DevOps - Category - Shengxu · Cloud Architecture & DevOps

Hands-On: From AI Semantic Search to AI Content Pipeline – How Static Blogs Continuously Evolve (Continued)

Sat, 06 Jun 2026 10:30:00 +0800

A few months ago, I wrote an article titled “Hands-on: Building Fully Automated AI Semantic Search with Cloudflare Vectorize and Gemini”. The problem it solved was clear: enabling semantic search for a static blog and capturing user queries that failed to find results as Content Gaps.

Once that architecture was running, I quickly realized: Search is just the last mile of the content lifecycle.

From the moment a Markdown article is written to when it’s actually discovered by readers, it must pass through summaries, translations, related recommendations, internal links, image optimization, search indexing, SEO, deployment, and quality checks. If these steps still rely on manual processing, even the smartest AI search is just a new entry point bolted onto a traditional publishing workflow.

From Azure SRE Agent to HolmesGPT: AIOps Practices in Multi-Cloud Kubernetes Environments

Fri, 17 Apr 2026 19:40:00 +0800

In the multi-cloud Kubernetes era, the pain point for SREs is no longer just “too many alerts,” but rather investigation chains that are too long, context that is too scattered, and troubleshooting costs across clouds that are too high. What truly drains people isn’t glancing at a chart, but constantly switching between multiple cloud platforms, logging systems, deployment records, and ticketing systems.

This is why AI SRE Agents are starting to deliver real value. Their goal isn’t to be a better conversational Copilot, but to proactively take over the highly repetitive first half of the work—“checking logs, finding correlations, guessing root causes, and giving suggestions”—once an alert is triggered.

Cilium 2026 (Continued): How the Unified Data Plane Is Reshaping Kubernetes Platform Architecture

Sat, 21 Mar 2026 14:31:56 +0800

In the previous article on Cilium, we explored the real reasons behind the 2026 migration wave: it’s no longer just “a faster CNI,” but rather a reorganization of Kubernetes networking, security, observability, and multi-cluster capabilities into a more unified infrastructure foundation, while also clarifying its division of labor and collaboration boundaries with Istio.

If the previous article answered “What can Cilium actually bring us?”, then this one will go a step further, focusing on the core of its evolution: the Unified Dataplane.

Before Discussing LLM Security, Is Your Kubernetes Foundation Up to Standard?

Sat, 14 Mar 2026 10:00:00 +0800

The explosion of Large Language Models (LLMs) and AI Agents has not only revolutionized business models but also introduced new application-layer security challenges such as prompt injection and data poisoning. While everyone’s attention is drawn to these cutting-edge vulnerabilities, let’s first pause and ask ourselves a fundamental question: Before diving into these complex AI security issues, is the cloud-native foundation that supports all our business workloads even up to par?

What Cilium Can Really Bring Us in 2026

Sun, 08 Mar 2026 10:30:00 +0800

——What Meaningful Changes Does It Actually Bring, and How to Divide and Conquer with Istio

By 2026, many teams discussing Cilium are no longer asking “Is it worth trying?” but rather “When should we migrate?”

Weekend Project: Building a Local Load Balancer for LLM API Keys

Sat, 14 Feb 2026 10:18:00 +0800

Lately, because I’ve been using various LLM services (OpenAI, Gemini, DeepSeek, etc.) intensively, I’ve run into a very real pain point: being broke.

To save money, I applied for multiple free API keys (like Google Gemini’s Free Tier or DeepSeek’s complimentary credits), but these free keys often come with strict rate limits (RPM/TPM). Just when I’m in the flow writing code, a 429 Too Many Requests error pops up, completely breaking my train of thought. It’s really frustrating.

Practical · Building a Memory-Enabled AI Writing Partner (Part 4): Observability (Metrics + Logs + Trace + Cost)

Thu, 05 Feb 2026 16:00:00 +0800

In the previous post, we discussed the security of RAG systems and Prompt injection protection. Today, let’s dive into another engineering deep-water zone: Observability.

When a system evolves from “it works” to “it’s reliable long-term,” you will inevitably encounter three types of problems:

Slow: Is retrieval slow? Is the LLM slow? Or is some Agent stuck in a retry loop?
Expensive: Is a specific pipeline silently consuming all the tokens? Why doesn’t this month’s API bill add up?
Weird: Intermittent bugs that can’t be reproduced, leaving you to fix code based on “gut feeling.”

At this stage, I chose to build a complete Metrics + Logs system, rather than just sprinkling in a few print statements.

Practical · Building a Memory-Enabled AI Writing Partner (Part 3): Security Architecture (RAG Protection, Fact Guard, and BYOK)

Wed, 04 Feb 2026 10:00:00 +0800

In the previous 2.5 articles, I’ve already laid out the backbone of FantasyNovelAgent:

This article dives deep into the most overlooked yet critical aspect of AI systems: Security.

