I build tools that help engineering teams see what's changing in their infrastructure — before drift, misconfigurations, or silent regressions reach production.
My work sits at the intersection of Kubernetes, cloud security, and developer experience. I turn invisible infrastructure problems into things you can inspect, reason about, and fix with confidence.
I write about these topics on my blog — covering platform engineering, Helm workflows, cloud security, and the tools I build. You can subscribe via RSS.
|
Go · Next.js · Helm SDK · ⭐ 4 Understand potentially disruptive Helm chart changes before deployment. Surfaces availability, rollout risk, and security changes in Helm chart upgrades with a risk assessment engine.
|
React · Monaco · Dagre · ⭐ 3 Interactive editor and visualizer for GitHub Actions workflows. Write, validate, and visualize CI/CD workflows with a real-time graph of job dependencies.
|
|
TypeScript · Stream Deck SDK See your unread GitHub notification count on a physical button.
|
Shell · macOS Keychain · ⭐ 1 Generate MFA codes from the terminal while keeping seeds in macOS Keychain.
|
|
Go Scan directories recursively to audit Terraform versions across a multi-project codebase. |
PHP · Laravel · ⭐ 1 Drop-in Laravel database driver that fetches credentials from AWS Secrets Manager at runtime with built-in caching. |
I write about platform engineering, Kubernetes tooling, and cloud security at dcotelo.dev. Topics include Helm workflows, infrastructure risk, CI/CD patterns, and the thinking behind the tools I build.
Expand full stack details
| Area | Technologies |
|---|---|
| Languages | Go, TypeScript, Python, Bash, PHP |
| Cloud | AWS (EKS, IAM, VPC, DynamoDB, ALB/NLB, Route53, KMS, S3, CDK, Secrets Manager) |
| Kubernetes | EKS, EKS Auto Mode, Karpenter, Helm, Kustomize |
| GitOps / CI | ArgoCD, GitHub Actions, OIDC-based auth |
| IaC | Terraform, Terraform Cloud, AWS CDK |
| Frontend | Next.js, React, Monaco Editor |
| Observability | Datadog, Grafana, SLOs |
| Containers | Docker, Docker Compose |
| Storage | PostgreSQL, DynamoDB, S3 |
| Security | IAM least privilege, CodeQL, OpenSSF Scorecard, OIDC |
|
|
Security is an architecture problem, not a checklist.
The best platforms fade into the background. If your platform requires a tutorial every sprint, it's not a platform — it's a tax.
Clear ownership beats perfect tooling. When something breaks at 3 a.m., the answer to "who owns this?" should be obvious.
Decision support, not enforcement. Surface what's changing and why it matters. Enable informed team decisions — don't impose judgment.
Building tools that make infrastructure visible, upgrades safe, and on-call less painful.
