Archive
This page shows all posts I have published on my blog so far (RSS feed).
You can also browse the posts ordered by tags.
A quick guide for setting up the mitmproxy software on Kuberenetes and configuring applications to send their traffic through it.
Video recordings and slides for my presentation at DevConf.CZ 2024 in Brno, Czech Republic.
This post describes how the kube-state-metrics component can be leveraged to expose Prometheus metrics for any resource in a Kubernetes cluster (including Custom Resources).
A collection of extremely useful command-line tools for analyzing, inspecting and managing Docker / OCI container images: dive, crane, skopeo, dredge, diffoci, container-explorer, container-structure-test.
A little investigation and resolution for this error conditions encountered by our OKD clusters.
The second installment of this series focuses on groupware plugins: Calendar, Tasks, Contacts. I'll show how they work and most importantly how the data can be synchronized onto many other devices (Android, iOS, macOS, Windows, Thunderbird, Linux).
In the first part of this series, I'll dive into the two essential and powerful plugins for Nextcloud: 'Files' for synchronizing and sharing files, 'Memories' for exploring, sorting and viewing pictures and videos.
Video recordings and slides for my presentation at SREcon EMEA 2023 in Dublin, Ireland.
How to leverage Authentik and Traefik for setting up a forward authentication proxy.
ko is a simple yet powerful tool to build, package, distribute and deploy Go applications.
Video recordings and materials for the lecture and workshop I gave at the 14th Inverted CERN School of Computing on the topic of cloud computing.
A quick overview of the steps I did to migrate my blog deployment from Woodpecker CI to Gitea Actions - using Podman, Quadlet and systemd for the Actions runner agent.
A short guide showing how to set up Fluent Bit (with a Helm chart) to watch Kubernetes Events and forward them to an external log store - plus performance debugging and understanding Fluent Bit behavior.
A small guide showing how to set up and use the Vector logging agent to send logs to Grafana Cloud Loki
A detailed guide for setting up a log collection sidecar container with Vector for tracing, parsing, processing and forwarding logs.
My experience of cycling the Route des Grandes Alpes from Geneva to Nice in 2023
Steampipe is an awesome tool for fetching information about cloud VMs, containers, Github issues, Gitlab merge requests and MUCH more with regular SQL.
A walkthrough of setting up the DB operator on Kubernetes and simple examples for using it.
A quick guide showing how to use the Vector Remap Language (VRL) to strip parts off an IP address
This neat trick allows us to easily figure out which pods have been started within a particular timeframe - that's helpful when debugging anomalous node behavior.
OpenShift comes with powerful monitoring stack, but it is hidden and abstracted away. In this post I show how to get access to the underlying Prometheus instances for debugging purposes.
An introduction to the eStargz image format and instructions for deploying the Stargz Store plugin on OpenShift (OKD).
A brief overview of my process for creating videos with GPS overlays such as speed and location, based on GPX tracks or FIT recordings.
A detailed guide how to integrate the Authentik Identity Provider with Nextcloud via OpenID Connect.
In this post I want to share some impressions from the 'Cyclotour du Léman 2022' - the annual cycling event around Lake Geneva.
In this post I'm exploring the capabilities of one the most highly-regarded, newcomer webservers: Caddy. I'm also comparing it to my current Nginx setup for serving static websites from an S3 backend. This covers reverse proxying, URL rewriting, modifying HTTP headers, caching and metrics monitoring.
How to properly set up Connection reuse with Go's net/http package
A quick look and review of my new bicycle: the BMC Teammachine SLR FOUR Model 2023.
In this post I want to share my experience of participating in the 2022 edition of the 'Journée Lausannoise du Vélo' - a cycling event in the Swiss canton Vaud.
A quick introduction for making backups with the Kopia CLI to Backblaze B2.
The containerd container runtime currently has a bug that causes high CPU utilization when used in conjuction with the brtfs snapshotter mechanism.
A quick guide to use PGLoader to import your Drone CI/CD database from SQLite into PostgreSQL, as well as some debugging help.
Kubernetes resources deployed by ArgoCD can use custom health checks for their status. In this post I'm showing how to add a health check for OPA policies.
A detailed guide to setup the Authentik Identity Provider for Nextcloud SAML authentication.
A detailed guide for importing user accounts into Authentik from an OpenLDAP server.
The Kubernetes ecosystem is moving fast. This script helps to detect which resources in your ArgoCD-managed Kubernetes or OpenShift cluster are using deprecated API versions.
A walkthrough of building a version update bot for GitLab CI/CD
After hours of debugging I finally figured out why my shell script was working in the test environment but not in production. A journey to finding a reliable way of retrieving Loadbalancer service IPs in a Kubernetes cluster.
A step-by-step guide for building a Fedora CoreOS-based image for use with the OpenShift Machine Operator.
How to correctly list all running and failed Pods in a Kubernetes namespace with kubectl.