If you’re thinking, “I’m just writing a novel, what security issues could there be?”, consider this:

Practical Guide: Building a Memory-Enabled AI Writing Partner (ikun) – Retrieval System (Vector Search, Hybrid Search & Cloud Deployment)

Wed, 28 Jan 2026 10:30:00 +0800

In “Practical · Building a Memory-Enabled AI Writing Partner (Part 1): Multi-Agent Architecture Evolution”, I clarified how multiple agents collaborate and how memory is chained together. In “Practical · Building a Memory-Enabled AI Writing Partner (Part 2): Database Evolution (From JSON to Single Database to Relational Tables)”, I reviewed the evolution of the “fact layer” from JSON to SQLite and then to relational tables.

However, when the text length reaches hundreds of thousands of words, what truly determines the experience is often not “whether the data exists,” but “whether I can retrieve it”: exact lookup (did it appear or not), structured filtering (who belongs to whom), and semantic association (is it similar, is it the same atmosphere) must all work simultaneously. So I added a clear “index layer” to FantasyNovelAgent and expanded retrieval from “chapters” to the “full knowledge graph.”

Practical · Building a Memory-Enabled AI Writing Partner (Part 2): Database (From JSON to Single Table to Relational Tables)

Wed, 28 Jan 2026 10:00:00 +0800

If you’ve already read Building a Memory-Powered AI Writing Partner (Part 1): Multi-Agent Architecture Evolution, you likely have a high-level understanding of how multiple agents collaborate and how memory is chained together. But what truly makes a system viable long-term isn’t just a pretty architecture diagram—it requires a data foundation that can withstand growth: one that supports querying, modification, and rollback.

This article focuses on the evolution of the “fact layer” (the database): JSON files → SQLite single database (KV) → SQLite single database (relational tables). Semantic search, hybrid search, full graph indexing, and cloud migration are covered separately in the next article, Building a Memory-Enabled AI Writing Partner (ikun): Retrieval System (Vector Search, Hybrid Search, and Cloud Migration).

Practical Guide · Building a Memory-Powered AI Writing Partner (Part 1): Multi-Agent Architecture Evolution

Sun, 25 Jan 2026 10:00:00 +0800

When writing a long novel, the most painful part isn’t “not being able to write”—it’s “forgetting what you’ve already written.” Did I set up that foreshadowing properly? Was that character already injured in the last chapter? When exactly was that world-building rule established? Once your manuscript crosses the hundreds-of-thousands-of-words mark, relying solely on your brain and scattered notes quickly becomes unmanageable.

FantasyNovelAgent grew out of this exact need. It started as a simple Python script, then evolved to include dynamic memory and auto-archiving, later added multi-device sync, and is now taking its first steps toward a front-end/back-end separation with cloud-native storage. This article retraces that evolution path and explains the key trade-offs, offering a reference for similar projects.

Kubernetes Complexity: Starting from a Job Interview Question

Sat, 24 Jan 2026 12:47:00 +0800

I recently went through a job interview where the interviewer posed a seemingly routine question: “In your opinion, when should you use Kubernetes, and when is it unnecessary and just adds complexity?”

I answered it fairly smoothly at the time, but the question lingered in my mind long afterward. What made it so “sharp” was that it stepped beyond the technical details of “how to use K8s” and cut straight to the core trade-off in architecture design: Are we introducing a tech stack to solve a real business pain point, or just to satisfy the team’s “anxiety about being cutting-edge”?

Hands-On: Building an Automated AI Semantic Search with Cloudflare Vectorize and Gemini

Fri, 23 Jan 2026 15:30:00 +0800

In 2026, adding AI search to a personal blog is nothing new. But achieving it with zero cost, full automation, and high performance remains a technical topic worth exploring.

This article breaks down the technical architecture behind this site’s AI Search feature, showing how to combine Cloudflare Workers, Vectorize, D1, and Google Gemini to build a closed-loop RAG (Retrieval-Augmented Generation) system.

1. Core Architecture Design

Our goal is a fully automated workflow: write and deploy. The author only needs to push Markdown articles; everything else—vector generation, index updates, frontend deployment—is automated.

Helm 4 Deep Dive: More Than a Version Bump – A New Beginning for the Kubernetes-Native Era

Thu, 22 Jan 2026 10:00:00 +0800

In the infrastructure world, some version updates are “icing on the cake,” while others are “transformative.” If Helm 3 freed us from the nightmare of Tiller, then Helm 4, officially released in November 2025, marks the coming-of-age moment when Helm truly understood and embraced Kubernetes’ declarative philosophy.

After two months of community validation and official documentation refinement, this article will clarify the easily misunderstood technical details based on Helm 4’s actual release state.