TL;DR / Executive Summary

This blog runs on a surprisingly powerful and cost-effective stack: a Kubernetes cluster on a free Oracle Cloud Infrastructure (OCI) account. The entire environment, from the cloud network to the Kubernetes deployments, is managed automatically with Terraform. This setup provides a robust, scalable, and fully observable platform, not just for this blog, but for all my personal projects.

The “Why”: My Motivation for This Stack

As an engineer, I wanted a hosting solution that went beyond simple managed platforms. My goals were:

  1. Cost-Effectiveness: I wanted a powerful setup without the hefty price tag, which led me to Oracle’s generous “Free Tier” cloud offering.
  2. Total Automation: I believe in Infrastructure as Code (IaC). Using Terraform was a key requirement, as it allows me to define, version, and manage my entire infrastructure with code. This makes the system reproducible, easy to modify, and incredibly fast for testing and research.
  3. End-to-End Experience: My primary goal was to gain hands-on experience managing a full cloud-native stack from the ground up. This project has been an incredible learning opportunity, boosting my understanding of security, networking, observability, and the entire cloud ecosystem.
  4. Powerful Observability: I wanted deep insights into my applications without relying on third-party tools. SigNoz stood out as a fantastic open-source, OpenTelemetry-native platform that I could host myself.

The Architecture: A Two-Layered Terraform Project

The entire system is managed by a single Terraform project, which is logically split into two parts: provisioning the cloud infrastructure and deploying the Kubernetes services.

Here’s a high-level look at how it all fits together:

graph TD subgraph " " direction LR Admin["
Me (The Engineer)
"] IaC["
Infrastructure as Code
"] end subgraph " " direction LR OCI["
Oracle Cloud Infrastructure (OCI)
"] K8s["
Oracle Kubernetes Engine (OKE)
"] end subgraph " " direction LR Ingress["
Nginx Ingress
"] Apps["
Applications & Monitoring
"] end Admin -- "1 Manages" --> IaC IaC -- "2 Provisions" --> OCI OCI -- "3 Runs" --> K8s K8s -- "4 Hosts" --> Ingress & Apps User["
Blog Reader"] -- "5 Visits Site" --> Ingress %% Styling classDef default fill:#f9f9f9,stroke:#333,stroke-width:2px,color:#333

Part 1: Provisioning the OCI Foundation

The first part of the Terraform setup creates the core infrastructure in OCI:

  • Networking: It starts by building a Virtual Cloud Network (VCN) with the necessary public and private subnets.
  • Kubernetes Cluster (OKE): It then provisions an Oracle Kubernetes Engine (OKE) cluster. I chose a node pool with flexible ARM-based instances (VM.Standard.A1.Flex), which provide an incredible amount of power for free.
  • Secret Management: All my secrets—API tokens, OCIDs, and other credentials—are securely stored in Doppler. Terraform fetches these secrets at runtime, ensuring no sensitive data is ever hardcoded in my repository.

Part 2: Deploying Services to Kubernetes

Once the cluster is running, the second part of the Terraform project takes over and deploys all the necessary services using a modular approach.

  • Nginx Ingress Controller: This is the front door to the cluster. It handles all incoming HTTP/S traffic and routes it to the correct application based on the hostname (e.g., blog.iaroslavtsev.uk).
  • Cert-Manager & ExternalDNS: This powerful duo automates TLS and DNS management. When I deploy a new application, ExternalDNS automatically creates a DNS record in Cloudflare. Cert-Manager then detects the new ingress, requests a free SSL certificate from Let’s Encrypt (using a DNS-01 challenge with Cloudflare), and configures Nginx to use it. The result is automatic, hands-free HTTPS for every service.
  • SigNoz: My self-hosted observability platform. All my applications are instrumented to send OpenTelemetry data to SigNoz, giving me detailed traces, metrics, and logs in one place.
  • The Blog & Other Apps: Finally, the blog itself (and my other projects) are deployed as containerized applications, each with its own Kubernetes Deployment, Service, and Ingress resources, all defined in their own clean, reusable Terraform modules.

Key Takeaways and Conclusion

Building and managing this project has been one of the most rewarding professional experiences for me. It has given me a deep, practical understanding of what it takes to run a modern, secure, and observable cloud-native system end-to-end. While it was a significant undertaking, the payoff is a powerful, automated, and virtually free platform that I can use for years to come.