Skip to main content

Principles & Lessons Learned

The reasoning newcomers rarely see written down: least-privilege credentials, TLS at the edge, bastion-only access, capacity tradeoffs, and the mistakes made along the way.

Read this one even if you skip the rest

The other books are how. This one is why — the handful of principles that shaped every decision i...

Least privilege, everywhere

The single most repeated decision in this lab: give each thing the narrowest access that lets it ...

One edge, one door

Two things in this lab are deliberately funnelled through a single chokepoint each: All HTTPS te...

Capacity is just arithmetic (done early)

Every VM was sized by doing the math first, against the one resource that actually runs out here:...

Reproducible, disposable, observable

Three habits that show up in every corner of the lab: Reproducible. Every VM is a clone of one g...

The mistakes (the honest part)

The lab didn't go in a straight line. The detours taught the most, so here they are, plainly: Wo...

If you are new to this

A closing note, since teaching newcomers is half of why this lab exists. You don't learn infrastr...
Back to top