I’m Douglas Adolph, a Senior Software Engineer in Austin, Texas. I work in Go on platform and infrastructure software: the systems that let large fleets of machines deploy, secure, and observe themselves. I go after the hard problems where one well-built tool turns a recurring fire drill into a boring, repeatable process.

What I do

I’m a lead engineer on a major US retailer’s edge and store Kubernetes platform, a fleet in the thousands of clusters that other platform teams build on every day. I designed and wrote the deployment engine at the center of it: every team’s rollouts run through it, and it reconciles application config across the whole fleet, taking store rollouts from weeks or months down to seconds.

Around that core, my work spans a few areas:

  • Deployment and customization. A composable middleware pipeline, driven by a declarative per-application spec, tailors every rollout to its target: Vault-backed secrets, templated configuration, smart builds, target matching, validation, and cost-showback metadata.
  • Access control and identity. I designed one model that governs who can deploy an application, delete it, reach it in-cluster, and read its secrets, enforced end to end by a group-based JWT identity layer. Identity-provider groups ride inside signed tokens that the platform verifies and turns into both deployment permissions and in-cluster role bindings, and the same tokens issue the kubeconfigs engineers use to reach their clusters. One identity, everywhere.
  • Security and secrets. I helped stand up the organization’s HashiCorp Vault and designed its path and precedence model, and I wrote the JWT, SOPS, and secret-store libraries the platform depends on. I also turned a fleet-wide secret-scanning emergency into a repeatable, measurable cleanup across thousands of repositories.
  • Cluster intelligence. Statistical tooling that right-sizes resource quotas across the fleet from real usage data, alongside Prometheus-based observability and fleet inventory.
  • Delivery. A pipeline that tests against real, on-demand throwaway clusters rather than mocks, with optional chaos and stress stages, release and supply-chain automation, and a secure-flow CI baseline standardized across many repositories.

The work I’m proudest of is a deterministic Kubernetes flight recorder: it captures everything about an incident, every resource change, event, metric, audit row, and log, into one portable file, replays it, and emits a cited root-cause postmortem that names the exact field that changed. No LLM and no SaaS in the path, read-only, runs anywhere.

Nearly all of it is Go.

How I work

I write standard-library-first Go with a serious testing discipline: single-method interfaces, middleware composition, and tools that are honest about their own confidence instead of guessing. I care most about turning recurring manual work into repeatable, measurable processes.

I also work fluently with AI coding agents, using them to ship at high volume while holding the same bar on tests and review.

Tools of the trade

Go, Kubernetes, FluxCD, Google Cloud and GKE, Prometheus, Terraform, Ansible and AWX, GitHub Actions, SOPS, JWT and OIDC, Docker, and Helm.

Open source

My public projects are the open-source side of the same work: programmatic SOPS in Go, JWT tooling, multi-cluster fleet drift detection, single-binary Ansible orchestration, and more. See Projects.

Education

B.S. in Computer Science and Engineering, Texas State University (2014 to 2018), with a minor in Applied Mathematics.

Elsewhere

Code lives on GitHub. Reach me at [email protected].