Posts by Year


Kops Kubernetes Cluster upgrades

3 minute read , Jun 01, 2020

Some notes and rules on upgrades to the Kubernetes clusters with Kops I’ve adopted during more than 3 years of working with Kops and Kubernetes. I always fol...


Encrypted DNS with BIND and DNSCrypt

4 minute read , Jun 23, 2019

DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It works by encrypting all DNS traffic between the user and...

Etcd cluster member recovery in Kubernetes

4 minute read , Feb 21, 2019

This is a process I followed to recover one of the etcd masters that was broken after unsuccessful kops upgrade. Login to one of the healthy etcd cluster mem...


Ad blocking with BIND DNS

1 minute read , Nov 03, 2018

There are couple of options to block ads in Bind DNS server like ad block Zone files or RPZ (Response Policy Zones).

Kubernetes HPA Autoscaling with Custom Metrics

9 minute read , Oct 10, 2018

The initial Horizontal Pod Autoscaler was limited in features and it only supported scaling deployments based on CPU metrics. The most recent Kubernetes rele...

Overlay SDN with VxLAN, BGP-EVPN and FRR

13 minute read , Sep 26, 2018

In BGP based control plane for Vxlan, E-VPN plays the role of a distributed controller for layer-2 network virtualization. BGP is the routing protocol of the...

GitLab CI/CD Pipelines for Kubernetes clusters

5 minute read , Sep 02, 2018

GitLab is a versatile open source (CE edition) tool that provides Git stile project repository, CI/CD pipelines and private Container Image Registry for the ...

ZFS NAS with NFS and Samba on ROCK64 ARM SBC

8 minute read , Aug 05, 2018

The old home NAS I built about 3 years ago died on me suddenly. It was a mini-ITX AMD board powered by freeNAS with 2 x 1TB Seagate drives in ZFS mirror. Sin...


HAProxy DDOS protection and API rate limiting

3 minute read , Dec 18, 2017

HAProxy is great reverse proxy and load balancer but can also be used for DDOS protection and rate limiting with great success. The below configuration provi...

Apache Traffic Server as Caching Reverse Proxy

14 minute read , Jul 16, 2017

Apache Traffic Server is a high-performance web proxy cache that improves network efficiency and performance by caching frequently-accessed information at th...

Geo Location with HAProxy

3 minute read , Jun 21, 2017

Often there might be need to allow, block or redirect users based on the country or continent they come from. This is how to do it with HAProxy.

Kubernetes cluster step-by-step: FlannelD

7 minute read , Jun 15, 2017

The purpose of this exercise is to create local Kubernetes cluster for testing deployments. It will be deployed on 3 x VMs (Debian Jessie 8.8) nodes which wi...

Kubernetes cluster step-by-step: ETCD

5 minute read , Jun 14, 2017

The purpose of this exercise is to create local Kubernetes cluster for testing deployments. It will be deployed on 3 x VMs (Debian Jessie 8.8) nodes which wi...

Linux Container Basics

11 minute read , May 21, 2017

Containers are nothing but isolated groups of processes running on a single host. That isolation leverages several underlying technologies built into the Lin...

Lets Encrypt and DANE

6 minute read , May 05, 2017

For quite some time I’ve been using certificate issued by StartSSL CA for my personal website. It’s for free and the recent refresh of their web portal they ...

Docker Private Registry with S3 backend on AWS

5 minute read , May 03, 2017

Our current Docker Hub Registry at provides for a single private repository. This means all our private images must be stored there wh...

GitLab Server with LDAP and S3 backend

3 minute read , May 02, 2017

This is a procedure that enables S3 as backend storage for a GitLab Image Registry with LDAP for secure access and user authentication.

Kubernetes shared storage with S3 backend

6 minute read , Apr 15, 2017

There are many options available in Kubernetes when it comes to shared storage. I’m using a S3 bucket as backend for the shared storage in a k8s cluster in A...

Kubernetes Cluster External Services

11 minute read , Apr 14, 2017

On This Page Previously created Service works nice but only if we have ALL our services deployed as containers which, at least at the beginning, ...

Kubernetes Applications and Services

7 minute read , Apr 13, 2017

On This Page In my previous post Kubernetes Cluster in AWS with Kops I deployed a Kubernetes cluster with fully private topology (subnets and DNS...

Kubernetes Cluster in AWS with Kops

12 minute read , Apr 12, 2017

Kubernetes is a platform for deploying and managing containers. It is production-grade, open-source infrastructure for the deployment, scaling, management, a...

OpenATTIC 2-node cluster setup

7 minute read , Feb 15, 2017

OpenATTIC is an opensource converged storage that I think has a great potential to become a unified SDS for virtualization platforms. It offers features like...

PostgreSQL High Availibility with Pacemaker

13 minute read , Feb 09, 2017

Setting up PostgreSQL synchronous or asynchronous replication cluster with Pacemaker is described in couple of resources like the official Pacemaker site PgS...


