https://elijahu.me/portfolio/categories/infrastructure-engineering/Infrastructure & Cloud Engineering portfolio by Elijah Udom (elijahu) — AWS, Kubernetes, eBPF Security, AI/ML Infrastructure, and Platform Engineering projects.Hugo -- gohugo.ioenThu, 30 Apr 2026 00:00:00 +0000https://elijahu.me/portfolio/projects/triforge/Thu, 30 Apr 2026 00:00:00 +0000https://elijahu.me/portfolio/projects/triforge/[!WARNING] The AWS SageMaker instance backing this demo has been intentionally shut down to control infrastructure costs. As a result, some endpoints may return 500 errors or fail to respond. The case study, architecture, infrastructure code, and deployment workflow remain fully valid. “I was done with ClickOps. I wanted infrastructure I could rebuild, version, and trust.” Live Demo: chat.elijahu.me | Code: git.new/triforge | Model: Helsinki-NLP/opus-mt-en-es The Problem I have used the AWS console.https://elijahu.me/portfolio/projects/kodekloud-days-9-12/Wed, 17 Dec 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/kodekloud-days-9-12/“Every K8s node is a Linux host. Every database that won’t start has a reason in the logs. Every ’no route to host’ is a firewall issue until proven otherwise.” Context: This series is a deliberate return to Linux fundamentals before going deeper into kernel-level work — CentOS, MariaDB, SELinux, Ansible. The stuff that runs silently under every K8s cluster and eBPF probe. Owning it isn’t optional. Four problems this week: a MariaDB instance that wouldn’t start due to a corrupted data directory, a backup automation task requiring passwordless SSH, a Tomcat WAR deployment with a custom port, and a two-layer port conflict that required both evicting a rogue Sendmail process and adding an iptables rule before Apache was reachable.https://elijahu.me/portfolio/projects/kodekloud-days-5-8/Tue, 16 Dec 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/kodekloud-days-5-8/“Before going deeper into kernel-level work, I went back to Linux fundamentals. This is what runs under every K8s cluster and eBPF probe — owning it isn’t optional.” This series is a deliberate return to Linux fundamentals before going deeper into kernel-level work — CentOS, SELinux, Ansible, SSH. The stuff that runs silently under every K8s cluster and eBPF probe. Owning it isn’t optional. Four problems this week: SELinux configuration on a RHEL-based system, cron job automation, passwordless SSH across multiple servers, and Ansible version management for global availability.https://elijahu.me/portfolio/projects/kodekloud-days-1-4/Mon, 15 Dec 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/kodekloud-days-1-4/“Before going deeper into kernel-level work, I went back to Linux fundamentals. This is what runs under every K8s cluster and eBPF probe — owning it isn’t optional.” This series is a deliberate return to Linux fundamentals before going deeper into kernel-level work — CentOS, user management, SSH hardening, permissions. The stuff that runs silently under every K8s cluster and eBPF probe. Owning it isn’t optional. Four problems this week: non-interactive user creation, temporary account expiry, disabling root SSH across multiple servers, and file permission management.https://elijahu.me/portfolio/projects/hardened-web-server/Sat, 03 May 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/hardened-web-server/“Default configs aren’t secure. They’re defaults — built for compatibility, not production. Running SSL Labs against a stock Nginx install and getting a B or F isn’t a surprise. It’s the expected result.” This is a full hardening walkthrough for a LEMP stack on Ubuntu 22.04 — Nginx TLS configuration, PHP-FPM lockdown, MySQL least-privilege setup, firewall, Fail2Ban, and what the actual path to A+ on SSL Labs looks like. Not the happy path.https://elijahu.me/portfolio/projects/cicd-container-orch/Fri, 11 Apr 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/cicd-container-orch/“A deployment pipeline that requires a human in the loop for every push isn’t a pipeline — it’s a bottleneck with extra steps.” This is a full walkthrough of taking a Flask application from local development to production on AWS using Docker, ECR, ECS, and GitHub Actions — with secrets handled properly from the start, not bolted on as an afterthought. Pipeline flow: local development → GitHub Actions → ECR → ECShttps://elijahu.me/portfolio/projects/ebpf-container-security/Wed, 19 Mar 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/ebpf-container-security/“Monitoring containers without eBPF is whack-a-mole blindfolded.” What started as a straightforward container security tool became a weeks-long exercise in kernel panics, parent process deception, and eBPF’s complete lack of forgiveness for sloppy code. This is the honest account of what it took to get it working. Understanding the Fundamentals The Kernel The kernel controls everything — memory, devices, security. Every system call your containerized application makes passes through it.https://elijahu.me/portfolio/projects/aws-security-auditor/Thu, 06 Mar 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/aws-security-auditor/“Manually checking security groups across multiple AWS accounts is how breaches happen. You miss things. You always miss things.” Manual security group reviews feel fine at one account. At ten, you’re genuinely flying blind — too many rules, too much context to hold in your head, no audit trail. I built this CLI tool to close that gap. This is the breakdown: what I built, the failure modes I hit, and what the production version actually looks like.https://elijahu.me/portfolio/projects/orchestration-guide/Sat, 01 Mar 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/orchestration-guide/“Manual deployments are technical debt with compound interest. Every time you run kubectl apply by hand you’re borrowing against future reliability.” This is a full breakdown of a push-to-deploy GitOps pipeline on Kubernetes — Flask webhook orchestration server, isolated test namespace with resource quotas, RBAC scoped to minimum permissions, network policy isolation between test and production, and blue-green deployment with automated rollback. Built because the manual process was unsustainable, documented because the failure modes are worth knowing.https://elijahu.me/portfolio/projects/gitea-ec2-guide/Sun, 23 Feb 2025 00:00:00 +0000https://elijahu.me/portfolio/projects/gitea-ec2-guide/“GitHub is fine until you’re rate-limited at 11 PM pushing a large repo before a deadline. That’s when you decide to build your own.” This is a full breakdown of running Gitea on AWS EC2 — not a happy-path tutorial, but the actual build including every error I hit and how I resolved it. Architecture, configuration, the 502 debugging session, backup automation, and what three months of running this in production looks like.