DevOps. Self-hosted. Security.
RSS FeedNotes on DevOps, infrastructure, self-hosting and cybersecurity — practical guides from real-world operations.
Read the posts below or head over to the About page.
Recent Posts
-
Progressive delivery: canary with automated rollback on Flagger
Flagger turns a plain Deployment into progressive delivery with automated metric-based rollback: the Canary CR, canary/blue-green/A-B strategies, error-rate and p95 analysis via MetricTemplate, and a working manifest with 10/30/50% steps.
-
Kyverno vs OPA Gatekeeper: when to pick which
Kyverno 1.17 promoted CEL to v1, Gatekeeper v3.22 integrated ValidatingAdmissionPolicy from upstream. Both projects are now stable — the choice depends on where your Kubernetes ends. A practical matrix: YAML vs Rego, validation/mutation/generation, and the hybrid option with full code examples.
-
Flux in one evening: GitOps for a single small cluster
GitOps on a single small cluster without an operator zoo: what Flux is, why a reconciler beats kubectl apply from CI, how to run flux bootstrap, and how to assemble one root Kustomization that syncs the whole cluster from git.
-
OpenTelemetry Collector: a minimal setup you can ship to prod
Why you need the OpenTelemetry Collector, how its receivers/processors/exporters pipeline works, how an agent differs from a gateway, and how to build a minimal but production-grade setup with docker-compose and Tempo.