June 20, 2019

kubernetes cloud disaster recovery

Introduction I run my workloads (blog, different apps) on my homelab server (proxmox) and kubernetes, because I can. I have been working on backup as well as automated provisioning of Azure Kubernetes Service (aks) lately so I thought why not put both together and automate a disaster recovery scenario. Depending on conditions the azure provisioning time may vary but based on different tests the end-to-end process takes about 15 minutes. Read more

June 10, 2019

kubernetes backup to Azure with velero

Introduction I run my workloads on a kubernetes cluster in my my homelab and wanted to create an offsite (cloud) backup. Velero (formerly ark) is a neat project that supports a lot of options and cloud providers so I decided to take it for a spin. My specific scenario is currently only iaming at backing up the kubernetes objects from a selected list of namespaces; backing up state (e.g. databases) will come later, either with velero or with another tool like stash: I have not decided yet. Read more

March 2, 2019

Locating ssh hackers

Introduction Have you ever read an article and thought: I want to build this? Well that happened to me while reading Geolocating SSH Hackers In Real-Time, so I decided to build it. I am into kubernetes these days so I decided that I would host the showcase on my kubernetes lab environment: - I run a proxmox server with 64 cores and 256 GB of RAM, that is reachable over ssh from the internet (pub/priv-key login only). Read more

February 23, 2019

Protect critical Kubernetes namespaces with Open Policy Agent

Introduction Open Policy Agent is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. OPA provides greater flexibility and expressiveness than hard-coded service logic or ad-hoc domain-specific languages and comes with powerful tooling to help anyone get started. In this post we will explore OPA with the purpose of implementing a policy that prevents from inadvertedly deleting kubenetes namespaces annotated with protected: "yes". Read more

November 23, 2013

Google: give us BATTERY_STATS back!

Note I have saved this post from Google+ before its shutdown because I am still pissed at Google. If you already have a device with Android 4.4 kitkat on it you may have noticed that your favorite battery stats tool, whether it is BetterBatteryStats, GSam of wakelock detector, does not work. Well it is not uncommon that new Android versions break a few apps and it usually takes us a few days for your favorite dev to fix things. Read more

Content licensed under CC BY 4.0