DevOps. Self-hosted. Security.
RSS FeedNotes on DevOps, infrastructure, self-hosting and cybersecurity — practical guides from real-world operations.
Read the posts below or head over to the About page.
Recent Posts
-
Flux in one evening: GitOps for a single small cluster
GitOps on a single small cluster without an operator zoo: what Flux is, why a reconciler beats kubectl apply from CI, how to run flux bootstrap, and how to assemble one root Kustomization that syncs the whole cluster from git.
-
OpenTelemetry Collector: a minimal setup you can ship to prod
Why you need the OpenTelemetry Collector, how its receivers/processors/exporters pipeline works, how an agent differs from a gateway, and how to build a minimal but production-grade setup with docker-compose and Tempo.
-
eBPF without the pain: Cilium and network observability in Kubernetes
What eBPF is in plain terms, why Cilium beats kube-proxy and sidecars, how Hubble shows flows and drop reasons, and what you need to stand it all up in a kind cluster in an evening.
-
SLSA Level 2: what build provenance is and why it isn't SBOM
SLSA Level 2 in practice: how build provenance differs from an SBOM, why L2 is a realistic target, how the GitLab Runner itself generates a non-forgeable attestation, and how to verify it with glab/cosign and at admission.