Skip to main content
  1. Tags/

Kubernetes

2026


Two GitOps controllers, two layers: FluxCD for the foundation, ArgoCD for applications

·12 mins
With Talos, Cilium, Linstor, and cert-manager in place, the cluster has infrastructure but no principled way to operate it. This post adds GitOps: FluxCD for the foundation layer where ordering and simplicity matter, ArgoCD for the application layer where a UI and per-project scoping matter more. The bootstrap sequence that hands control from a script to a Git repo, the self-management property that follows, and what GitOps does not tell you about developing against it.

Bootstrapping trust in a Kubernetes cluster: cert-manager, an internal CA, and kubelet TLS

·15 mins
A cluster with networking and storage still serves most of its TLS endpoints with self-signed certificates. This post wires up the trust layer: cert-manager with a bootstrapped internal CA, trust-manager to distribute the bundle to every namespace, Let’s Encrypt over Gateway API for the public edge, and a CSR approver so the kubelet finally gets a serving cert that something can verify.

Storage on Talos Linux with Linstor and DRBD

·15 mins
Linstor with DRBD is the simplest path to replicated block storage on a homelab cluster. This post covers partitioning Talos disks, getting Piraeus running on an immutable OS, configuring StorageClasses with sensible DRBD quorum defaults, and wiring up snapshots through external-snapshotter.

Networking on Talos Linux with Cilium

·11 mins
Cilium replaces Flannel and kube-proxy on Talos. You get identity-based policies, kernel-level enforcement, packet-level observability through Hubble, the Gateway API for HTTP routing, and L2 announcement so you can expose Services on a bare-metal home network.

Why I Run Talos Linux: A Minimal OS Built for Kubernetes

·14 mins
Talos Linux is a Kubernetes-only OS — minimal core, system extensions for the rest, and an API for everything. This post covers why I picked it, how I bootstrap a 3-node cluster with PXE, and the configuration files you need to follow along.

2025


Building a Self-Managing ArgoCD Cluster

·8 mins
Implementation guide for creating an ArgoCD cluster that manages its own configuration and updates through GitOps, including repository structure, app-of-apps pattern, and self-healing configuration.

2023


MetalLB, a bare metal Load Balancer for Kubernetes

·5 mins
Running Kubernetes on bare metal can be challenging on several aspects. One of those is the use of load balancers. MetalLB is a bare metal load balancer that uses ARP to dynamically create new load balancers using dedicated internal IP addresses.

2019


Deploy a secure instance of Elasticsearch on Kubernetes

·5 mins
It’s easy to deploy Elasticsearch on Kubernetes. You get yourself a copy of the Elastic Helm Charts and you run helm install. Job well done… or not? The default Elasticsearch configuration doesn’t enable any encryption or security mechanism, that doesn’t sound really safe! In this blog post, I’ll explain how you secure your Elasticsearch instance by enabling encryption (SSL transport and HTTP over SSL) and native authentication.

Deploy Kubernetes Cluster with Rancher Kubernetes Engine (RKE)

·6 mins
In this blog post, I’ll explain how you deploy a brand new Kubernetes Cluster with Rancher Kubernetes Engine (RKE). Rancher Kubernetes Engine doesn’t include the Rancher management application itself and will deploy a vanilla Kubernetes Cluster for you, the exact same thing as kubeadm can do for you but much more simple!