I hate writing resumes in part for the same reasons I hate self-reviews. It can be really difficult to remember what I’ve done in the past. It’s easy to remember most of the big things like promotions, projects I loved, or hitting rough patches. But over time everything else tends to get rolled up into general feelings about how busy or productive or happy I was over some period. Especially if I’ve been busy.

The challenge is not forgetfulness. It is more like dilution. Sometimes I find it difficult to list the people I’ve worked with, the technologies I’ve used…

Today I integrated my origin border service with the Cloudflare Origin CA API to dynamically provision, rotate, and revoke service certificates. Now our border uses short-lived secrets without involving any human hands, or writing any certificates/keys to disk. Here is the project:

At Topple we use Cloudflare for secure DNS and TLS. Cloudflare terminates inbound TLS connections using certificates in the public trust. But it also uses TLS to secure connections to your backend services. You can configure connections from Cloudflare to your services to use mutually authenticated TLS. That lets your services authenticate inbound connections as originating from Cloudflare…

I work out of coffee shops. There is something wonderful about the simultaneous human proximity and loose coupling with my surroundings. I’m alone with my laptop without being alone. That is the sweet spot for my productivity. I hangout for hours, so as you might imagine I drink more than my share of coffee. I always buy coffee and I always tip. I’m not here to abuse the otherwise free space and wifi. I get a ton of value from these shops so being a good patron is the least I can do. …

I’ve heard and put into practice several strategies for “winning arguments” or influencing people over the years. Some of the best advice was the most simple: stop talking and listen. I’ve always felt like that was incomplete guidance.

I’m 36 years old. Like most people my age, I’ve “worked with” a variety of authority figures over the years: parents, teachers, managers, team leads, and similar roles. As you’d expect some of those people commanded more respect and were more effective leaders than others. …

Orchestration is the act of creating and managing the resources, workloads, configuration, and data in an environment or set of environments in support of business operations and production. Orchestration is traditionally performed by system operators or administrators, but in the last decade automated orchestration systems have become robust and increasingly autonomous over the last 4 years.

Automated orchestration systems — such as Kubernetes — provide high-level abstractions and languages for describing operations on (or the desired state of) those resources under orchestration. Those same systems facilitate well-defined subprocesses or workflows that require repeatability and consistency. …

by Jeff Nickoloff — Topple, August, 2018

I’ll be the first to say that I’ve been very critical of Kubernetes over the last few years. One of my jobs as a consultant and engineer is to represent the interests of technology adopters in reviewing and evaluating projects and products on technical merit. Lately, I’ve been reflecting on where Kubernetes fits in engineering stacks. Today I want to write about why I believe it will be a critical low-level platform for the entire next generation of operations tooling.

I don’t think Kubernetes is a service orchestration system or a resiliency platform…

Engineering and language are funny, because naming is hard. I’m going to pick on “Immutable Infrastructure” a bit. There is a huge difference between infrastructure that you cannot change, and infrastructure that you promise not to change. Outside of hardware I’m not sure I’ve ever seen “Immutable” infrastructure. When people talk about “Immutable Infrastructure” today they are talking about infrastructure that they are trying not to change.

Mutability is a neat property that sits at the core of a bunch of interesting engineering problems and even more philosophical questions about identity. For example, to what degree can something change before…

Docker’s multi-stage builds are a nice-to-have since so many other packaging workflows developed in their absence. But I thought I’d start introducing people to them with a few practical examples.

Anyone using a language capable of producing statically linked binaries has the opportunity to package based on “scratch” (the empty image). There are quite a few reasons to do this:

• avoid obscure licensing issues
• reduced attack surface
• explicit dependency management

However one constant pain is dealing with CA root certificates. Images based on an image like alpine can use built in package management to fetch updated CA certificates provided by…