Posts

Walking the Camino Frances

Reflections from the Way

In May 2025, I embarked on a journey I had been thinking about for quite some time: walking the Camino Frances or at least a part of it. From May 15th to May 25th 2025, I covered around 210 kilometers on foot, starting in Sarria and continuing all the way to Finisterre. My motivation? After a stressful year working as a DevOps engineer, I felt the need to disconnect, not just from screens, meetings, and alerts, but from the constant mental noise that comes with being always online. The Camino...

Configuration Format Comparison

Understand INI, XML, JSON, YAML, TOML & ENV

In modern software development and operations, configuration files are everywhere. From defining how an application behaves to provisioning entire infrastructures via code, they are essential for making systems predictable, reproducible, and automated. They enable idempotent** **deployments, allowing teams to define the desired state once and have automation tools enforce it reliably, across environments and over time. For DevOps engineers and Site Reliability Engineers (SREs), understanding...

From Observability to Action: Using Falco for Kubernetes Threat Detection

Learn how to integrate Falco into your cluster for real-time alerts, custom rules, and enhanced runtime security.

Modern cloud-native environments built on Kubernetes offer unprecedented flexibility and scalability, but with this power comes a new set of security challenges. Containers are ephemeral, workloads are dynamic, and threats can appear and disappear in seconds. In such an environment, traditional security approaches often fall short, especially when it comes to detecting and responding to runtime threats. While observability tools like Prometheus, Loki, and OpenTelemetry are essential for...

CIS Benchmark for Kubernetes

A kube-bench Approach

In today’s rapidly evolving IT landscape, ensuring the security and compliance of container orchestration platforms like Kubernetes is more critical than ever. The kube-bench tool, developed by Aqua Security, plays a pivotal role in this domain. It is an open-source utility designed to assess Kubernetes deployments against the CIS (Center for Internet Security) Benchmark for Kubernetes. This benchmark outlines a comprehensive set of security best practices that help organizations safeguard...

Hardening Kubernetes Nodes on Ubuntu

A CIS Benchmark Approach

Hardening a Kubernetes cluster begins at the node level. This guide explains how to secure Ubuntu-based Kubernetes nodes by applying the CIS (Center for Internet Security) Benchmark, which provides a detailed set of best practices for reducing vulnerabilities and strengthening your security posture. The CIS Benchmark outlines comprehensive security standards for various systems, including operating systems, applications, and network devices. Its recommendations help organizations adhere to...

Understanding the Components of Kubernetes

Understanding the Basics Part 2

Kubernetes is renowned for its ability to orchestrate containerized applications at scale. To fully appreciate how it works, it’s important to understand the key components that make up its architecture. In this article, we’ll dive into the core building blocks of Kubernetes, the Control Plane and the Worker Nodes, explaining their roles and how they work together to deliver a resilient, scalable system. The Kubernetes Control Plane The control plane acts as the “brain” of a Kubernetes cluster....

Introduction to Kubernetes

Understanding the Basics

Kubernetes has emerged as one of the leading platforms for managing containerized applications at scale. In this article, we’ll provide a high-level overview of Kubernetes, explore its core architecture and highlight how it compares to Docker or Nomad, setting the stage for deeper dives in future posts. What is Kubernetes? Kubernetes is an open-source container orchestration platform designed to automate the deployment, scaling, and management of containerized applications. It evolved from the...

Managing Multiple Tool Versions with asdf

A DevOps Essential

As a DevOps engineer, working across multiple projects often means juggling different versions of programming languages, infrastructure tools, and CLIs. Using system-wide installations can quickly lead to version conflicts. Enter asdf (Another Shell Development Framework), a powerful version manager that simplifies this process by managing multiple tool versions per project. In this article, we’ll cover: Why asdf is useful Installing asdf Managing Go and Terraform versions Automating asdf...

Configuring ArgoCD with Zitadel via Helm

Using External Secrets for OIDC

When integrating ArgoCD with an OpenID Connect (OIDC) provider like Zitadel, managing secrets securely is crucial. While the official documentation provides comprehensive guidance, this article focuses on a Helm-based setup where ArgoCD retrieves OIDC credentials from an external Kubernetes Secret. In this guide, we’ll configure ArgoCD’s OIDC integration with Zitadel via Helm, ensuring that client credentials are stored securely in a Kubernetes Secret rather than being embedded in...

Integrating Zitadel as an OIDC Provider in Grafana

Improve your Grafana authentication flow with Zitadel’s OpenID Connect integration

While securing my Grafana instance with Zitadel as an OpenID Connect (OIDC) provider, I encountered several challenges and gained valuable insights. Since documentation on this integration is limited, I’m sharing my step-by-step guide to help others set up Zitadel authentication for Grafana with ease. What is Grafana? Grafana is an open-source platform for monitoring and observability, widely used to visualize and analyze time-series data from various sources like Prometheus, InfluxDB, and...

The Ultimate Guide to WebAuthn & FIDO2

Securing Your Digital Life with YubiKey

In today’s digital world, security threats are everywhere. From password breaches to sophisticated phishing attacks, online accounts are constantly at risk. Despite the growing awareness of cybersecurity, many people still rely on weak or reused passwords, making them vulnerable to hacking attempts. Even two-factor authentication (2FA), a widely recommended security measure, isn’t always foolproof—especially when using SMS-based codes, which can be intercepted through SIM-swapping attacks. This...

Building and Running Multi-Arch Containers with Podman

A Guide to Docker Hub Integration

In today’s software ecosystem, containerization has become a cornerstone of modern development and deployment workflows. Tools like Docker and Podman have empowered developers to encapsulate applications and their dependencies into portable, lightweight containers. However, as we move toward a multi-architecture world—driven by the rise of ARM-based systems such as Raspberry Pi, Apple Silicon, and even ARM-based cloud instances—ensuring that your containers can run seamlessly across different...

