Blog
What I learn, I write down. 57 articles.
ListObjects in Production: Caching, Pre-materialization, and BatchCheck
Why ListObjects becomes the bottleneck in OpenFGA, and how to address it: Redis caching, pre-materialized read models, BatchCheck, and invalidation strategies.
Deep Hierarchies, Inverse Queries, and the WHERE Problem
How to handle N-level hierarchies in OpenFGA, optimize ListObjects with fast/slow path, and implement Dynamic Data Masking as a complementary pattern.
Multi-tenancy with OpenFGA: Isolation Without Multiplying Complexity
Two strategies for multi-tenancy with OpenFGA: store-per-tenant and type-per-tenant. How to achieve structural isolation without scattering WHERE tenant_id everywhere.
OpenFGA + Keycloak: Bridging Identity and Permissions
How to integrate OpenFGA with Keycloak: user synchronization, JWT as the bridge, contextual tuples, and strategies for keeping identity and authorization aligned.
Micro-frontends in Vue 3 with Module Federation: Shell, Contract, and Independent Deploy
Module Federation in Vue 3 with Vite: shell/remote contract, singleton dependencies, and independent per-team deployments.
Seeing LINQ in Action: Tracing with OpenTelemetry and Grafana Tempo
Make LINQ pipeline execution visible with OpenTelemetry and Grafana Tempo. Extension methods for tracing stages, multiple enumeration, and explosive nesting on a live dashboard.
Zanzibar for Everyone: Authorization Models and the Tuple Approach
From RBAC to Zanzibar: how OpenFGA's tuple model works, the DSL for defining relationships, and the three fundamental questions of authorization.
What the Compiler Generates When You Write a Where() — State Machines, Iterators, and IL
Behind every .Where() lives a compiler-generated state machine. We explore extension methods, lambdas, yield return, and the Enumerable.Where specializations in .NET 8.
Keycloak Federation: Integrating Users from LDAP, Okta, Google, and Other Identity Providers
How Keycloak integrates external identities using two distinct mechanisms: User Federation for directories like LDAP/AD, and Identity Brokering for providers like Okta, Google, and other Keycloak instances.
Playwright: Page Object Model for Maintainable Tests
How to organize E2E tests with the Page Object Model: reusable classes, Playwright fixtures, composition with mocks, and refactoring guidance
Playwright: Network Mocking and API Interception for Reliable Tests
How to use page.route() to mock APIs, simulate errors, and test edge cases without depending on real services
Playwright: Mock Fixtures, HAR Replay, and Composition for Scalable Tests
How to scale network mocking with reusable fixtures, HAR replay, and composition of complex scenarios
Playwright: Authentication Testing with storageState and Keycloak
How to handle authentication in E2E tests: storageState to avoid repeated logins, multiple roles, session management, and composition with mocks
Playwright: Diagnosing and Fixing Flaky Tests
How to identify the root causes of flaky tests and fix them: Trace Viewer, strategic retry, anti-flaky patterns, and a diagnostic checklist
Playwright: Visual Regression Testing to Catch Invisible Bugs
How to use toHaveScreenshot() to catch visual bugs that functional tests miss: masking, mocked states, cross-browser testing, and CI configuration
Schema Registry with Apache Kafka: From Wild JSON to Avro with Apicurio
Migrating from schemaless JSON to Avro with Apicurio Registry: infrastructure, Node.js producer, Python consumer, schema evolution
Kafka Crash Recovery: Three Strategies for Three Types of State
Three recovery strategies for stateful Kafka consumers: full replay for idempotent state, checkpoint-and-skip for additive state, no recovery for stateless consumers.
Akka Is Dead, Long Live Pekko
A practical guide to migrating from Akka to Apache Pekko in production: complete checklist, real-world gotchas, and lessons from the field.
From Blocking Poll to Reactive Streams with Pekko Connectors Kafka
Refactoring from blocking actors to Source.queue and dedicated consumer threads: practical patterns with Pekko Streams and Kafka for telemetry systems
What Does LINQ Actually Cost? Real Benchmarks on .NET 8
Real benchmarks with BenchmarkDotNet on .NET 8: List vs HashSet, repeated scans vs GroupBy, LINQ allocations vs foreach, and the hidden cost of AsParallel on small collections.
Dependency Injection in Python: From Untestable Code to Clean Architecture
DI in Python without a framework, using Protocol and constructor injection, and when to reach for dependency-injector. From theory to refactoring 3 real Flask services.
Testable Flask microservices: application factory, DI, and zero sys.modules hacks
Three Flask services with module-level Kafka and MongoDB connections, refactored to application factory with dependency injection. From 228 lines of conftest to 148.
Your Flask service is untestable (and mocks aren't the problem)
88 tests, three Flask services, mutation score at 19%. The problem isn't in the mocking — it's in code that creates Kafka and MongoDB connections at import time.
Unit testing in Nuxt 3: 72 tests without mounting a single component
72 unit tests in Nuxt 3 covering only pure logic: Pinia stores, composables, API helpers. Zero added dependencies, zero mounted components.
4 LINQ Mistakes I Found in Production (And How They Cost 1000x)
Four common LINQ patterns that turn linear operations into quadratic ones. Analysis of real cases from a commercial fleet dispatch service on .NET 8.
3 Patterns (+1 Anti-Pattern) for Eliminating Duplication in Vue 3
Three Vue 3 patterns for eliminating duplication in enterprise SPAs, plus an anti-pattern on knowing when to stop
Keycloak Login: Authorization Code + PKCE in MockMart
Hands-on Authorization Code Flow with PKCE: Keycloak configuration, React frontend integration, and Express backend validation.
