Siper is a high-performance, XDP-based IP blacklist firewall built with Go and C (eBPF). It allows you to drop malicious traffic at the earliest possible stage in the Linux networking stack—the network driver level. By leveraging XDP (Express Data Path), Siper processes packets before they even reach the kernel's heavy networking subsystem, providing extreme performance even under heavy DDoS conditions.

Since 2023, AWS CSI drivers can be misused to bypass node isolation in multi-tenant clusters.

Understanding CoreDNS, Forwarders, ndots, and Name Resolution Flow

Continuously reconcile CRDs in the cluster with template validation before apply.

A lightweight tool for deploying and managing containerised applications across a network of Docker hosts. Bridging the gap between Docker and Kubernetes

Lightweight Dockerfile linter that helps you write better Dockerfiles. Get instant feedback with quality scores, security checks, and 60+ best practice rules.

Kaniop is a Kubernetes operator for managing Kanidm.

Kanidm is a modern, secure identity management system that provides authentication and authorization services with support for POSIX accounts, OAuth2, and more.

Kured (KUbernetes REboot Daemon) is a Kubernetes daemonset that performs safe automatic node reboots when the need to do so is indicated by the package management system of the underlying OS.

A Kubernetes CSI (Container Storage Interface) driver for TrueNAS Scale 25.10+.

witr helps inspect why processes are running by PID, name, or port with a terminal UI.

A practical guide to Git control files like .gitignore and .gitmessage and how they affect behavior.

Terraform has been my bread and butter for the past few years as the tool for Infrastructure as Code. I’ve dealt with a variety of patterns while working with Terraform, and noticed one pattern that is rarely discussed, but super useful. Feature flags are a way to write code that can behave differently based on how we configure things, and is as old as writing code for computers. It gives the author of the code flexibility to have different implementations, safely migrate systems from one approach or capability to a new one and choose behaviour based on the target context. Mature codebases find tooling or affordances that give them the ability to evolve and adapt, and feature flags are one pattern to achieve that. However, the public internet has very few examples about how to achieve this for Infrastructure as Code tools, including Terraform.

Shows how to enforce and observe Kubernetes egress traffic with Squid plus NetworkPolicy without adding a service mesh.

Scout24 used an Amazon Linux 2 migration window to adopt Karpenter and cut EKS node count by about 30%.

Explains reactive metric-based scaling versus scheduled scaling and where each approach fits.