Tag: Devops

Comment Mise arrive à résoudre les problèmes de Krew et du tooling interne des équipes SRE en général

XO 6.4 is out: RBAC/ACL v2 arrives in the REST API, better MCP support, XO 6 gains more XO 5 features, plus Kubernetes CSI v0.2.0 and new DevOps updates.

Comment j'utilise Mise au quotidien pour gérer mes versions d'outils, mes variables d'environnement et mes secrets sur plusieurs projets

A real-world production migration from DigitalOcean to Hetzner dedicated, handling 248 GB of MySQL data across 30 databases, 34 Nginx sites, GitLab EE, Neo4j, and live mobile app traffic — with zero downtime.

Applying DevOps to networks.

CLI proxy that compresses command outputs for AI coding agents. 60-90% less context pollution. Open source, written in Rust.

Complete guide to using NGINX as an API gateway in 2026, covering configuration, load balancing, rate limiting, and the Kubernetes ingress-nginx retirement.

NixOS : comment j'ai troqué 13 ans de Debian contre un système déclaratif, reproductible et sans mauvaise surprise.

How to build a single global queue for distributed systems on object storage: Start with a single file on object storage, then add write batching, a stateless broker, and high-availability.

The biggest shock of my early career was just how much code I needed to read that others wrote. I had never dealt with this. I had a hard enough time understanding my own code. The idea of understandi

See how I built a Proxmox and Ceph home lab with 5 nodes, 17TB NVMe storage, dual 10Gb LACP, and Talos Kubernetes running on distributed Ceph.

Comprenez la différence MTU MSS pour éviter la fragmentation réseau. Tutoriel complet : config, tests ping, Jumbo Frames et exemples Kubernetes.

Short blog about my experiences with Nutanix CE and which workarounds I needed.

Comment j'ai obtenu mon propre ASN et utilisé BGP pour annoncer des routes IPv6 depuis chez moi.

Author: Nemanja Ilic

Contribute to lukilabs/beautiful-mermaid development by creating an account on GitHub.

A comprehensive step-by-step guide series to creating Kubernetes managed clusters on Proxmox using Cluster API and Cilium as a CNI.

I've been using GitLab for years for all my private projects. Some thoughts on why it stuck.

Let’s start with a question. What is DevOps all about?

VMware Cloud Foundation (VCF), deleting failed tasks is often necessary to avoid clutter in the SDDC Manager UI and free up resources. Failed tasks can also block further operations, espe…

Ten field-tested Kubernetes capabilities - topology spread, disruption budgets, admission policies, autoscaling guardrails, and more - that most teams ignore but instantly boost resilience, velocity.

Learn how GitLab Runner and GitHub Actions work internally by building your own CI/CD pipeline runner in Python. Covers parallel execution, job dependencies,...

Fast, Python-based infrastructure automation. Deploy to SSH servers, Docker, and local machines. 10x faster than Ansible.

Master runit Linux init system with comprehensive guide covering installation, configuration, service supervision, and practical examples for efficient system management.

Terragrunt vs Terraform: Why I chose Terragrunt to eliminate code duplication, automate state management, orchestrate deployments, and follow pattern-level reuse.

Sysxplore explores DevOps, Cloud, and Linux topics in a straightforward way, making complex concepts easy to grasp. Our goal is to deliver technical information and make it enjoyable to learn.

A satellite project of labs.iximiuz.com - an indie learning platform to master Linux, Containers, and Kubernetes the hands-on way 🚀

Make beautiful isometric infrastructure diagrams. Contribute to stan-smith/FossFLOW development by creating an account on GitHub.

Dans cet article, j’expose 3 problèmes que j’ai rencontré dans ma carrière avec le DNS sur Kubernetes. Le 3eme est d’ailleurs un bug non corrigé à ce jour sur kube-proxy en mode iptables, et impacte n

Omni est un outil incroyable qui va vous permettre de gérer des machines Talos n'importe où. Laissez-moi vous présenter Omni, et comment l'interfacer avec Kubevirt pour créer des clusters Kubernetes en un claquement de doigts.

