DevOps. Self-hosted. Security.
RSS FeedNotes on DevOps, infrastructure, self-hosting and cybersecurity — practical guides from real-world operations.
Read the posts below or head over to the About page.
Recent Posts
-
CloudNativePG in production: HA, backups, and major upgrades without downtime
Standing up CloudNativePG is easy — production begins on day-2. We cover automatic failover and split-brain protection, ScheduledBackup and PITR restore (Barman Cloud Plugin), the metrics that actually matter, minor and major upgrades without a long downtime, and why prod rests on a tested restore, not a configured backup.
-
CloudNativePG: production-ready Postgres on Kubernetes without voodoo
CloudNativePG turns "Postgres in k8s" from an anti-pattern into a normal way to keep the database next to the app: one Cluster CR gives you a primary and replicas, automatic failover, S3 backups via the Barman Cloud Plugin, and PgBouncer through Pooler. We walk through a 3-pod manifest, the storage traps, and how to test failover.
-
Progressive delivery: canary with automated rollback on Flagger
Flagger turns a plain Deployment into progressive delivery with automated metric-based rollback: the Canary CR, canary/blue-green/A-B strategies, error-rate and p95 analysis via MetricTemplate, and a working manifest with 10/30/50% steps.
-
Kyverno vs OPA Gatekeeper: when to pick which
Kyverno 1.17 promoted CEL to v1, Gatekeeper v3.22 integrated ValidatingAdmissionPolicy from upstream. Both projects are now stable — the choice depends on where your Kubernetes ends. A practical matrix: YAML vs Rego, validation/mutation/generation, and the hybrid option with full code examples.