A 200 kilometer bicycle tour across the many islands in front of Turku, Finland. GPX track available as download.
A beautiful cycling tour passing by Helsinki's tourist attractions and peaceful suburbs, suitable for any fitness level. GPX track available as download.
My workflow for making fast and efficient offsite backups with restic, systemd, some shell scripting and a Prometheus exporter
A selection of highly recommended presentations from KubeCon + CloudNativeCon EU 2021
How I use OverlayFS mounts to track changes in non-VCS projects and leverage its copy-on-write (COW) capabilities.
How to set up ServiceAccount, Role, RoleBinding and configure Prometheus to only discover scraping targets from the local Kubernetes namespace.
My Dockerfile template for a Go application based on a 'FROM scratch' minimal image, statically-compiled binary and application running as non-root (rootless).
A small Python helper script to parse and analyze the execution time of systemd job services.
A small, safe and secure POSIX shell script for exporting certificates and private keys from a Traefik v2 certificate store.
Using make, pandoc and latexmk to transform markdown source files into LaTeX and injecting them into a LaTeX template
A comprehensive cheatsheet for Emacs based on 'Mastering Emacs' from Mickey Petersen
The typical video camera overlay can be a great way to indicate to users that something is being recorded. In this post I describe the steps to create an overlay ,including framerate, resolution and duration, with pure HTML and CSS.
A complete walkthrough of serverless database authentication, authorization and access, implemented with GCP Cloud Firestore and Firebase.
Adding a custom renderer for the go-echarts library to generate standalone HTML snippets into a template.HTML string buffer
How I added a pretty and interactive word cloud of tags to my Hugo blog using Wordcloud2.js
Going down the rabbit hole of debugging a failing multipart upload on a Go server to finally figuring out that the /tmp directory is missing inside a minimal Docker container image
How to correctly configure Prometheus Web UI on a Sub-Path with Traefik reverse proxy
A walkthrough of adding a responsive picture gallery to Adele's blog using lightGallery.js
How to construct your (complex) SQL queries with a clean and simple code pattern (examples in Python)
How to export and re-import your documents stored in AWS DynamoDB tables
A phishing attack using the embedded chat tabs feature of Microsoft Teams to steal confidential information and credentials
How to configure ejabberd to announce an external STUN and TURN server with XEP-0215 (External Service Discovery)
How to build a minimal AWS Lambda Layer for the boto3 library using lambda-layer-tool
How To configure a TLS-secured MariaDB Galera Cluster on Debian Buster
How to configure global http-to-https and www-prefix redirects in Traefik v2
A simple, YAML-based tool for building and publishing AWS Lambda layers: https://github.com/jacksgt/lambda-layer-tool
Reports about how video streaming and distribution with CDNs works, how (well) adaptive bitrate streaming works, and latency comparisons between various live streaming protocols
How to deploy your Go application which uses Go modules to Google App Engine Flexible Environment
How to login to Gitlab and retrieve information about an image in a private registry from the command line without using Docker
How to ingest CSV files with Go into a Apache Cassandra database
How to deploy modern Docker Swarm Stacks with Puppet configuration management through YAML docker-compose files
How I made an engagement ring out of cherry wood and a box to go along with it
How to let containers access services that have been published on the same host in networking mode host
Using a Multilayer Perceptron to approximate a mathematical function with Python, Scikit-learn and Matplotlib
Android Apps I use and recommend
An entirely self-contained Control Repository for Puppet Configuration Management
ldapmodify returns 'Other (e.g., implementation specific) error (80)' when configuring slapd to use TLSCertificateFile TLSCertificateKeyFile
Keep Traefik service secure and fail-safe by it sandboxing with systemd
An idea for basic XMPP messaging through HTTP
How to modify the process credentials structure `cred` from Linux kernel-space
How to query the CPUID x86 opcode with GCC's Inline Assembly in C
How to boot Linux with an encrypted root partition from GRUB shell
How to sequentially launch multiple oneshot systemd services
How to unlock the bootloader, flash a custom recovery (TWRP) and install LineageOS with microG on your Xiaomi Mi A1 Global (tissot)
How to set up your Synology NAS DiskStationManager (DSM) for Samba and NFS with Kerberos using an external LDAP server
DIY Hacking in Real Life
Running a remote libvirt daemon over SSH on Debian Stretch: Unable to connect to libvirt - remote host requires version of netcat which supports -U option
Entirely Selfhosted Continuous Deployment Pipeline for a static Blog
How to forcefully remove a nextcloud share from the MySQL database
Retrieving the latest tag of a repository from GitHub
How to add syntax highlighting support for SystemTap in LaTeX listings
Print all Headers and Content of HTTP Requests with Go
RGB LED strip + Motion Sensor = Awesomeness
Verifying cryptographic signatures in Go
Creating LXC Containers with separate IP addresses
Full Kanboard Installation with MySQL and LDAP on Debian Jessie
Hello, World!