mkdev
419 subscribers
861 photos
179 videos
1.14K links
Download Telegram
A lot has changed in cloud security. The basics have not.

AI workloads, Kubernetes platforms, multi-cloud setups, serverless services, and managed databases all add complexity. But the same core questions still decide whether your environment is reasonably secure:

Who has access? What data is sensitive? What is encrypted? What is logged? Who owns each security responsibility? How often are settings reviewed? What happens during an incident?

That is exactly what a good cloud security checklist should force you to answer.

We put together 7 essential steps for reducing cloud security risk, from data classification and IAM to monitoring, automated audits, and tested response plans.

If your cloud setup has grown faster than your security process, this is a good place to start.

https://mkdev.me/posts/cloud-security-checklist-7-essential-steps
Good infrastructure code should be like good application code: clear, tested, versioned and automatically deployed.

That’s the mindset behind mkdev’s Infrastructure as Code & GitOps consulting.

Check out the page and schedule a call: https://mkdev.me/b/consulting/iac
Prompt engineering is not security engineering.

This is one of the hardest lessons for product managers building with GenAI. A system prompt may look like a clean set of rules, but it is not the same as traditional application logic. It does not guarantee behavior. It is more like a very strongly worded suggestion to the model.

That matters when your AI feature is exposed to users. A customer-facing assistant might be told not to reveal sensitive data, not to generate illegal content, not to override company policies, and not to take dangerous actions. But malicious users can still try to bypass those instructions through jailbreaks or prompt injection attacks.

The business impact is not theoretical. A badly controlled AI system can create reputational damage, legal exposure, data leakage, or operational incidents. For PMs, that means AI features need proper boundaries beyond “we wrote a careful prompt.”

Good GenAI product management means asking: What can the model access? What actions can it trigger? What happens if the user tries to manipulate it? What checks exist outside the model itself?

We covered the practical risks product managers should understand in this article.

Read it here: https://mkdev.me/posts/genai-security-risks-for-product-managers-dd73bdc2-4f2e-4227-93b3-375da081d906
At small scale, microservices feel manageable.

At larger scale, every service needs to find other services, communicate securely, expose useful telemetry, support traffic shifting, and follow consistent authorization rules. Doing this separately in every application quickly becomes a mess.

That is where service mesh comes in. It gives platform teams a common layer for service-to-service communication, usually through a control plane and a data plane made of proxies.

Google Cloud’s Anthos Service Mesh, now Cloud Service Mesh, is one way to bring this model into GKE. It can simplify parts of the operational story, especially if you want managed mesh capabilities. But it also introduces important tradeoffs around sidecars, Envoy, Istio APIs, GKE Dataplane V2, eBPF, and Cilium.

The article is a good reminder that “managed” does not mean “you do not need to understand it”.

In 2026, service mesh is still powerful. It is also still something you should adopt deliberately.

https://mkdev.me/posts/is-google-cloud-anthos-service-mesh-a-mess
Infrastructure problems rarely announce themselves early. mkdev audits look into your cloud, Kubernetes and security setup, identify what needs improvement, and turn it into a practical action plan for your team. Check out the page and schedule a call: https://mkdev.me/b/audits
ClickOps is annoying when you have one project. It becomes dangerous when you have many.

That applies to OpenAI as much as it applies to AWS, Kubernetes or any other infrastructure platform. Once you have multiple teams, multiple projects, service accounts, API keys, limits and access rules, manual configuration becomes a source of inconsistency.

The Open Source Terraform Provider for OpenAI was built around that problem. It brings OpenAI administration into Terraform, so teams can manage resources in code instead of relying on screenshots, tribal knowledge and “who created this key?” conversations.

There is also a more experimental side: using OpenAI platform APIs inside Terraform workflows, including model responses and image generation, and even combining them with cloud providers like AWS.

It is a fun example, but the larger point is serious: GenAI platforms need the same engineering discipline as the rest of your infrastructure.

https://mkdev.me/posts/announcing-the-open-source-terraform-provider-for-openai
From DevOps and Cloud to AI: get the latest thoughts by Pablo and Kirill on all the news topics + a collection of personally curated interesting links, every other week in your Inbox! Subscribe to mkdev dispatch here: https://mkdev.me/categories/newsletter
Cloud cost optimization usually starts with quick wins: delete unused resources, rightsize oversized instances, clean up old snapshots, shut down non-production environments outside working hours, and add budget alerts.

