Jeff Durga — Platform, SRE, DevOps & AI Engineer

§ 01 · About

A brief introduction.

prose

I'm a Platform / SRE / DevOps / AI engineer based in Austin. My day job is keeping production clusters boring — the kind of boring where nobody pages you at 3 AM because someone else tuned the HPA six months ago. AWS-certified (SysOps, Developer, Solutions Architect Associate), Kubernetes-certified (KCNA), and working through the rest.

I have a specific love for cloud cost optimization — the big Reserved-Instance-shaped wins, but also the small stuff nobody looks at: idle NAT gateways, orphaned EBS snapshots, a CloudWatch log group nobody's read since 2022. Pennies compound.

Off-hours I run a six-node homelab (Beelink B-MAX Mini PCs, 3 control plane / 3 workers) and treat it like a tiny production environment. Full SDLC, GitOps, observability, the works. Everything lives behind Cloudflare and runs on a mix of Ubuntu / AlmaLinux / Alpine, depending on the job. I write about what I break and fix on jeffdurga.blog.

Also: part-time personal trainer (2 clients), avid 3D printer, and yes — a typical stock bro. Available for interesting problems, platform work, and long conversations about Falco rules.

$$$

Big wins

Right-sizing, Savings Plans & RIs, Graviton migrations, idle-resource sweeps, S3 tiering.

¢¢¢

Small wins

Orphaned EBS snapshots, lonely NAT gateways, forgotten log groups, EIPs nobody's using.

∑

Both matter

Pennies compound. A tidy account is a fast account is a cheap account.

§ 02 · Journey

From help desk to platform engineering.

timeline

Chapter 01 · Military

Help desk, in uniform.

U.S. Military · IT support

Where my IT career actually started. Tickets, imaging, phones that didn't work, the full menagerie. Learned that calm tone and good documentation fix more problems than any tool.

Chapter 02 · The ISP

Help desk → Systems Tech.

ISP · Customer infra

Started on the phones again, worked my way onto the Systems Tech team — selling and supporting managed firewalls and security services for business customers. First real exposure to production networks, VPNs, and what "on-call" actually means.

Chapter 03 · Sysadmin years

Linux & Windows, at the same time.

Systems Administrator

AD, Group Policy, patch Tuesdays — and bash scripts, cron, and package managers on the other monitor. Windows always felt too slow for the way I wanted to work. The CLI and I didn't get along at first — but after enough years of Ubuntu, we came to terms. Turns out I was the one being slow.

Chapter 04 · Today

Platform · SRE · DevOps · AI.

Kubernetes, AWS, Postgres, Cloudflare

The same curiosity that made help-desk tickets interesting still runs the show — just pointed at clusters, pipelines, and cost-optimization reports now. Everything upstream of that started at a ticket queue in a green uniform.

What I learned along the way: open source wins roughly 98% of the time. Take money out of the formula and the whole shape of the software changes — incentives, community, longevity, trust. It's the single biggest lesson of my career, and it's why my homelab looks the way it does.

§ 03 · Home lab

Six Beelinks in a closet.

inventory

Control plane · 01

bmax-cp-01

Beelink B-MAX Mini PC. etcd, kube-apiserver.

online · 142d uptime

10.0.1.11 · cp · talos v1.9

Control plane · 02

bmax-cp-02

Beelink B-MAX. etcd member, quorum partner.

online · 142d

10.0.1.12 · cp · talos v1.9

Control plane · 03

bmax-cp-03

Beelink B-MAX. Third etcd member, HA control plane.

online · 140d

10.0.1.13 · cp · talos v1.9

Worker · 01

bmax-w-01

Beelink B-MAX. Runs apps, Postgres, AI experiments.

online · 142d

10.0.1.21 · worker

Worker · 02

bmax-w-02

Beelink B-MAX. Observability — Prom, Grafana, Loki.

online · 140d

10.0.1.22 · worker

Worker · 03

bmax-w-03

Beelink B-MAX. CI, image builds, burst capacity.

online · 138d

10.0.1.23 · worker

Network

udm-pro

Edge. Site-to-site WireGuard, VLAN segmentation.

