All
Articles 104,745Blog Posts 117,202Tech Tutorials 26,418Research Papers 21,862News 16,204
⚡ AI Lessons

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
2d ago
kubectl Said Everything Was Correct. Traefik 404'd Anyway.
Migrating Jellyfin off k3s onto a GPU-passthrough LXC meant pointing a Service at an external IP. The EndpointSlice looked completely correct via kubectl — Serv

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
1w ago
SLO Burn-Rate Alerting with Prometheus: Beyond Threshold Alerts
Most teams alert when availability drops below a threshold. Burn-rate alerting tells you how fast you're spending your error budget — so you page on trajectory,

Dev.to · david
🔐 Cybersecurity
⚡ AI Lesson
1w ago
I Hardened Pod securityContext and Broke 9 Containers in Production
capabilities.drop: [ALL] and runAsNonRoot: true passed schema validation cleanly. Within minutes of merge, nine containers — including both Postgres instances b

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
1w ago
Hardening Unattended Raspberry Pi Edge Nodes: Watchdog, fail2ban, nftables, and the Mistakes That Take Down DNS
Two Raspberry Pis run DNS for an entire network with no one watching them most of the time. A hardware watchdog, fail2ban, an additive nftables host firewall th

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
1w ago
My Firewall Had 77 Rules. Terraform Knew About 22 of Them.
Multiple rounds of 'reconstruct the firewall' work each added a fresh generation of rules without removing the old one. Because RouterOS evaluates rules in orde

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
1w ago
Kyverno: Supply Chain Security as Admission Control on Kubernetes
Most Kubernetes clusters accept any container image, any privilege level, and any resource configuration by default. Kyverno lets you enforce policies at admiss

Dev.to · david
🔐 Cybersecurity
⚡ AI Lesson
1w ago
I Ran Gitleaks Against My Own Repo and Found 12 Real Secrets
A full-history gitleaks scan of a homelab repo that had been running for months turned up 12 distinct plaintext secrets — including an OIDC signing key. Here's

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
1w ago
ArgoCD Gotchas: Cache Staleness and the SharedResourceWarning Nobody Explains
kubectl apply succeeds, the field reverts within seconds, and there's no error anywhere. Two ArgoCD debugging patterns that hit the same homelab three times in

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
2w ago
Full Observability on k3s: kube-prometheus-stack + Loki + Grafana OIDC
Deploy a production-grade monitoring stack on bare-metal k3s: Prometheus, Loki with Garage S3 storage, Promtail on edge nodes via Ansible, SNMP monitoring for M

Dev.to · david
⚡ AI Lesson
2w ago
k3s Backup Without the Complexity: Velero + Garage S3 on Longhorn
Replace MinIO with Garage — a single 50MB binary — as the Velero backup target. Full daily cluster backups with Longhorn volume snapshots, deployed via ArgoCD.

Dev.to · david
⚡ AI Lesson
2w ago
Enterprise Homelab: K3s, Authelia & Longhorn on Proxmox with Terraform
How to build a production-grade Kubernetes homelab with K3s, Authelia SSO, Longhorn storage, and ArgoCD — and the five painful mistakes that will cost you hours

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
2w ago
Self-Hosted Tailscale Control Plane: Headscale on k3s with Authelia OIDC
Deploy Headscale on a bare-metal k3s cluster with Longhorn persistence, Traefik ingress, and Authelia OIDC authentication — fully GitOps-managed via ArgoCD.

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
2w ago
Bare-Metal LoadBalancer on K3s: MetalLB + Traefik with ArgoCD
How to get a real external IP on a bare-metal Kubernetes cluster using MetalLB L2 mode, and wire it up with Traefik for automatic HTTPS — fully GitOps-managed w

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
2w ago
GitOps on K3s: Managing a Complete Homelab with ArgoCD
How to manage an entire Kubernetes homelab — MetalLB, Traefik, Longhorn, Authelia, and more — as a Git repository using ArgoCD's App-of-Apps pattern.

Dev.to · david
2w ago
Implementing a Zero-Trust MikroTik Firewall with Terraform
Learn how to enforce strict VLAN isolation, fast-track traffic, and build a default-deny firewall for MikroTik RouterOS using Infrastructure as Code.

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
2w ago
Hardening Azure Acmebot for ISO 27001 & NIS2 Compliance
A deep dive into architecting a Zero-Trust Let's Encrypt automation using Terraform, Azure Private Link, and VNet Integration.

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
2w ago
NIS2 Article 21 in Azure: Implementing Network Security Controls with Terraform
A technical deep-dive into the network security requirements of NIS2 Article 21 and how to implement them in Azure using Terraform — with concrete code, not leg

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
2w ago
Wildcard TLS Certificates on K3s with cert-manager and Cloudflare DNS
How to automate wildcard Let's Encrypt certificates on a bare-metal K3s cluster using cert-manager's DNS-01 challenge with Cloudflare — and why HTTP-01 won't wo

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
2w ago
Surviving Azure Policies: Zero-Trust Hub & Spoke with Terraform
How to build an enterprise-grade Azure network architecture that blocks internet traffic by default and survives aggressive DeployIfNotExists (DINE) policies —

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
1mo ago
NIS2 Article 21 in Azure: Implementing Network Security Controls with Terraform
NIS2 Article 21 in Azure: Implementing Network Security Controls with Terraform Tags: terraform,...

Dev.to · david
🔍 RAG & Vector Search
⚡ AI Lesson
1mo ago
Zero-Trust RAG: Defeating the Shared Private Link Deadlock in Azure Terraform
Your Terraform pipeline is green. The deployment completes without errors. You grab a coffee. Ten...

Dev.to · david
☁️ DevOps & Cloud
⚡ AI Lesson
1mo ago
Surviving Azure Policies: Zero-Trust Hub & Spoke with Terraform
Your Terraform pipeline is green. The deployment completes. You grab a coffee. Ten minutes later,...

Dev.to · david
1mo ago
Hardening Azure Acmebot for ISO 27001 & NIS2 Compliance with Terraform
Automating SSL/TLS certificates with Let's Encrypt and Azure Key Vault is a solved problem. Tools...

Dev.to · david
1mo ago
Breaking the Loop: Solving Circular Dependencies in Azure Firewall Routing with Terraform
You add a Route Table to force all internet-bound traffic (0.0.0.0/0) from your Spoke VNets into an...
DeepCamp AI