My Podman containers on a custom network couldn’t resolve each other by name — even though everything looked correct. After methodically eliminating layers (network config, DNS daemon, container state, firewall), I discovered UFW was silently blocking UDP port 53 on the new podman4 bridge interface. The fix? One ufw allow rule. Here’s how I got…
Category: Architecture
Solution Architecture, related decisions
RabbitMQ vs. Kafka: A Practical Guide to Choosing Your Message Broker
Introduction When designing modern, distributed systems—especially cloud-hosted microservices—choosing the right messaging backbone is critical. Two of the most popular options are RabbitMQ and Apache Kafka. While both enable asynchronous communication, they were built for different use cases.
Architectural Option Analysis: Securing Data Flow from Shopify Webhooks to an API Behind Kong Gateway
When integrating Shopify webhooks with an internal API protected by the Kong API Gateway, one of the first—and most critical—challenges you’ll encounter is authentication. Shopify signs its webhook payloads using an HMAC-SHA256 signature, which is delivered in a custom HTTP header (x-shopify-hmac-sha256). Unfortunately, this doesn’t align neatly with standard authentication mechanisms, especially those built into…
Podman Networking Demystified: When to Use Pods, Networks, or Both
If you’ve transitioned from Docker to Podman, you’ve likely encountered a fundamental question: “How should my containers communicate?” Unlike Docker’s straightforward container-to-container networking, Podman introduces pods—a powerful concept borrowed from Kubernetes that adds both capability and complexity.