1 gbps up

10.0.0.1 · unifi os 4

Storage

ceph

NVMe across workers, replicated. Proper storage.

HEALTH_OK

rook-ceph · 2.1 TB avail

Platform

argocd

GitOps. Syncs from GitLab every 3 minutes.

synced · 0 drift

v2.13 · 14 apps

§ 04 · Projects

Things I've built.

001Homelab GitOps platformThe infra repo: ArgoCD App-of-Apps, CNPG, Prometheus/Loki/Alloy, OpenBao, MetalLB, ingress-nginx, cert-manager — all managed from one git tree.kubeadm · argocd · helm 002Websites Terraform moduleOne ALB + one ECS cluster serving N sites. Per-site TG, service, secret, log group — each new site adds ~$3/mo instead of ~$18. Cloudflare-proxy pattern, no CloudFront.terraform · aws · ecs 003Websites monorepoNext.js + Astro sites under one CI pipeline — this site is in there. GitLab CI → GitLab Registry → ECS Fargate, with homelab dev/staging via ArgoCD.nextjs · astro · gitlab-ci 004GymSync · CRM backendGym CRM built on Go + chi + pgx + Postgres. Auth via bcrypt+session cookies, AI-vision machine usage tracking on the roadmap.go · postgres · chi 005CloudNativePG · HA clusterPrimary + standby on different nodes, WAL backups to MinIO, scheduled basebackups. The data-plane everything else leans on.cnpg · postgres · minio

§ 05 · Postgres

In love with Postgres.

🐘 psql

Postgres is the quiet, over-engineered Swiss Army knife of databases. Every time I reach for another tool — a queue, a cache, a search engine, a vector store — I find out Postgres can already do it, and probably better.

One database to rule them all. No shade to the rest.

JSONBSchema-less docs with real indexes. MongoDB, but trustworthy.

pgvectorEmbeddings + ANN search. Your AI stack's database just got a lot smaller.

FTSFull-text search with tsvector. You probably don't need Elastic.

LISTEN/NOTIFYPub/sub, for free. Redis can sit this one out.

PostGISBest-in-class geospatial. Full stop.

Logical replicationCDC, zero-downtime migrations, fan-out. Chef's kiss.

CTEs & window fnsSQL that reads like prose. Analytics without leaving the DB.

Extensionspg_cron, pg_partman, TimescaleDB. A universe in one port.

What I love most: one database, many jobs. My homelab runs a single Postgres cluster that quietly powers half of everything else.

JSONB · Running

Flexible document storage

Config blobs, event payloads, anything that would've been a bad schema. Indexed, queryable, boring in the best way.

FTS · Running

Full-text search

Note search and app log search with tsvector + GIN. Never reached for Elastic, never missed it.

LISTEN/NOTIFY · Running

Java app testing fan-out

Hooked into my Java test harness for async event simulation — triggers fire, workers wake up, assertions pass. Zero extra infra.

Prometheus · Planned

Long-term metrics storage

Ship Prom metrics into Postgres (via promscale / TimescaleDB) so I stop losing history on restart. Queryable in SQL.

Grafana · Maybe

Backend / datasource

Possibly using Postgres as a Grafana datasource (and for Grafana's own backend DB). Still deciding if I consolidate.

pgvector · Running

AI/LLM embeddings

RAG experiments and semantic search over my notes and runbooks. Same DB, same backups, one less service.

§ 06 · Open source

Projects I keep coming back to.

favorites

PostgreSQLC

The database you don't outgrow. 35+ years of careful engineering and an extension ecosystem that keeps surprising me.

JSONB, pgvector, LISTEN/NOTIFY, PostGIS — one database replaces a stack.

KubernetesGo

The container orchestrator the whole industry quietly agreed on. My daily driver at work and at home.

Reading the source taught me more about distributed systems than any book.

TerraformGo · HCL

Declarative infrastructure. The idea that made IaC finally click for a whole generation of engineers.

My daily driver for AWS landing zones. Readable, composable, trustworthy.

