Blog
Thoughts on engineering, design, and building great products.

From Messy Bank Statements to AI Insights in 48h: An AWS-Native AI Money Coach System Design
The real-world AWS architecture story behind BudgetBot, an AI Money Coach for Vietnamese users: upload a statement or payment screenshot and the AI auto-classifies transactions, computes budgets, and advises spending. Async pipeline, 4-level deduplication, ~$30/month cost optimization, and financial-data security.
The Lifecycle of a Request: From kubectl apply to a Running Pod
The previous smoke test showed the cluster runs; this article traces a single apply command through each component we built, in chronological order, to see how they hand off to one another. More important than the sequence of steps is the model behind it: there is no conductor giving orders, just many independent loops all looking at one source of truth and pulling reality toward the desired state.
controller-manager and scheduler: Control Loops and Leader Election
The two components that turn desired state into action: kube-controller-manager runs dozens of control loops, kube-scheduler picks the node for a pod. This article stands up both on three controllers, explains how the scheduler filters and scores nodes, then watches leader election work for real — three instances running, but only one doing the work.
kube-apiserver: The Cluster's Entry Point and the Request Pipeline
The component that sits right in front of etcd and is the cluster's single entry point. This article digs into the authn → authz → admission chain every request must pass through, then stands up kube-apiserver on all three controllers: connecting to etcd over TLS, enabling Secret encryption, and actually verifying a Secret is encrypted by reading the raw bytes in etcd.
etcd: Quorum, Raft, and Standing Up a Three-Node Cluster
The first control plane component, and the foundation for everything above it: etcd. This article explains what etcd stores, why it needs an odd number of nodes, and what quorum means via the Raft algorithm — then stands up a three-node etcd cluster on the controllers with TLS, and verifies the leader and cluster health.
Kubernetes Architecture, Up Close: Loops, Watches and the API Server
Going deeper than the familiar control plane / node diagram: where the control loop runs, how list-watch lets components coordinate without knowing each other, why everything goes through the api-server, and which stages a kubectl apply command passes through before the container runs.
Why Build Kubernetes by Hand, and What We're Going to Build
Series opener: 'from scratch' means creating every certificate by hand, bootstrapping every binary, wiring pod networking yourself — no kubeadm, no scripts. Why this long road makes Kubernetes click faster, how we'll stand up an HA cluster, then use it as a lab to deep-dive every Kubernetes concept.