Kubernetes

Live Status 🟢 View Live Status Page → Real-time health monitoring for the Nuclear Lighters multi-site infrastructure. Overview A public status page monitoring 31 endpoints across the entire homelab infrastructure, deployed on Kubernetes with enterprise-grade practices. Monitored Services Group Services 🇳🇱 Netherlands K8s ArgoCD, Grafana, Prometheus, Thanos, Hubble, K8s Dashboard, Goldpinger, SeaweedFS, AWX, Velero 🇬🇷 Greece K8s ArgoCD, Grafana, Prometheus, Thanos, Hubble, K8s Dashboard, Goldpinger, SeaweedFS 🔧 DevOps GitLab (NL/GR), Atlantis (NL/GR) 🌐 Shared Services Nextcloud, Home Assistant 🔗 External Internet connectivity checks Technical Stack Gatus - Lightweight status page with SQLite persistence Kubernetes - Deployed via OpenTofu/Atlantis GitOps Cilium - Network policies for security cert-manager - Automatic TLS certificates Prometheus - Metrics via ServiceMonitor Architecture Highlights Pod Security Standards: Restricted mode with read-only root filesystem Resource Management: CPU/memory limits enforced Network Isolation: CiliumNetworkPolicy restricting ingress/egress High Availability: Persistent storage on Synology iSCSI GitOps: Full infrastructure-as-code via Atlantis Source Managed as part of the Infrastructure Repository using OpenTofu modules. ...

Designing and building a hybrid Kubernetes cluster spanning four European countries (Netherlands, Switzerland, Norway, Greece) with BGP anycast routing for global traffic distribution and automated failover. Overview Aspect Details Countries Netherlands, Switzerland, Norway, Greece Architecture Hybrid (on-premises + cloud VPS) Routing BGP anycast with personal ASN IPv6 /48 prefix via RIPE LIR Nodes 8 control plane, 12 workers Key Technical Components BGP & Networking Personal ASN registration via RIPE LIR with /48 IPv6 prefix eBGP peering with two upstream transit providers for anycast redundancy iBGP mesh over IPsec/WireGuard tunnels using Cilium BGP control plane NAT64 edge translation enabling IPv6 ingress to IPv4 core infrastructure Site Connectivity Full mesh encrypted tunnels between on-premises (Cisco ASA) and cloud sites (strongSwan) Geo-distributed edge nodes for latency optimization and DDoS resilience IPsec tunnels with automatic failover Kubernetes Platform Cilium CNI with eBPF dataplane BGP control plane for LoadBalancer services Cross-cluster service mesh via Cilium Cluster Mesh Architecture ┌─────────────────────────────────┐ │ IPv6 Anycast Traffic │ │ (Personal ASN + /48) │ └───────────────┬─────────────────┘ │ ┌───────────────┴───────────────┐ │ Transit Providers │ │ (eBGP - Redundant Path) │ └───────────────┬───────────────┘ │ ┌────────────────┬───────────────┼───────────────┬────────────────┐ │ │ │ │ │ ▼ ▼ │ ▼ ▼ ┌───────────────┐ ┌───────────────┐ │ ┌───────────────┐ ┌───────────────┐ │ Switzerland │ │ Norway │ │ │ Netherlands │ │ Greece │ │ (iFog VPS) │ │(Gigahost VPS) │ │ │ (On-Prem) │ │ (On-Prem) │ │ strongSwan │ │ strongSwan │ │ │ Cisco ASA │ │ Cisco ASA │ │ NAT64+eBGP │ │ NAT64+eBGP │ │ │ 5508-X │ │ 5508-X │ └───────┬───────┘ └───────┬───────┘ │ └───────┬───────┘ └───────┬───────┘ │ │ │ │ │ │ │ │ │ │ └─────────────────┴──────────────┴──────────────┴─────────────────┘ │ ┌────────────────────┴────────────────────┐ │ IPsec Full Mesh (All 4 Sites) │ │ CH ←→ NO ←→ NL ←→ GR ←→ CH ←→ NL... │ └────────────────────┬────────────────────┘ │ ┌──────────────────────────┴──────────────────────────┐ │ │ ▼ ▼ ┌─────────────────────────────────┐ ┌─────────────────────────────────┐ │ Netherlands (NL) │ │ Greece (GR) │ │ nllei01k8s │ │ grskg01k8s │ │ ┌───────────────────────────┐ │ │ ┌───────────────────────────┐ │ │ │ 3x Control Plane (HA) │ │ │ │ 3x Control Plane (HA) │ │ │ │ 4x Worker Nodes │ │ │ │ 4x Worker Nodes │ │ │ │ Cilium CNI + iBGP │ │ │ │ Cilium CNI + iBGP │ │ │ │ Proxmox VE │ │ │ │ Proxmox VE │ │ │ └───────────────────────────┘ │ │ └───────────────────────────┘ │ │ PRIMARY SITE │◄───────►│ DR/HA SITE │ │ 192.168.85.0/24 │ Cluster │ 192.168.58.0/24 │ └─────────────────────────────────┘ Mesh └─────────────────────────────────┘ Technology Stack Networking BGP: Personal ASN with /48 IPv6 prefix Transit: Dual upstream providers for redundancy Tunneling: IPsec (Cisco ASA) + strongSwan (cloud) Edge: NAT64 for IPv6→IPv4 translation Kubernetes Version: v1.34.2 CNI: Cilium with eBPF dataplane Mesh: Cilium Cluster Mesh for cross-site connectivity Ingress: NGINX with BGP-advertised VIPs Infrastructure On-premises: Proxmox VE, Cisco ASA 5508-X Cloud: iFog (Switzerland), Gigahost (Norway) Storage: SeaweedFS with cross-site replication Skills Demonstrated BGP (Border Gateway Protocol) IPv6 networking and transition technologies IPsec VPN architecture Network engineering and architecture Kubernetes cluster administration Cilium CNI and eBPF Cisco networking Linux system administration High availability clustering Project Status This project combines enterprise networking concepts (BGP, IPsec, dual-stack transition) with modern cloud-native infrastructure (Kubernetes, Cilium, GitOps) in a production homelab environment. ...