Ubuntu / AlmaLinux / AlpineLinux

The three distros I actually reach for: Ubuntu for desktops and dev VMs, AlmaLinux for production servers, Alpine for containers.

Different tools for different jobs — and all of them quietly excellent.

CloudflareEdge

DNS, CDN, WAF, Tunnels, Workers — a ridiculous amount of capability on a generous free tier. Sits in front of almost everything I run.

The best “free” in tech. Also: Tunnels mean no open ports at home.

Talos LinuxGo

An immutable, API-driven OS built purely for Kubernetes. No SSH. No package manager. Beautifully opinionated.

Runs my home control plane. Zero drift in 140+ days.

CiliumGo · C (eBPF)

eBPF-based networking, observability, and security for k8s. Replaces kube-proxy and then some.

Hubble gives you visibility into the network you only dreamed of before.

Argo CDGo

GitOps, done right. Watches your repo, reconciles your cluster. The control loop you didn't know you needed.

Makes “what's actually running?” a question with a trustworthy answer.

FalcoC++ · eBPF

Runtime security, powered by kernel events. Sees what containers actually do, not what they promised.

The tool that made me take cloud-native security seriously.

NeovimC · Lua

A hackable text editor for the terminal era. Lua config, LSP, and a plugin ecosystem that won't quit.

The only editor I've used where the tool gets out of the way.

Tailscale / HeadscaleGo

WireGuard mesh VPN that “just works.” Headscale is the open-source control plane.

Makes the home lab feel like localhost, from anywhere.

§ 07 · Certifications & goals

AWS covered. Aiming for Kubernetes astronaut.

roadmap

Three AWS Associate certifications in the pocket (SysOps, Developer, Solutions Architect) — and now I'm collecting all five CNCF Kubernetes certifications. When they're all done, I get to call myself a Kubernetes astronaut. Non-negotiable.

AWS · Associate tier

SOA-C02

SysOps Administrator

Day-2 AWS. Monitoring, automation, cost, resilience.

Earned

DVA-C02

Developer

Building on AWS. Lambda, DynamoDB, SDKs, CI/CD.

Earned

SAA-C03

Solutions Architect

Designing for scale, cost, and reliability across AWS.

Earned

Kubernetes · the astronaut run

KCNA

Cloud Native Associate

Foundation. Ecosystem, concepts, vocabulary. Foot in the door.

Earned

CKA

Administrator

Cluster ops. Upgrades, etcd, troubleshooting, day-2. In exam prep right now.

Exam prep · up next

CKAD

App Developer

Building and running apps on k8s. Manifests, probes, configs, rollouts.

Exam voucher purchased

KCSA

Cloud Native Sec Assoc.

Four-pillar cloud-native security fundamentals.

Queued

CKS

Security Specialist

Hardening, policy, supply chain, runtime. The serious one — final boss.

Final boss

The plan: one cert per quarter, write up what I learned after each, and earn the Kubestronaut jacket in 2027. 🚀

Why Kubernetes

It feels like a simpler, open-source AWS. One API, one mental model, and suddenly compute, networking, storage, secrets, and scheduling all speak the same language.

It's also where open source apps meet and play nicely — Postgres next to Prometheus next to Argo next to my Java services, all declarative, all reconciling, all portable.

Add a release cycle that ships real improvements every quarter and scaling that still feels magical the hundredth time, and it's hard to imagine spending my career on anything else.

What keeps me here

One API — compute, net, storage, secrets, jobs, cron.
The CNCF ecosystem: best-of-breed OSS, composable by default.
GitOps as a first-class citizen — my cluster = my repo.
Horizontal scaling that just works, from 1 node to thousands.
A steady release train and a community that actually ships.
Skills that travel — same primitives at home, at work, in the cloud.

§ 08 · SDLC

Full software lifecycle, running in my closet.

pipeline

End-to-end dev → prod on hardware I can touch. Same primitives the pros use, at one-millionth the scale. Every stage is observable, every deploy is a git commit, every failure is a learning opportunity I signed up for.

