-
The road to enterprise at home: Crafting a proper DR strategy.
In my previous post I did a proof of concept of recreating my infrastructure at a secondary node. While it worked, it was highly manual, and it took some downtime until I actually got around to do it. A proper DR solution, however, should be pre-made, ready to be enacted. It can still be partly…
-
The road to enterprise at home: A DR-test!
I’ve had some issues with my kubernetes-node, basically a few random crashes. A bit inconvenient as it’s summer-time. As I am writing this, I am at our cabin and the kubernetes-node is down. But wait a minute? Doesn’t the blog run on kubernetes? Yes, it does. But I do have backup. A while back, I…
-
Kubernetes for beginners: Storage
After my blog post about Kubernetes for geeks: Creating your own Kubernetes Operator, it is time for a lighter and more basic topic: storage. My beginner series wouldn’t be complete without it, so here goes! Kubernetes is made for a lot of various environments: cloud, self-hosted, distributed and not-too-distributed. You need to be able to…
-
Kubernetes for geeks: Creating your own Kubernetes Operator
,As I promised in Kubernetes tip of the day – external-dns, here is the writeup of my automations of firewall openings. As the methods of configuration, and features of, firewalls are more varied than DNS, I quickly realized that this needed to be something built explicitly for Unifi. I had a brief look at The…
-
BGP part three – eBGP between a VPS and on-prem
In my last blog post, I described setting up a VPN tunnel between my home network and the VPS. This is thus the prerequisites for this post, I have a working VPN connection with point-to-point-connections You also need to make sure that firewall rules doesn’t block the traffic, in particular we need port 179 for…
-
Kubernetes at Home: Internal and external services
Disclaimer: Separating at a hardware level will always be better. But my home lab consists of exactly one server, so I focus on what I can do in software in Kubernetes. So far, I have configured all my services to be exposed to the internet, no matter if they are for external or internal consumption.…
-
Kubernetes tip of the day – external-dns
Having set up a number of services, and making sure everyone of them gets their own IPv6 address, there’s a whole lot of DNS records pointing to services running in Kubernetes. Today, I found a gem: external-dns. This service basically monitors my infrastructure for annotations that tells it to create a DNS record for it.…
-
Kubernetes deep dive part 2 -not all ideas that seem good at the start end up being good….
After a week of playing around, tinkering with stuff, I decideded to let my traefik instance be highly available, so that I could restart it without my web services being down. That led to a lot of discoveries and a lot of reconcidering of concepts. Rather than jumping to the conclusions, I’ll let you follow…
-
Docker networking part four – hacking around docker limitations.
After part 3, my setup was pretty good, and I was pretty sure I had come to the end of the road. There was just one thing that was bugging me: I needed to do NAT (MASQUERADE) in my firewall to get around the fact that docker routing table management is pretty limited. And with…
-
Docker Networking Part 2 – what happens in docker stays in docker.
After having created my docker DMZ in part 1, I realized that if I just connected the networks of the docker-containers I wanted to access from the internet to the firewall container, I could avoid exposing their ports to the underlying machine altogether, thereby reducing the number of open ports on the server itself. I…