Skip to main content

Blog

DevOps, Agile, Software Development, Networking, Azure, Terraform, CI/CD, … there’s a lot to blog about! Keep informed and subscribe my RSS feed!

2026


Two GitOps controllers, two layers: FluxCD for the foundation, ArgoCD for applications

·12 mins
With Talos, Cilium, Linstor, and cert-manager in place, the cluster has infrastructure but no principled way to operate it. This post adds GitOps: FluxCD for the foundation layer where ordering and simplicity matter, ArgoCD for the application layer where a UI and per-project scoping matter more. The bootstrap sequence that hands control from a script to a Git repo, the self-management property that follows, and what GitOps does not tell you about developing against it.

Bootstrapping trust in a Kubernetes cluster: cert-manager, an internal CA, and kubelet TLS

·15 mins
A cluster with networking and storage still serves most of its TLS endpoints with self-signed certificates. This post wires up the trust layer: cert-manager with a bootstrapped internal CA, trust-manager to distribute the bundle to every namespace, Let’s Encrypt over Gateway API for the public edge, and a CSR approver so the kubelet finally gets a serving cert that something can verify.

Storage on Talos Linux with Linstor and DRBD

·15 mins
Linstor with DRBD is the simplest path to replicated block storage on a homelab cluster. This post covers partitioning Talos disks, getting Piraeus running on an immutable OS, configuring StorageClasses with sensible DRBD quorum defaults, and wiring up snapshots through external-snapshotter.

Networking on Talos Linux with Cilium

·11 mins
Cilium replaces Flannel and kube-proxy on Talos. You get identity-based policies, kernel-level enforcement, packet-level observability through Hubble, the Gateway API for HTTP routing, and L2 announcement so you can expose Services on a bare-metal home network.

Why I Run Talos Linux: A Minimal OS Built for Kubernetes

·14 mins
Talos Linux is a Kubernetes-only OS — minimal core, system extensions for the rest, and an API for everything. This post covers why I picked it, how I bootstrap a 3-node cluster with PXE, and the configuration files you need to follow along.

Unlocking Trust: Why Hardware Security Keys Matter More Than Ever

·9 mins
Passwords are losing their footing as the primary authentication mechanism. This post explores how cryptographic proof, hardware security keys, passkeys, digital signatures, and attestation are shifting the foundation of digital trust — and what that means for your accounts, your architecture, and Zero Trust.

2025


Building a Self-Managing ArgoCD Cluster

·8 mins
Implementation guide for creating an ArgoCD cluster that manages its own configuration and updates through GitOps, including repository structure, app-of-apps pattern, and self-healing configuration.

2023


MetalLB, a bare metal Load Balancer for Kubernetes

·5 mins
Running Kubernetes on bare metal can be challenging on several aspects. One of those is the use of load balancers. MetalLB is a bare metal load balancer that uses ARP to dynamically create new load balancers using dedicated internal IP addresses.