01 · PLAN

Plan & track

LinearObsidianGH Issues

→

02 · CODE

Write & commit

NeovimGoJavaGit

→

03 · BUILD

CI, test, image

Gitea ActionsBuildkitTrivy

→

04 · REGISTRY

Artifacts

HarborCosignHelm

→

05 · DEPLOY

GitOps reconcile

Argo CDTalos k8sHelm

→

06 · OBSERVE

Metrics, logs, traces

PrometheusGrafanaLokiTempo

→

07 · OPERATE

Secure & iterate

FalcoCiliumAlertmanager

Feedback loop

Alerts & dashboards feed right back into 01 Plan. Nothing runs open-loop.

State of record

Git is the only source of truth. Cluster drift triggers an Argo sync — reality chases the repo, not the other way around.

Data plane

One Postgres cluster backs the apps, the metrics archive, the AI experiments. Backed up nightly to S3-compatible storage.

§ 09 · Off the clock

When I'm not at the keyboard.

life

Fitness

Lifting, daily.

Consistency beats everything. Compound lifts, progressive overload, boring on purpose — same way I like my clusters.

6× / week · barbell + accessories

Coaching

Part-time PT.

Two private clients. Programming, form checks, accountability. Turns out teaching squats and teaching Kubernetes share a lot of muscle memory.

2 clients · ACE-prep

3D printing

Making stuff.

Rack mounts, camera mounts, dog toys, gym clips, the occasional Benchy. CAD, slice, print, iterate — small hardware SDLC.

PLA + PETG · Bambu workflow

Markets

Typical stock bro.

Boring long-term index + a small sleeve for individual names I actually use. Same discipline as cost optimization — small, consistent, compounding.

DCA · tax-advantaged first

§ 10 · Photos

A few frames.

Thirteen frames — Austin, Lima, and the dog · more at jeff-durga.net

Sunset over the Pacific from Miraflores cliffs, Lima, Peru — city skyline glowing as dusk settles.

01 · Miraflores, Lima — dusk over the Pacific

Isla, a Belgian Malinois, sitting on grass by a lake at sunset with a pink leash clipped to her collar.

02 · Isla at the lake, golden hour

Isla standing on a snow-dusted patio with snow still on her face, sharp Belgian Malinois eyes on the camera.

03 · Isla · first snow

Texas State Capitol dome seen from the south lawn, Austin — clear blue sky, oaks framing the approach.

04 · Texas Capitol, Austin

Isla lying in front of a lit Christmas tree surrounded by holiday toys and a toy NES controller.

05 · Isla · christmas morning

Isla mid-play, tongue out, looking up at the camera — pure Malinois joy.

06 · Isla · peak malinois

Isla waiting patiently for a bone-shaped birthday cake with a lit candle.

07 · Isla · birthday

Austin downtown from a rooftop — towers under Texas blue sky, hills in the distance.

08 · Downtown, Austin

Lima skyline at sunrise from a rooftop, with sunbeds lining the edge and ocean beyond.

09 · Rooftop sunrise, Lima

Austin skyline under a foggy night, Rainey Street sidewalks lit, traffic threading through downtown.

10 · Austin · a foggy night

Colonial courtyard and bell tower at Santo Domingo convent, central Lima.

11 · Santo Domingo, Lima

Larcomar shops and terraces clinging to the cliffside at dusk, Lima.

12 · Larcomar cliffs

Boardwalk at dusk with people strolling, ocean in the background, Lima.

13 · Boardwalk, Lima

§ 11 · Now

What I'm doing.

currently

APR 17, 2026 · Austin

Most days I'm heads-down on the platform. Evenings: the lab.

LearningKubernetes, deeply. Operators, CRDs, the bits I used to shrug at. Writing notes as I go.

ExploringAI + open source. AI has made spelunking through unfamiliar codebases an order of magnitude easier — it's a force multiplier for reading other people's code.

ContributingOpen source tech. Small PRs, issues, docs fixes. The internet runs on this stuff.

ShippingThis site — deployed via a GitLab → ECS pipeline I built myself.

RunningIsla. Belgian Malinois. She does not permit typical hobbies.