Proxmox clustering and nested virtualization

12 minute read , Sep 16, 2016

The motivation for creating this setup is the possibility of having Encompass private virtualization cloud deployed in any third party infrastructure provide...

Duplicity encrypted backups to Amazon S3

9 minute read , Sep 16, 2016

Duplicity is a tool for creating bandwidth-efficient, incremental, encrypted backups. It backs directories by producing encrypted tar-format volumes and uplo...

Building VPC with Terraform in Amazon AWS

16 minute read , Sep 08, 2016

On This Page Terraform is a tool for automating infrastructure management. It can be used for a simple task like managing single application inst...

ZFS storage with OmniOS and iSCSI

21 minute read , Aug 29, 2016

On This Page The following setup of iSCSI shared storage on cluster of OmniOS servers was later used as ZFS over iSCSI storage in Proxmox PVE, se...

File System sync with Csync2 and Lsyncd

9 minute read , Aug 26, 2016

In this scenario we are migration from old 2.x to a new 3.0 Nexus instance in EC2 and we need to keep the new and old Nexus instances in sync until the migra...

Replacing GlusterFS failed node

3 minute read , Jun 06, 2016

In the following scenario the node has become unresponsive and has been terminated. This leaves us with the following state on the cluster:

Route53 Zone export

less than 1 minute read , Apr 06, 2016

You need to have your local system ready for AWS access.

LXC on Debian

19 minute read , Mar 08, 2016

A diary of a process of setting up LXC containers and networking on Debian.

S3 buckets as file system storage

3 minute read , Jan 25, 2016

s3fs is a direct mapping of S3 to a file system paradigm. Files are mapped to objects. File system meta-data (e.g. ownership and file modes) are stored insid...


HAProxy Load Balancer with sticky sessions

5 minute read , Dec 30, 2015

HAProxy is highly customizable and function reach software load balancer. The below section outlines the installation and configuration of HAProxy as https l...

EBS volumes with LUKS encryption

6 minute read , Nov 14, 2015

Encrypting data at rest provides protection of sensitive information stored on EBS volumes. When taking snapshots of encrypted volumes the snapshots are encr...

GlusterFS internals

1 minute read , Nov 13, 2015

GlusterFS stores metadata info in extended attributes which is supported and enabled by default in the XFS file system we use for the bricks. This is differe...

Horde Groupware Webserver

7 minute read , Apr 09, 2015

On This Page Horde Groupware Webserver Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize ...

HAProxy OCSP stapling

4 minute read , Mar 30, 2015

The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. It is used b...

Web site statistics with AWStats

5 minute read , Mar 20, 2015

Awstats (Apache Web Statistics) is powerful and highly customizable tool for collecting web site statistics. The purpose of this document is to show one way ...


Dynamic DNS (DDNS) in AWS for internal zones

6 minute read , Dec 27, 2014

The following configuration will resolve the internal (meaning inside VPC) domain queries for and forward all other queries to the default ...

Container Networking

7 minute read , Nov 19, 2014

The previous related post Building custom Docker images and configuring with Ansible talked about creating our own customized images and running our applicat...

HAProxy dynamic backend updates with Ansible

2 minute read , Oct 13, 2014

Due to some ELB limitations that did not play well with our user case like limited session timeout to 17 minutes, lack of multizone balancing, url rewriting ...

MySQL Circular Replication

12 minute read , Sep 22, 2014

Setting the MySQL in Master-Master mode means in case of an instance failure the other one will transparently take over the client connections avoiding the n...

Nginx LDAP module on Debian/Ubuntu

3 minute read , Sep 02, 2014

Nginx by default contains the core modules needed which makes it light and lean web server. Any additional stuff needed have to be recompiled and added as mo...

Ceph cluster on Ubuntu-14.04

6 minute read , Sep 02, 2014

As pointed on its home page, Ceph is a unified, distributed storage system designed for performance, reliability and scalability. It provides seamless access...

GlusterFS orphaned GFID hard links

2 minute read , Aug 24, 2014

Orphaned GlusterFS GFID’s are hard links under the $BRICK/.glusterfs directory that point to an inode of a file that has been removed manually, outside of th...

Resolving GlusterFS split brain

4 minute read , Apr 15, 2014

I was running a load test against our Staging stack the other day and noticed that application broke down at around 100 users under Siege. Checking the logs ...


Windows Active Directory with SAMBA4

13 minute read , Aug 06, 2013

On This Page Setting up an Active Directory server for company domain is a must in these days. It provides centralized management of user rights ...

Build MongoDB with SSL support

1 minute read , Jun 28, 2013

The free source version of MongoDB 2.x does not come with SSL support. To enable it we need to build it from source with --ssl option at compile time or use ...

MongoDB Replica Set setup

5 minute read , May 15, 2013

The replica set will consist of 3 nodes (given with their host names) created and hosted in Amazon EC2: ip-172-31-16-61 (PRIMARY), ip-172-31-16-62 (SECONDARY...