Omnissa recently released their Ports and Protocols tool! There are listings for Horizon1, Omnissa Access and UEM at present. Customized lists can be downloaded in Excel and PDF formats. I wanted to see if I could somehow find this information JSON-formatted. The Horizon listing also includes information for App Volumes, Dynamic Environment Manager and Unified Access Gateway. ↩︎

The article outlines how to automate the deployment and configuration of VMware NSX using Terraform, focusing on components like NSX Manager, Fabric, and Edge Transport Nodes. It details installati…

Live Migration of Workloads with VMware HCX: A Customer Story

Introduction Some of you are using NSX for many years already and are aware of the different changes and improvements implemented in the last years. I personally started with NSX in version 2.3 and one of the first important improvements I recognized is “MultiTEP” for edge nodes from type VM. It was released with NSX 2.5 and officially added to the reference design guide.
By the way: The reference design guide is still a great resource to learn the design pricipals for NSX implementaions. This is especially interesting for those who might be new to NSX.

Abstract Now that we have a Vault, with a TLS Issuing CA, and some idea of how to get certs out of it, lets look at how we can use this in a “real” world scenario to put a valid TLS profile onto a Network Appliance (fancy word for a switch I guess).
Why did I say appliance, and not Router or Switch? Weeeeeell, think about it. You manage a lot of network stuff over HTTPS protocols these days, even when its not actually a web interface you are using to do it.

Don't forget to uv self update before trying those

Let’s say you’ve got some kind of service you want to connect to through Tailscale. How do you make it accessible over your tailnet? It's easy for decision paralysis to set in here, so let's consolidate some of the possibilities in one place.

30 November 2024

"Rules" that terminal programs follow

WebVM is a full Linux environment running in the browser, client-side. It is a complete virtual machine, with support for persistent data storage, networking and, as of today’s release, Xorg and complete desktop environments.

In a previous post, I covered a method to automatically generate DNS zones from an embedded YAML list.
This wasn't the most useful on its own, only ensuring …

Deploying modern web apps – with all the provisions needed to be fast and secure while easily updateable – has become so hard that many developers don’t dare do it without a PaaS (platform-as-a-service). But that’s ridiculous. Nobody should have to pay orders of magnitude more for basic computing just to make deployment friendly and usable. That’s a job for open source, and Rails 8 is ready to solve it. So it’s with great pleasure that we are now ready with the final version of Rails 8.0, after a successful beta release and several release candidates!

Let's walk through a common scenario.

Sample Dashboard Designs to review first thing in the morning while drinking your Coffee or Energy Drink.

In this new version, we’ve added the “official” support for the newvSphere and vSAN 8.3 APIsand Veeam Backup & Replication v12.

You've been lied to. You don't need the cloud – you can just run servers and save 10x your AWS costs. It's not that difficult.

Bare metal to production ready in mins; imagine fly.io on your VPS
Sidekick is made to make your life easy as you deploy your applications. It’s meant for people who care about shipping as fast as possible while doing things the right way. Sidekick is designed to allow you to host multiple applications on a single VPS and take care of making them production ready. If you get enough traction, scale up your VPS and call it a day!

A rant about caring

transhumanist and high functioning loser; instantiated simulation, statically stuck in superposition, calculated computationally complex, technomancer at will

Hola,
Today I am going to share the improvements I have made to the Veeam Backup & Replication infrastructure diagramming tool. This tool uses Graphviz as the engine to draw the diagram and the PSGraph module to generate the code from PowerShell. Here is the link to the project on GitHub:
https://github.com/rebelinux/Veeam.Diagrammer In version 0.6.8 information about SureBackup was added to the infrastructure diagram. In particular, the ability to diagram Application Groups and Virtual Labs has been added.

Découvrons NATS de A à Y. Ensemble, nous développerons un projet à base de micro-services en Golang pour tester les particularités de NATS et fiabiliser les échanges entre nos applications.

Extension du lab à l ecosystème Xen via XCP-ng et Xen Orchestrator. Installation des solutions et principes de base

Ça fait un moment que j’utilise Github comme support OAuth2 pour m’authentifier sur des applications. Toutefois, je me suis toujours contenté de suivre une documentation sans réellement chercher à comprendre ce qu’il se passait sous mes yeux chaque fois que je voulais m’authentifier.
De ce fait, je me suis motivé à écrire cet article à propos du SSO. L’objectif est de découvrir les mécanismes disponibles pour gérer une grande quantité d’utilisateurs et leurs accès aux applications de l’infrastructure.