CI/CD Pipeline on Proxmox: Provisioning with OpenTofu and Deployment with Ansible via Semaphore
Architecture of a CI/CD pipeline that provisions VMs on Proxmox with OpenTofu and automates deployment with Ansible orchestrated by Semaphore
From EventBus to Pinia: Incremental State Migration in Vue 3
Practical patterns for replacing EventBus with Pinia in a Vue 3 project: cache with deduplication, selective persistence, and a hybrid migration approach
OpenLayers and Vue 3: Integration with Composables and TypeScript
Practical patterns for integrating OpenLayers into Vue 3 using shallowRef, typed composables, and lifecycle management
OpenTelemetry in Production: Data Routing for Compliance and Cost Control
Separate audit logs from technical logs using the OTel Collector routing connector. Demo, GDPR/SOC 2 compliance, and differentiated retention strategies.
Kubernetes Controllers: How the Heart of K8s Works
A guide to how Kubernetes controllers work, from the reconciliation loop to building a custom controller with controller-runtime
Keycloak: What It Is and Why You Should Use It
What Keycloak is, how delegated login works, and why a centralized Identity Provider makes your life easier.
From console.log to Grafana: Structured and Centralized Logging with Node.js
How to move from console.log to a structured, centralized logging system using Pino, OpenTelemetry, Loki, and Grafana on Node.js — in three incremental steps.
From E2E test failure to backend root cause: Playwright + OpenTelemetry
How to correlate Playwright E2E tests with OpenTelemetry traces to identify the guilty microservice when a test fails
Keycloak in Practice: 6 Real-World Integration Problems in an E-Commerce
6 concrete problems integrating Keycloak with Node.js microservices: issuer mismatch, missing audience validation, fragile service account detection, and M2M race conditions.
Fine-Grained Authorization with OPA and Keycloak: Separating Authentication from Authorization
How to integrate Open Policy Agent with Keycloak in an Express application to decouple authentication from authorization. Three concrete patterns: RBAC, deny list, and ownership.
Keycloak M2M: Authenticating Services Without a User
How to authenticate machine-to-machine calls between microservices with Keycloak Client Credentials. Setup, code, and common mistakes.
OpenTelemetry in Production: Tail Sampling and Retention
How to cut trace volume by 90% without losing visibility into errors. A practical guide with config templates and a runnable demo scenario.
PII Filtering in OpenTelemetry: Protecting Sensitive Data from Keycloak
How to instrument Keycloak and third-party services that handle sensitive data, reducing PII exposure through OTel Collector filtering. GDPR-compliant techniques.
Hands-On Distributed Tracing with OpenTelemetry and the LGTM Stack
A practical guide to distributed tracing with OpenTelemetry and the LGTM stack. Three real debug scenarios: silent failure, latency spike, fan-out.
Playwright Demo
In this article we'll see a brief introdution to playwright and how we can automatize our end-to-end tests
CAPI Part 5: Ubuntu on Proxmox - Image Builder and Deploy
Complete guide to deploying Kubernetes clusters on Proxmox using Ubuntu, Image Builder and Cluster API - From image creation to working cluster
From port-forward to Ingress: How to configure a professional local Kubernetes environment with NGINX
Complete guide to configuring an NGINX Ingress Controller on a local Kubernetes cluster (kind) to expose services in a stable and professional manner.
CAPI Part 1: From Chaos to Automation
Complete guide to deploying and managing Kubernetes clusters using Cluster API (CAPI) for infrastructure automation
CAPI Part 3: Talos Linux - The Operating System for Kubernetes
Complete guide to deploying and managing Kubernetes clusters using Cluster API (CAPI) for infrastructure automation
CAPI Part 2: Anatomy of Cluster API - Components and Mechanisms
Complete guide to deploying and managing Kubernetes clusters using Cluster API (CAPI) for infrastructure automation
CAPI Part 4: Practical Setup - Day 1 Operations
Complete guide to initial deployment of Kubernetes clusters using Cluster API (CAPI) - From Zero to Working Cluster
Kafka in Practice 1: Anatomy of an Event Stream
The foundations of Apache Kafka: partition internals, message keys, replication guarantees, and practical examples in Node.js and Python.
DevContainers: Your Portable and Reproducible Development Environment
We explore DevContainers, how they work, and why they are essential for modern development workflows, especially in distributed environments
Observability in Distributed Systems: From Monitoring to Understanding
Why metrics, logs, and traces are no longer enough. A paradigm shift to understand and master the complexity of modern systems.
The LGTM Stack and OpenTelemetry: Complete Observability for Your Distributed Systems
Explore the LGTM stack (Loki, Grafana, Tempo, Mimir) and discover how it integrates with OpenTelemetry for end-to-end observability of logs, metrics, and traces.
OpenTelemetry: Anatomy of Observability in Distributed Systems
Structure, operation and best practices of OpenTelemetry for end-to-end observability implementation in complex environments.
Introduction to performance analysis: from theory to practice
Theoretical and practical foundations of performance testing: from RED metrics to percentiles, a complete guide to get started
Self-Hosted n8n Deployment in Homelab
Personal automation with n8n deployment, configuration and integration in a home lab environment
Docker Internals: Namespaces and CGroups Explained
A deep dive into Docker's internal mechanisms and how container isolation actually works
Playwright in CI/CD: Sharding, Mobile Testing, and Agent-Driven Automation
How to integrate Playwright into your CI/CD pipeline with sharding, mobile emulation, and API testing for fast, reliable E2E suites ready for agent-driven automation