Comprehensive GitOps-driven homelab managing network devices, virtualization, Kubernetes, Docker services, and backup systems through GitLab CI/CD, Atlantis, and Argo CD. Key Accomplishments Hybrid GitOps Architecture Enterprise two-tier model separating platform infrastructure (Atlantis/OpenTofu) from application workloads (Argo CD) with PR-based workflows and auto-sync. Kubernetes Platform 7-node HA cluster (v1.34.2) with Cilium CNI eBPF networking with kube-proxy replacement BGP peering with Cisco ASA for LoadBalancer services Dual storage: NFS (RWX) + Synology iSCSI CSI (RWO) Security & Service Mesh Cilium mTLS with SPIRE for mutual TLS authentication Zero-trust network policies External Secrets Operator syncing credentials from OpenBao to K8s TLS Automation cert-manager with Let’s Encrypt wildcards via Cloudflare DNS-01 AWX scheduled jobs sync certs to Nginx Proxy Manager (94 hosts) Syncthing replication for certificate distribution Observability Stack Prometheus/Grafana/Alertmanager for metrics and alerting Centralized logging: syslog-ng → Loki → Grafana Hubble for L7 flow visualization and network debugging Disaster Recovery Velero + MinIO S3 with automated daily/weekly backups Cross-site replication to Greece DR cluster Docker Fleet 60+ services including GPU AI workloads (Ollama, Stable Diffusion) Media servers, databases, home automation Network Automation Python CI/CD for Cisco IOS/ASA configuration Drift detection and auto-reconciliation Virtualization Proxmox VE with 100+ LXC containers, 20+ VMs All managed as code through GitLab pipelines Architecture Overview ┌─────────────────────────────────────────────────────────────────┐ │ GitLab CI/CD │ │ ┌──────────────────┐ ┌──────────────────┐ │ │ │ Atlantis │ │ ArgoCD │ │ │ │ (Platform IaC) │ │ (Applications) │ │ │ └────────┬─────────┘ └────────┬─────────┘ │ └───────────┼────────────────────────────┼────────────────────────┘ │ │ ▼ ▼ ┌───────────────────────┐ ┌───────────────────────┐ │ Infrastructure │ │ Workloads │ │ - Kubernetes nodes │ │ - Applications │ │ - Network configs │ │ - Services │ │ - Storage │ │ - ConfigMaps │ │ - Secrets │ │ - Ingress │ └───────────────────────┘ └───────────────────────┘ │ │ └──────────────┬─────────────┘ ▼ ┌─────────────────────────────────────────────────────────────────┐ │ Kubernetes Cluster │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Cilium CNI │ │ SPIRE │ │ OpenBao │ │ │ │ + Hubble │ │ mTLS │ │ Secrets │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ │ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ │ │ Prometheus │ │ Loki │ │ Velero │ │ │ │ + Grafana │ │ Logging │ │ Backups │ │ │ └─────────────┘ └─────────────┘ └─────────────┘ │ └─────────────────────────────────────────────────────────────────┘ Technology Stack Category Technologies GitOps GitLab CI/CD, Atlantis, Argo CD IaC OpenTofu/Terraform, Helm Kubernetes v1.34.2, Cilium CNI, SPIRE Secrets OpenBao, External Secrets Operator Monitoring Prometheus, Grafana, Alertmanager, Loki Network Hubble, BGP, Cisco IOS/ASA Backup Velero, MinIO S3 Automation AWX, Python Virtualization Proxmox VE, Docker Skills Demonstrated GitLab CI/CD pipeline design Infrastructure as Code (Terraform/OpenTofu) Argo CD application management Kubernetes cluster administration Docker containerization Helm chart management Prometheus/Grafana observability DevOps/GitOps practices Proxmox virtualization Python automation Cisco networking Linux system administration Core infrastructure for the Nuclear Lighters homelab ...

This portfolio site demonstrates enterprise-grade deployment practices applied to a personal website. Built with Hugo and automatically deployed to two Kubernetes clusters across different countries with content replication. Overview Aspect Details Framework Hugo with PaperMod theme CI/CD GitLab CI/CD (4-stage pipeline) Storage SeaweedFS S3 with cross-site replication Secrets OpenBao with JWT authentication Clusters Netherlands (primary) + Greece (DR) Deployment Fully automatic on git push Architecture The site follows a GitOps workflow where any push to the main branch triggers a complete build and deployment cycle across both geographic locations. ...

The restlessness I had a perfectly stable single-site Kubernetes cluster in the Netherlands. It worked, it was reliable, and by any reasonable measure, it was enough. But I have learned over the years that when things become too stable, too predictable, I start looking for the next challenge; this pattern has followed me throughout my career, moving on whenever circumstances headed toward a stale that was beyond my control to influence. ...