After having automated the downloading of bundles for an offline depot in my lab I got the idea of experimenting with hosting it using a containerized nginx instance.

In this post I will demonstrate how one can automate the downloading of VMware Cloud Foundation bundles with Ansible, for later use with the offline depot functionality, which promises to relieve laborious bundle uploads to SDDC Manager.

While I was testing the new Release 8.0.3 from Broadcom, I ran into a few problems getting my nested lab...

Last week I wanted to replace my OpenVPN setup with WireGuard. The basics were well-documented, going beyond the basics was a bit trickier. Let me teach you want I learned.
The basics But first, let’s summarize the basics. I have a server with a hosting provider that I want to use as a VPN server. I won’t delve into details here, since there are so many great explanations on the web already (here, here, here or here), let’s just make a quick summary of a simple setup, as a base for discussing the (slightly) more advanced usages I had to configure myself:

A guy decides to show off his Neovim setup.

Kubernetes doesn't load balance long-lived connections, and some Pods might receive more requests than others. If you're using HTTP/2, gRPC, RSockets, AMQP or any other long-lived connection such as a database connection, you might want to consider client-side load balancing.

Créer une infrastructure VPN hybride avec Headscale pour connecter des serveurs locaux et distants.

This is a rad tool for adding visual effects to the terminal. Having effects when running a command or launching a terminal is totally unnecessary... And a lot of fun.

Posted:2024-05-25

Smudge.ai is a Chrome extension that gives you ChatGPT-powered shortcuts in your right-click menu.

Découvrons ensemble comment utiliser le GPG pour sécuriser ses échanges (fichiers, mail, commits) et comment stocker ses clés sur une Yubikey pour plus de sécurité !

Golden images were supposed to simplify infrastructure, but many teams still build Linux systems like it's 2009. Let's do it differently.

Dans cet article, je vous donne une première définition de ce qu'est le GitOps et comment le mettre en place avec ArgoCD dans un environnement Kubernetes.

In my 2022 December rumination about vCF I delved into how a union between VMware Cloud Foundation and a credential storage solution could make for a powerful combination.

As someone familiar with VMware and vCenter, but coming reasonably fresh to Proxmox Virtual Edition (PVE) there are a number of important differences when …

After a homelab crash, the VCSA file-based backup isn't working anymore. In this post I'm describing how I was able to get the VMware Postgres Archiver service back into operating state by interfere with vCenters vPostgres instance.

Vault est un outil de gestion des secrets développé par Hashicorp. Il permet de stocker et de gérer ces derniers de manière sécurisée. Dans cet article, nous allons voir comment utiliser Vault pour gérer les secrets de vos applications.

J'utilise constamment des machines virtuelles pour tester des scripts, pour héberger des services, pour faire des tests de déploiement, etc. J'ai pour habitude d'utiliser Proxmox dans le cadre de mon lab, et Libvirt au travail.
Depuis peu, j'approfondis mes connaissances sur les clouds publiques comme AWS, GCP, Azure, etc. Et s'il y a bien une chose qui me fascine, c'est la vitesse à laquelle on peut créer une machine virtuelle.
Il m'arrive d'utiliser Cloud-Init pour automatiser la création de mes machines virtuelles ou Packer pour créer des templates de VM, mais nous parlons de quelques minutes (et non de secondes).
C'est en faisant mes recherches sur ce sujet que je suis tombé sur Firecracker, un projet open-source d'AWS qui permet de créer des microVMs en quelques millisecondes (oui oui, millisecondes). Alors, je veux pouvoir créer des machines virtuelles en quelques millisecondes, mais aussi pouvoir les détruire et les recréer à la volée. De ce fait, ces machines virtuelles pourront être utilisées pour des tests, pour des déploiements, pour des services, etc.

Découvrez la sélection de nos derniers travaux. Des projets Cyllene multiples regroupant de nombreux métiers afin de vous offrir une prestation sur-mesure.

Overview VMware recently released full support for Azure Active Directory (now called Entra ID) integration with vCenter with release 8.0 U2. Unfortunately, their documentation about integration had some major gaps, compelling us to write this guide. VMware’s documents initially recommended opening your vCenter server URL to the public (which you should NEVER do). They’ve since...

Sysadmin doing syadmin stuff

Instead of using sshpass to non-interactively provide an SSH password, here is a simpler approach by harnessing the built-in features of OpenSSH...

