Posts

Takeaways from AWS re:Inforce 2025

This June I got the amazing opportunity to attend AWS re:Inforce, a yearly cloud security conference taking place in Philadelphia. As a recipient of the AWS All Builders Welcome Grant, I attended this event at zero cost, with all travel, accommodation and conference pass costs covered by AWS. If you are in your first 5 years of your career and are passionate about cloud, I highly encourage you to apply to this grant offered for either re:Inforce or re:Invent. Apart from learning about the latest innovations in the cloud, you will also have the opportunity to meet like-minded individuals from all over the world, share experiences and learn from each other.

Monday, June 23, 2025 Read

Setting up Longhorn on a Raspberry Pi k3s cluster

Introduction My article on setting up a Ceph cluster with Rook on a Raspberry Pi k3s cluster turned out to be my most popular post. That’s not surprising, considering the process involves several steps and often requires patience and digging through related GitHub issues for troubleshooting. While Rook can be a solid choice for administrators familiar with managing Ceph storage clusters, it does come with a steep learning curve and considerable complexity. As an operator, Rook wraps around Ceph, automating many of the intricate tasks that cluster admins previously handled manually. One drawback of using Ceph is its requirement for unformatted partitions or devices on each node, which makes it less suitable for setups with tighter resource constraints.

Sunday, April 20, 2025 Read

Developing an url-shortener application and deploying it on k8s

Introduction To enhance my skills in Golang and Kubernetes deployments, I decided to build a small containerized web application with dependencies on a database and a cache. An URL shortener application seemed like a suitable choice, as it fulfills these requirements while remaining simple and practical. The application exposes two endpoints: a POST endpoint to shorten a given URL and a GET endpoint to redirect the shortened URL back to the original one.

Wednesday, February 19, 2025 Read

Configuring Grafana Alerts with AWS SES to send email alerts

Introduction If you have a couple of servers in your homelab and have set up monitoring, chances are you’ve implemented alerting to notify you when something doesn’t go as expected. Two of the most popular options for managing alerts are Grafana Alerts and Prometheus Alertmanager. Unless you have very specific requirements for alert grouping or silencing—or you don’t use Grafana for visualization—Prometheus Alertmanager might not be your first choice.

Saturday, January 11, 2025 Read

Notes on becoming a Kubestronaut

What is a Kubestronaut? The “Kubestronaut” title is a badge of honor that CNCF has been offering since March 2024 to Kubernetes professionals who have successfully passed all the Kubernetes certifications(CKA, CKAD, CKS, KCNA, KCSA). This term is meant to be used within the Kubernetes community to denote someone who has mastered the full spectrum of Kubernetes knowledge, from foundational concepts to application development to security. Apart from the catchy title itself, this programme brings 5 50% off discounts for other CNCF certifications, a “Kubestronaut” branded jacket, 20% off three CNCF events and a mention of you together with the other kubestronauts on the CNCF website.

Wednesday, December 25, 2024 Read

Setting up a Ceph cluster with Rook on a Raspberry Pi k3s cluster

Introduction Due to the low IOPS of the micro SD cards, I decided to switch to external NVMe SSDs. In addition to the boot partition, each SSD has a large unused partition that I am utilizing to provision Kubernetes Persistent Volumes through a Rook Ceph Cluster. I chose this approach as a learning opportunity to explore Kubernetes-native storage. Since my cluster isn’t running any critical applications, I don’t need data replication, so Local Persistent Volumes would have been sufficient. However, in production environments, the following requirements often arise:

Friday, November 22, 2024 Read

Setting up a homelab on a RaspberryPi cluster with k3s

Introduction Since beginning my career in DevOps, my focus has largely been on cloud services (SaaS, PaaS, IaaS), and I haven’t had the opportunity to engage deeply with traditional sysadmin tasks or server administration. I believe that setting up my own homelab and hosting applications will enhance my DevOps skills. This hands-on experience will allow me to explore storage, networking, and container orchestration at a more fundamental level, beyond the cloud abstractions I am used to. This article will highlight the hardware I chose for my homelab and the configuration needed to deploy k3s on a RaspberryPi cluster.

Tuesday, October 15, 2024 Read

Deploying the 2048 game on EKS with ArgoCD

Introduction Recently, I delved deeply into EKS setup, aiming to establish a solid understanding of IAM management, focusing on the aws_auth config map and access policies. I also explored how to expose applications via the AWS Load Balancer ingress controller and ensured the correct tags were in place for automatic discovery of private and public subnets. Additionally, I wanted to install ArgoCD, expose its UI through an ingress, and deploy an application using ArgoCD. Since the game 2048 is widely used in Kubernetes deployment demos, I chose to include it in this demonstration.

Saturday, September 28, 2024 Read

Ansible & Packer, a match made in heaven

Introduction Ansible is an open-source automation tool that simplifies the management and configuration of systems. It uses simple, human-readable YAML files called playbooks to automate tasks like software provisioning, configuration management, and application deployment across multiple servers, making it easier to maintain consistent environments. Packer is a tool designed to automate the creation of machine images for multiple platforms from a single configuration file. It allows you to define, build, and distribute virtual machine images and Docker containers images. Given the compatibility with all the major cloud providers and the ability to run parallel builds, it is a great choice for organizations that have a multi-cloud infrastructure estate and prefer to remain cloud-agnostic.

Sunday, September 1, 2024 Read

Writing a Go CLI for deploying Kubernetes

Introduction A few months ago, I wrote a set of shell scripts to bootstrap Kubernetes on Multipass VMs. While they worked well, I found it challenging to present them in a user-friendly way. I wanted a clean solution to package these scripts into a single binary, complete with self-contained documentation, that people could easily install and use without cloning a repository. After some research, I discovered Cobra, a popular Go framework for creating CLIs. Seeing that well-known applications like Kubernetes, Hugo, and GitHub CLI use Cobra, I decided to give it a try.

Monday, July 22, 2024 Read

Notes on passing the AWS Advanced Networking cert

Intro note Just because I wrote this article focused on AWS certifications does not mean that I believe they offer enough knowledge on their own. Oftentimes, I question the value of these multiple-choice tests mainly because they test your ability to memorize large amounts of information and analyze a variety of scenarios in a fairly short amount of time (at least that is the case for the professional/specialty ones). Nowadays, with the increased popularity of LLMs, I am not sure if we need to memorize every single specific thing about services that we are unlikely to use but appear on the exam. I personally prefer hands-on certifications like Kubernetes or the RHEL administrator suite since they validate skills that are closer to what you are likely to do during your day-to-day work.

Thursday, July 18, 2024 Read

Setting up AWS dynamic VPN using Transit Gateway attachments and BGP

Note This blog post is inspired from one of Adrian Cantrill’s labs in his AWS Advanced Networking course. I highly recommend his content, it helped me pass all of my AWS certs. Feel free to check his courses. The setup for strongswan and FRR BGP was taken from this blog post. Architecture The purpose of this blog post is to demo highly-available AWS VPN with Transit Gateway (TGW) attachments and highlight the steps to setup the TGW, the IPSec tunnels and BGP routing. Setting up VPN is an essential feature in all hybrid cloud estates because it improves the organization’s security posture by encrypting data transmissions and facilitating secure access across both cloud and on-prem environments.

Thursday, July 4, 2024 Read