DevOps. Self-hosted. Security.
RSS FeedNotes on DevOps, infrastructure, self-hosting and cybersecurity — practical guides from real-world operations.
Read the posts below or head over to the About page.
Recent Posts
-
Kyverno vs OPA Gatekeeper: when to pick which
Kyverno 1.17 promoted CEL to v1, Gatekeeper v3.22 integrated ValidatingAdmissionPolicy from upstream. Both projects are now stable — the choice depends on where your Kubernetes ends. A practical matrix: YAML vs Rego, validation/mutation/generation, and the hybrid option with full code examples.
-
Flux in one evening: GitOps for a single small cluster
GitOps on a single small cluster without an operator zoo: what Flux is, why a reconciler beats kubectl apply from CI, how to run flux bootstrap, and how to assemble one root Kustomization that syncs the whole cluster from git.
-
OpenTelemetry Collector: a minimal setup you can ship to prod
Why you need the OpenTelemetry Collector, how its receivers/processors/exporters pipeline works, how an agent differs from a gateway, and how to build a minimal but production-grade setup with docker-compose and Tempo.
-
eBPF without the pain: Cilium and network observability in Kubernetes
What eBPF is in plain terms, why Cilium beats kube-proxy and sidecars, how Hubble shows flows and drop reasons, and what you need to stand it all up in a kind cluster in an evening.