mypie Engineering Blog

Real war stories from building mypie.io on AWS EKS — infrastructure failures, debugging sessions, and the fixes that worked.

• April 3, 2026 security gdpr aws eks compliance

  Security and GDPR Compliance on AWS EKS: What We Built and Why

  mypie processes personal financial data — pie (investment portfolio) positions, subscription status, user identities. This post covers every security control we've implemented across AWS, Kubernetes, and network layers, and maps each to the relevant GDPR article.

  Read more →
• April 3, 2026 cicd argocd gitops github-actions atlantis

  Release Management: How We Ship Code from Commit to Production

  A full walkthrough of how code moves from a developer's branch to production on mypie — GitHub Actions builds images, ArgoCD syncs Kubernetes, and Atlantis manages Terraform. Zero manual kubectl apply, zero manual terraform apply.

  Read more →
• April 3, 2026 eks kubernetes networking vpc-cni

  EKS Pod Limits: When Your Node Just Can't Fit One More Pod

  We bootstrapped ArgoCD on EKS and one of its pods got stuck in Pending with "Too many pods." The t3.medium limit of 17 pods caught us off guard. Here's why the limit exists, how to calculate it, and what your options are.

  Read more →
• April 3, 2026 argocd kubernetes aws gitops debugging

  ArgoCD, Private GitHub Repos, and the AWS SSO Kubeconfig Problem

  After ArgoCD was installed via Helm, we tried to apply our root-app.yaml to bootstrap the App-of-Apps pattern. Two separate issues came up in sequence — one about kubectl itself not being able to talk to the cluster, and one about ArgoCD not being able to read from our private GitHub repository.

  Read more →
• April 3, 2026 eks kubernetes aws lbc irsa debugging

  AWS Load Balancer Controller: Four Failures Before It Worked

  The AWS Load Balancer Controller (LBC) is responsible for provisioning ALBs and NLBs in response to Kubernetes Ingress resources. Getting it running looked simple on paper — install via Helm, point at the cluster — but we hit four distinct failures before the first ALB was created.

  Read more →
• April 3, 2026 terraform aws cloudflare dns tls

  ACM Wildcard Cert Validation with Cloudflare: The Duplicate CNAME Trap

  We use ACM for TLS termination on our ALB. We needed a single certificate covering both the apex domain mypie.io and all subdomains *.mypie.io. ACM allows you to add both as Subject Alternative Names (SANs) on a single cert. What it does not tell you upfront is that both produce the same CNAME validation record.

  Read more →
• April 3, 2026 terraform aws debugging

  Recovering from a Stuck Terraform State Lock

  A terraform apply had crashed mid-run — likely from a network interruption or a session timeout. When we tried to run the next apply, we hit:

  Read more →
• April 3, 2026 terraform aws

  Importing Pre-Existing AWS Resources into Terraform State

  After spending days getting the staging environment right, we ran our first terraform apply for production expecting smooth sailing. Instead, the output was a wall of EntityAlreadyExists errors.

  Read more →