I want my services to be sturdy, cheap & easy to maintain. I want very few moving parts, and I treat the hardware as disposable and unreliable. Ansible allows me to achieve a lot at very little cost.

Mapping Pihole to Tailscale and enabling subnet routing has made accessing my homelab outside the house an absolute joy.

Terraform Associate est une certification officielle de HashiCorp. Celle-ci permet de valider vos connaissances sur Terraform via un examen en ligne. Je vous partage mon expérience dans cet article !

Consul Associate est une certification officielle de HashiCorp. Celle-ci permet de valider vos connaissances sur Consul via un examen en ligne. Je vous partage mon expérience dans cet article !

Recently I’ve been looking into setting up BGP EVPN between VMware NSX and VyOS router. I’m using VyOS quite a lot in labs and demos, often as the counterpart to a Tier-0 gateway, and w…

Consul est un outil permettant de gérer des micro-services, de la haute-disponibilité, mais aussi la sécurité et la communication entre les services. Cette page est condensé de ce que j'ai pu apprendre sur le sujet.

Five years of technical blogging followed by six months of active development resulted in an online learning-by-doing platform for DevOps, SRE, and Platform Engineers.

New talk: Learning DNS in 10 years

Everyone loves the Cluster API, but there are some cases where it's not the best solution. We chose not to build with it for several reasons.

Dagger.IO est un outil maintenu par Solomon Hykes, celui-ci permet de créer un CI local (ou distant) n'étant pas dépendant du Yaml ou d'un DSL

Exploring the balance between relying on AI assistance like ChatGPT and maintaining personal skills in a world of increasing AI capabilities.

Créer ses propres packages Debian n'est pas aussi compliqué qu'on peut le croire. Nous allons voir comment packager ses propres scripts/programmes de manière facile et efficace

Cert-Manager est un programme permettant de gérer les certificats (ainsi que leurs renouvellements) sur des clusters Kubernetes. Nous allons voir comment déployer Cert-Manager et générer nos premiers certificats

Ce guide vous explique comment configurer un serveur DNS et DHCP en utilisant DNSMASQ. Il couvre l'installation, la configuration du DHCP et du DNS, ainsi que la gestion des baux statiques.

Lorsque nous avons de nombreux serveurs, il convient d'automatiser chacun des déploiements que nous réalisons. Et lorsque la majorité sont sous Debian, ces déploiements peuvent prendre la forme de fichiers .deb. Nous verrons donc sur cette page comment créer notre propre dépôt Debian

A next-generation sharing platform built on top of OpenZiti, a programmable zero-trust network overlay.

Lorsqu'on multiplie les infrastructures (locales, distante etc..), avoir un VPN de Mesh permet de vous faciliter la vie. Nous allons donc installer et configurer Tinc

SSH port forwarding explained in a clean and visual way. How to use local and remote port forwarding. What sshd settings may need to be adjusted. How to memorize the right flags.

Learn all about network bonding in XCP-ng and some tricks to configure it.

This is my documentation of how I publish my notes from a private [[Obsidian]] vault to my

The need I went into some troubles when I wanted to implement NSXT rules. My aim was to keep the order of the rules as intended by the user when he wrote his data without asking him to enter a rule ID manually. If the order is kept then it’s easy to prioritize the rules according to their placement. With the NSX-T Terraform provider the rules are in the form below :

Thus far, this series of posts have all been about Layer 2 over Layer 3 models; the customer ethernet frames encapsulated in UDP, traversing L3 networks. The routing has been confined underlay, the customer traffic has stayed within the same network.

Whiletroubleshooting of a failed SDDC Manager deploy taskin Cloud Foundation 4.4 together with VMware support, the engineer showed a way to update the SDDC bring-up parameters. This can be very helpfu

A technical dive into traditional TCP proxying over HTTP

Traefik est un reverse-proxy qui se démarque des autres par son systeme de provider et de middleware. Il ne réinvente pas la roue, mais il est particulièrement efficace lorsque l'on a un grand nombre de redirections à paramétrer ou que nous avons des règles qui changent régulièrement.