But the bigger savings usually come later, when teams start treating cost as an architectural constraint.

That means choosing the right purchase model for steady workloads, using spot capacity where interruptions are acceptable, moving rarely accessed data to cheaper storage tiers, avoiding unnecessary cross-region traffic, and designing systems that scale with demand instead of running at peak capacity all the time.

The goal is not to spend as little as possible. The goal is to stop paying for waste while keeping reliability and performance where they need to be.

https://mkdev.me/posts/the-ultimate-guide-to-cloud-cost-optimization
Cloud projects don’t fail because AWS or GCP lack options. They fail because there are too many options, too many shortcuts and not enough clarity. mkdev helps teams design practical cloud solutions that fit their business. Check out the page and schedule a call: https://mkdev.me/b/consulting/public-cloud
A vector database can help your AI system understand “what the user means.” But your business probably also needs to know “which records are allowed,” “from which period,” “under which category,” and “according to which rules.”

That is why choosing a database for AI should not be a trend-driven decision. Vector databases, relational databases, NoSQL systems, and data warehouses all have their place. The difficult part is understanding where semantic search ends and structured retrieval begins.

The more serious the AI product, the more important this distinction becomes.

Before building another RAG prototype, it is worth asking whether the problem is actually semantic, structured, or a combination of both.

https://mkdev.me/posts/which-database-when-for-ai-are-vector-databases-all-you-need
Need practical cloud and AI knowledge?

mkdev webinars cover Google Cloud Run & Databases, AWS Load Balancer Controller 101, and Scaling AI Across Your Business.

Check them out and register here: https://mkdev.me/webinars
👍1
AWS Fargate is still one of the most practical ways to run containers on AWS when you want production infrastructure without managing EC2 instances, node groups, patching, or cluster capacity.

You still need to understand the pieces around it: ECR for the image, ECS task definitions for CPU, memory, ports and IAM roles, an Application Load Balancer for routing traffic, Route 53 or Cloud Map for service discovery, and CloudWatch for logs. Fargate removes server management, but it does not remove architecture.

This mkdev article walks through the full path using a simple Spring Boot application, from local build to a running ECS service behind a load balancer.

Useful if you want to understand what “serverless containers” actually means in AWS.

Read the article here: https://mkdev.me/posts/aws-fargate-101-run-production-applications-without-servers
Security audits should not end with a PDF nobody uses.

mkdev’s Kubernetes Security Audit combines interviews, hands-on cluster analysis and concrete recommendations, including backlog-ready user stories your team can actually act on.

Check out the page and schedule a call: https://mkdev.me/b/audits/kubernetes-security-audit
A lot of AI demos look impressive because they solve the easy part: getting a plausible answer from a small example.

The harder part comes later. How do you load the data reliably? How do you test the retrieval pipeline? How do you version the data? How do you handle access control, governance, and domain-specific terminology? How do you know that the system is still working next month, not just in today’s demo?

That is where the database choice starts to matter. A dedicated vector database may be excellent for fast experimentation, especially for pure semantic search. But if your company already has mature relational data, existing governance processes, and a team comfortable with SQL, jumping straight into a new vector database may create more complexity than value.

For many AI use cases, the best first step is not “add another database”. It is “look at what your current database can already do”.

That is less exciting than demo-ware, but much closer to production reality.

Read the article: https://mkdev.me/posts/which-database-when-for-ai-vector-and-relational-databases-in-practice
In this practical video, we deploy an HTTP-triggered Google Cloud Function using GitHub Actions instead of the UI or gcloud.

Push to main, run the pipeline, deploy the function, test it with curl.

Watch the video to see the full workflow: https://www.youtube.com/watch?v=B2VhvYZDXvM
🔥1
There is no universal winner between Terraform and Pulumi.

For many companies, Terraform is still the safer default. It is familiar, widely adopted, easy to hire for, and well suited for teams that want infrastructure described in a predictable declarative format.

Pulumi shines in a different situation: when your infrastructure logic becomes too awkward to express cleanly in HCL. If you need complex conditionals, loops, reusable abstractions or developer-style testing, using a real programming language can be a big advantage.

But that advantage only matters if the team maintaining the infrastructure is comfortable with that language. Otherwise, you may just move the complexity from HCL into Python or TypeScript.

That is the real decision: not “which tool is better?”, but “which tool matches the way this team actually works?”

We covered the trade-offs in this article: https://mkdev.me/posts/should-you-use-terraform-or-pulumi