Actions

If you're a software engineer in any tier, there's a good chance that you're already familiar with the language and syntax of JavaScript. It has a very low barrier for entry and that is one of its strongest suits and what makes it so widely adopted and popular.

In this article, you'll learn how to deploy a JavaScript application to AWS Lambda using the principles of GitOps and with the help of OpenTofu as the Infrastructure as Code and GitHub Actions for the CI/CD pipeline.

Stick till the end to find out how.