Effortless Multi-Arch Docker Images with GoReleaser and GitHub Actions

Streamline Your CI/CD Pipeline for Multi-Platform Docker Image Builds

Releasing software can be a tedious process, especially when managing multiple architectures and platforms. GoReleaser is a powerful automation tool for Go projects that simplifies the build, release, and publishing steps, offering extensive customization. With GoReleaser, you can automate everything from compiling binaries and building Docker images to publishing releases with minimal configuration. In this post, I’ll walk you through how to leverage GoReleaser to build multi-architecture...

Migrate from Medium to Hugo

Own Your Blog, Own Your Style

Medium has long been a favorite platform for writers, bloggers and for me, offering a user-friendly interface and an audience-ready environment. But over time, its limitations can become apparent—limited customization, paywalls, and lack of true ownership over your content. That’s where Hugo comes in, a static site generator that empowers you to create a fully customized blog with your own domain, hosted wherever you choose. Migrating to Hugo means embracing the freedom of full control, but...

Create Your Personal Page Today

Host It for Free on GitHub Pages!

Hi there! If you work in IT, you should consider creating a personal webpage. A personal webpage can serve as a professional portfolio, a digital business card, or even a space to share your thoughts and projects. In this article, we’ll explore static site generators, tools that make it easy to create fast, secure, and scalable websites. There are countless static site generators to choose from, such as Jekyll, Docusaurus, Gatsby and Hugo. For simplicity and efficiency, we’ll focus on Hugo in...

Mastering GPG Keys

Securely Managing your Digital Identity with KDE Wallet

In the digital age, safeguarding your data and verifying your identity online are more critical than ever. GNU Privacy Guard (GPG) offers a robust solution for these needs through encryption and digital signing. This article explores the foundational concepts of GPG keys, their practical applications, and how to enhance their usability by securely storing passphrases in KDE Wallet. What Are GPG Keys? GPG, or GNU Privacy Guard, is an implementation of the OpenPGP standard, designed to provide...

Streamline Your SSH Workflow

With KDE Plasma’s Wallet and ksshaskpass

In the world of secure communication, SSH (Secure Shell) is a cornerstone technology, enabling encrypted connections to remote servers. For KDE Plasma users, managing SSH keys and agents can be both secure and seamless, thanks to powerful tools like ksshaskpass, KDE Wallet, and the built-in SSH agent. This article dives into the essentials of SSH management on KDE Plasma. Whether you’re new to SSH or looking to optimize your workflow, you’ll learn how to create SSH keys, understand the role of...

Remapping the Caps Lock key in macOS Big Sur

I’ve been using the Happy Hacking Keyboard (HHKB) for a few years now, and it’s been a game-changer. One of its standout features is replacing the Caps Lock key with a Control key, a small change that makes a huge difference for my workflow. The problem? Switching to my MacBook keyboard always felt jarring because the Control key wasn’t in the same place. But there’s good news: macOS lets you remap keys natively, and it’s super easy to do. Here’s how you can remap the Caps Lock key to Control...

Homebrew errors after upgrading to macOS 11.0 Big Sur

Hi there, After upgrading to macOS Big Sur, I encountered some errors while trying to use Homebrew. It turned out that I needed to reinstall the Command Line Tools (CLT) to get Homebrew working again. Here’s a quick walkthrough of the issue and how I resolved it. The Problem When running a brew upgrade command for ruby-build, I encountered the following warning and error: ❯ brew upgrade ruby-build --fetch-HEAD Updating Homebrew... ==> Auto-updated Homebrew! Updated 1 tap (homebrew/core)....

How to get the full resolution out of the Samsung CRG9

Hi there, After a long search for a way to run two widescreen monitors with my MacBook Pro, I finally found a setup that works. I struggled to figure it out using online guides, so I ended up buying several USB-C to HDMI adapters that didn’t solve the problem. Eventually, I discovered that a USB-C to DisplayPort adapter was the key. Here’s my current setup: I ordered the KabelDirekt USB-C to DisplayPort Adapter from Amazon and connected it to my Samsung CRG9 monitor. This allows the Samsung to...

How to run multiple Teams instances on Mac

Today we take a look at a solution, how to open 2 teams instances on the Mac simultaneously. I have been looking for a solution that would allow me to do this for a long time, because I have to be active in 2 teams in 2 instances for professional reasons. So it’s that simple, we installed the native teams app and use it as our first instance, if we want to run a second teams app, we can simply install the Microsoft Edge Browser from the APP store and go to https://teams.microsoft.com/, there we...

Problems with git commit autosigning on mac

If you’ve enabled GPG signing for Git commits on macOS, you might occasionally encounter this frustrating error message: ❯ git commit -m 'Test' error: gpg failed to sign the data fatal: failed to write commit object This happens when the GPG agent gets stuck or isn’t properly configured. Here’s how to fix it. Quik fix If you need a quick solution, you can restart the GPG agent using the following command: pkill -9 gpg-agent && export GPG_TTY=$(tty) This will...

How to Gitconfig

A practical Guide to managing multiple git Users

When working with Git, having an organized and efficient configuration can make a world of difference. Over the past few days, I’ve been diving deep into my .gitconfig, tweaking it to suit both my personal and professional needs. In this article, I’ll walk you through the steps I took to set up a clean and flexible Git configuration, including managing multiple users, enabling GPG signing, and using a global .gitignore for a smoother development experience. Whether you’re just starting...