SYSTEM RECONSTRUCTION
Banco Limen
A Phase 1 reconstruction of legacy banking failure patterns: its intentional anti-patterns, decision records, and the reasoning that will guide each later fix.
Explore LimenPlatform engineering from the systems up
I’m Cristian Gómez Aranda — a Platform Engineer with eight years operating critical banking systems. I trace Linux and Kubernetes internals to build infrastructure that teams can trust in production.
NEXT: foundations for secure, observable AI workloads.
SYSTEM RECONSTRUCTION
A Phase 1 reconstruction of legacy banking failure patterns: its intentional anti-patterns, decision records, and the reasoning that will guide each later fix.
Explore LimenTECHNICAL WRITING
A public series that builds Kubernetes networking from Linux primitives — namespaces, veth pairs, iptables, conntrack, and the packet path in between.
Start readingWHAT’S NEXT
A next area of study: applying the same operational discipline to secure, observable infrastructure for model serving and AI teams.
Why this directionEight years running production SRE at a major bank taught me one thing about alert fatigue: detection is the hard part. Kubernetes changed that assumption for me today.
How to expose a container to the outside world and distribute traffic across multiple backends using iptables DNAT — the same mechanism kube-proxy uses for NodePort and ClusterIP services.
Why pods can't reach the internet by default and how iptables MASQUERADE fixes it — a deep dive into NAT, conntrack, and the path packets take out of a Kubernetes node.
How Kubernetes pod networking actually works — built from Linux primitives: network namespaces, veth pairs, and bridges. No abstractions, just the kernel.
Open to remote Platform Engineer and SRE roles with teams running Kubernetes in production — based in Mexico City, strong overlap with US business hours.
Start a conversation