A standalone course · Catch up on this repo + interview prep

Platform add-ons — the operator's toolkit

Seven operational modules in one course: the machinery between your code and production working correctly — how it ships, how it stays correct, and how it runs.

This is the Tier-3 tier — the cross-cutting plumbing every service leans on but that isn't domain logic. Seven topics, one course: migrations, linting & githooks, secrets, and the build/Skaffold system (how code ships); idempotency, retries, and the transactional outbox (how it stays correct under at-least-once delivery); and email/push delivery plus the cron/scheduled-jobs framework (how your own services run). Each idea comes from the canon, then lands on a real file:line.

How to use this Do one lesson, take its quiz from memory (no peeking), then skim the matching block of the cheat sheet. Come back a day later and re-take it — spacing beats cramming. You know the rhythm by now. Stuck? Ask me — I'm your teacher, not just the author.
The one thing that'll surprise you This tier is full of instructive imperfections, and they're the best lessons: there are no rollback migrations. A security linter is configured but commented-out in CI. Secrets decrypt inside the process, not via a sidecar. An outbox exists in exactly one service while your own services knowingly dual-write. You'll learn the canonical pattern, then exactly where this platform bends it — and why.

Part 1 — Ship it: code → prod plumbing available now

How code gets to production: migrations, linting/hooks, secrets, and the build.

1 · Migrations (golang-migrate)

Forward-only .up.sql, RLS boilerplate, gjob sql_migrate, gen-db-schema.

ready

2 · Linting & githooks

The enable-list, the bespoke sqlclosecheck, gitleaks, and the Jira hook.

ready

3 · Secrets / SOPS / KMS

Per-value encryption, KMS-wrapped keys, decrypted in-process — plus the second AES layer.

ready

4 · Build system / Skaffold

One binary, all services; cross-compile; dev vs prod images; Skaffold vs compose.

ready

Part 2 — Keep it correct: reliability available now

Staying correct under at-least-once delivery: idempotency, retries, the outbox.

5 · At-least-once & idempotency

Why duplicates happen, and the idempotent-consumer fix.

ready

6 · Retries & redelivery

The (retryable, err) contract; in-process vs broker.

ready

7 · The transactional outbox

The dual-write problem; eureka's outbox via Debezium.

ready

8 · Reliability, put together

Why your services dual-write on purpose.

ready

Part 3 — Run the domain: delivery & schedules available now

How your own services actually run: email, push, and scheduled work.

9 · Email delivery (spike/SendGrid)

The send pipeline and the status state machine.

ready

10 · Push delivery (notification/FCM)

Device tokens, multicast, swallowed failures.

ready

11 · Cron / scheduled-jobs

RegisterJob, k8s CronJobs, the KEDA gjob pod.

ready

12 · The whole picture

How the seven interlock — recap + interview.

ready

Reference shelf

Cheat sheet

The recipes for all seven topics + interview one-liners.

Glossary

The canonical vocabulary across the toolkit.

Repo toolkit map

Ground truth: where each topic lives, with file:line.

Resources

golang-migrate, SOPS, Skaffold, Chris Richardson, SendGrid, FCM — high-trust only.

All 12 lessons are built — the course is complete. You can ship a change (migrations, linting, secrets, build), keep it correct under at-least-once delivery (idempotency, retries, the outbox), and run your services' delivery and scheduled paths (email, push, cron) — from the canon and from your own code. The one thing left is a retention check — ask me to run a cold mock interview across this course (and the track) and I'll write the first learning records proving what stuck. Questions on any lesson? Ask me.