April 5, 2020

Prometheus push gateway

Introduction While Prometheus' default architecture is scraping there may be good reasons to want to push metrics: from sources that are not reachable from Prometheus from source that are short-lived, e.g. batch jobs For such use-cases Prometheus comes with a pushgateway. When using this architecture you should be aware of the fact that the pushgateway is a single-point-of-failure. In this post we will look at implementing pushing metrics to Prometheus from a backup job running on another node. Read more

June 20, 2019

kubernetes cloud disaster recovery

Introduction I run my workloads (blog, different apps) on my home-lab server (Proxmox) and Kubernetes, because I can. I have been working on backup as well as automated provisioning of Azure Kubernetes Service (aks) lately so I thought why not put both together and automate a disaster recovery scenario. Depending on conditions the azure provisioning time may vary but based on different tests the end-to-end process takes about 15 minutes. Read more

June 10, 2019

kubernetes backup to Azure with velero

Introduction I run my workloads on a Kubernetes cluster in my home-lab and wanted to create an offsite (cloud) backup. Velero (formerly ark) is a neat project that supports a lot of options and cloud providers so I decided to take it for a spin. My specific scenario is currently only aiming at backing up the Kubernetes objects from a selected list of namespaces; backing up state (e.g. databases) will come later, either with Velero or with another tool like stash: I have not decided yet. Read more

May 16, 2019

Protect critical Kubernetes namespaces with Open Policy Agent

Introduction Update 2020-05-16: Gatekeeper superseeds OPA so there is a new post, that replaces this one Update 2019-09-08: after finding a critical bug causing my cluster to hang and becoming unusable after a restart I did some investigation and testing and have updated the project on Github. Open Policy Agent is an open-source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. OPA provides greater flexibility and expressiveness than hard-coded service logic or ad-hoc domain-specific languages and comes with powerful tooling to help anyone get started. Read more

March 2, 2019

Locating ssh hackers

Introduction Have you ever read an article and thought: I want to build this? Well that happened to me while reading Geolocating SSH Hackers In Real-Time, so I decided to build it. I am into Kubernetes these days so I decided that I would host the showcase on my Kubernetes lab environment: I run a Proxmox server with 64 cores and 256 GB of RAM, that is reachable over ssh from the internet (pub/priv-key login only). Read more

Content licensed under CC BY 4.0