Advanced Search
Search Results
228 total results found
Deploying PfSense on the Cluster
Why PfSense Is Part of This Setup The private vSwitch is a flat layer-2 network. VMs can talk to each other and to the cluster nodes, but they have no route out. PfSense is what changes that — it bridges the private vSwitch (LAN side) with the public vSwitch (...
VM Network Setup
Creating a VM on the Private Network With the cluster up and PfSense running, adding a VM that can reach the internet is straightforward. The two things to get right at the Proxmox level are the bridge and the MTU — everything else is standard VM setup. Step ...
Planning & Capacity
How the cluster was sized: CPU/RAM/disk math, memory overcommit on a swapless host, ZFS ARC capping, and the live VM right-sizing that paid for it.
Kubernetes Cluster (kubeadm + Calico)
Standing up a 4-node Kubernetes cluster from scratch: node prep, containerd, kubeadm init and join, the Calico CNI via manifest, host firewall, and the control-plane taint.
Cluster Storage with NFS (CSI)
Dynamic ReadWriteMany volumes for the cluster: a dedicated NFS server plus the NFS CSI driver wired up as the default StorageClass.
Networking & the API Gateway
Bare-metal LoadBalancer services with MetalLB, and Kong as the API gateway/ingress, including an admin surface secured behind a reverse proxy.
CI/CD & the Container Registry
A Gitea Actions runner that builds container images (Docker-out-of-Docker) and a private registry to publish them to: the build half of the platform.
Data & Observability
The stateful side: tuned PostgreSQL and MariaDB servers with per-app credentials, plus shipping cluster and database logs into the central log store.
The Lab, End-to-End
The 10,000-foot view: every moving part of the lab, how traffic flows from the edge to a pod, and where each service lives. Start here.
Edge Networking with pfSense
The front door: NAT for the private subnet, HAProxy as a reverse proxy, and TLS termination with a wildcard certificate.
The SSH Bastion (Jump Host)
Why every internal box is reached through one hardened jump host, and how the ProxyJump pattern works in practice.
Golden-Image VM Provisioning
Cloning one cloud-init template into consistent VMs: per-VM config injection, grow-on-first-boot, and a clean teardown flow.
Ubuntu VM Baseline & Tuning
The common baseline every VM gets: swap, the I/O scheduler, periodic TRIM, TCP congestion control, and kernel housekeeping.
Self-hosted Git with Gitea
Running your own Git forge: the server, repositories, and the API the rest of the platform automates against.
Documenting with BookStack
The wiki you are reading, documented: the web stack behind it and how content is organised into shelves, books, and pages.
Monitoring with InfluxDB & Grafana
The metrics pipeline: host telemetry into a time-series database, visualised and alerted on through dashboards.
Centralized Logging with Loki
One place for every log line: Loki as the store and Promtail agents on every host shipping syslog, journald, and application logs.
Self-hosted Private Registry
A private container registry with a web UI, authentication, and a weekly garbage-collection routine that uses a read-only maintenance window.