Delivering consistent performance while maintaining data resiliency is a key tenet behind enterprise storage solutions. VMware vSAN is the industry leading distributed storage system built right into VMware vSphere, and is designed to offer the highest level of resiliency and performance, with the maximum amount of agility should hardware faults occur, or demands of the … Continued

In this blog post, I will help you with the set of steps needed to enable MinIO service on a “vSphere with Tanzu” Supervisor cluster. I will not explain about MinIO, feel free to read about MinIO o…

Best practices when adding a JSON output option to your command-line application.

Lorsqu'il s'agit d'initialiser une machine virtuelle dans une infrastructure VMWare vSphere, les systèmes Linux sont le parent pauvre....

Easily create a Proxmox Ubuntu cloud-init image for use with Terraform, Ansible, and other automation tools

Applying DevOps to networks.

Today I am going to introduce a new concept for Python developers: typeclasses.It is a concept behind our new dry-python library called classes.

Learn how to create a Kubernetes cluster on Azure, Amazon Web Services (AWS) and Google Cloud

Software-Defined Datacenters | NSX-T | NSX-ALB | VMware Cloud Foundation (VCF)

This tutorial details how to add social auth to a Flask application.

If you have ever tried to troubleshoot an NSX-v Management Appliance or Edge, you probably noticed that you are quite limited in the execution of your controls. That’s because in NSX-v you are standardly limited with most of the time only esxcli, even when you are logged in as admin.

To get past

Find the right requests and limits can be tricky. Instead of guessing, you could inspect the application at runtime and extrapolate the values.

Todays topic is VMware Cloud Director inter-tenant routing with a NSX-T backed provider VDCs (pVDC). The reason for writing this post is that some use-cases require routed connectivity between Org VDC

A post about a community function contribution to the open source project VMware Event Broker Appliance to notify you if a ESXi host failure occured.

Cheatsheet to a more maintainable configuration.

Archie is a Minimal and Clean theme for Hugo

Docker vous permet d’empaqueter facilement vos applications et services dans des conteneurs afin de pouvoir les utiliser partout. Cependant, lorsque vous tra…

Applying DevOps to networks.

In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!

This article contains several examples I could have used after reading up on the basics in Python. After I read the first chapters of Automate the Boring Stuff with Python and Learning Python, 5th Edition, I struggled to put the concepts I read about into practice. I understood the basic...

A rundown of seven common mistakes is system architecture diagrams and how to fix them

Troubleshooting in Kubernetes can be a daunting task. In this article you will learn how to diagnose issues in Pods, Services and Ingress.

If you work with computer networks sooner or later you will have to learn how to efficiently work with IP addresses and networks. As you probably guessed from the title of this post, we'll be learning how to create, modify and perform operations on IP objects using Python. Having to

Monitor CPU, GPU, and storage, clean junk files, check battery health, and keep your Mac fast with Sensei. Free download.

Using CAPV to deploy K8s clusters with vSphere CNS

Step by step guide for using cloud-init on vSphere

People tend to be visual: we use pictures to understand problems. Mainstream programming languages, on the other hand, operate in an almost completely different kind of abstract space, leaving a big g

Blog

Checkmk is a leading tool for Infrastructure and Application Monitoring. Simple configuration, scalable, flexible. Open Source and Enterprise.

Introduction Traditionally, Data Centers used lots of Layer 2 links that spanned entire racks, rows, cages, floors, for as far as the eye could see. These...

For ease of configuration, virtual guests are usually connected to a layer 2 network. However, hypervisors can be turned into layer 3 routers...

Linux IPsec implementation is usually policy-based. However, route-based VPNs with a pseudo-interface are also available.

Linux uses an LPC-trie for looking up routes. It provides good performance with low memory use even with millions of routes.

VXLAN is an overlay network for L2 traffic over an existing IP network. One deployment option is BGP EVPN.

Automation is an increasingly interesting topic in pretty much every technology discipline these days. There’s lots of talk about tooling, practices, skill set evolution, and more - but little conversation about fundamentals. What little is published by those actually practicing automation, usually takes the form of source code or technical whitepapers. While these are obviously valuable, they don’t usually cover some of the fundamental basics that could prove useful to the reader who wishes to perform similar things in their own organization, but may have different technical requirements.

In a recently published article, Paul Vixie, past author and architect of BIND, one of the most popular internet domain servers, explains why DNS...

tcpdump is the world's premier network analysis tool—combining both power and simplicity into a single command-line interface. This guide will show